No sound on computer

gypsylee · 28-03-2009 4:25pm #1

Hi guys, I have no sound on my computer since I got rid of IE after runtime error. I downloaded HijackThis and below is the log. Could someone please have a look at this and perhaps let me know what the problem is and how I can fix it. Thanks a lot.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:11:46, on 27/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\svchost.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcDFaDWeHPPJB6wbYlWMpo4MSYbEY3acKIYf9dwELwwkRptd2CMsrLuJcBPV0jhVq7av+3zuyTmyjFJrlY5B8EXTiHUjPXGn7UaioQWD5KJMjY=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILEOi+UdWpSlz2q9Dzn13Emww/YwX5bEaI0bVldD5C0hTEFUcVDNSrJZangKayWSJPd8JJsc2R8N73ElnnV2g//5lKvWLV2P+7kZKrJbLHb8ybrAihGIKaR/Ubb3cpizKfdXtio=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.254/
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - C:\Program Files\Starware316\bin\Starware316.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: (no name) - {CDE8EAB9-CEF3-4885-B12F-26960A25C800} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O2 - BHO: Starware - {F7C7AA47-BCA6-451D-8DBC-C10A8F75C8C7} - C:\Program Files\Starware\bin\Starware.dll
O3 - Toolbar: Starware316 - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware316\bin\Starware316.dll
O3 - Toolbar: Starware - {9839B3B7-3F99-4498-884D-6CFCCD251AB1} - C:\Program Files\Starware\bin\Starware.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe
O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Access\imsmain.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1120616011-2897995549-1849173236-1010\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'KEVIN')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Exif Launcher S.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm147YYIE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
O22 - SharedTaskScheduler: farrandly - {8aa7a4d2-73c7-4fca-bef7-7923e38a3b1c} - C:\WINDOWS\system32\tczij.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe

--
End of file - 8954 bytes

ActorSeeksJob · 28-03-2009 7:00pm

hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.

Please download SmitfraudFix (by S!Ri) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

1. Please download Brute Force Uninstaller to your desktop.

Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C:) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

2. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target/Link As") in order to download MyWebSearch and FunWebProduct Remover .
Save it in the same folder you made earlier (on your desktop).

3. Then, please go to Start > My Computer and navigate to the BFU folder.

Start the Brute Force Uninstaller by doubleclicking BFU.exe
Behind the scriptline to execute field click the folder icon and select MyWebSearch.bfu
Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.

gypsylee · 29-03-2009 4:41pm

Thanks for that. Below is the log which I got. Hope I did everything right. Any help would be appreciated.

BFU v1.12.0
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 17:30:36, on 29/03/2009

Option Unload Explorer: Yes
Option Delete files to Recycle Bin: Yes
Success: ProcessKillByPID 1288
Success: ProcessKill C:\WINDOWS\explorer.exe|1
Warning: The following line has unexpanded aliases and will be skipped: OptionUnloadShell

ProcessKill \MWSOEMON.EXE|1
ProcessKill \MWSSETUP.EXE|1
ProcessKill \MWSSRCSP.EXE|1
ProcessKill \TeaTimer.exe|1
ProcessKill \sgmain.exe|1
ProcessKill \SGBHP.EXE|1
ProcessKill \WINPATROL.EXE|1
ProcessKill \AAWService.exe|1
ProcessKill \AAWTray.exe|1
ProcessKill \MSASCui.exe|1
ProcessKill \pctsTray.exe|1
ProcessKill \pctsAuxs.exe|1
ProcessKill \pctsSvc.exe|1
ProcessKill \mbamgui.exe|1
ProcessKill \mbamservice.exe|1
ProcessKill \mbam.exe|1
ProcessKill \SUPERAntiSpyware.exe|1

# Services to be deleted

ServiceStop MyWebSearchService
ServiceDelete MyWebSearchService

# Unregister Dlls

DllUnregister \ebkp.dll|1
DllUnregister \mwsbar.dll|1
DllUnregister \toolbar.dll|1
DllUnregister \s4ezsetp.dll|1
DllUnregister \pagerevisor.dll|1
DllUnregister \mybar.dll|1
DllUnregister \mysrchas.dll|1
DllUnregister \npmysrch.dll|1
DllUnregister \s4bar.dll|1
DllUnregister \s4plugin.dll|1
DllUnregister \s4popswt.dll|1
DllUnregister \s4ezsetp.dll|1
DllUnregister \msimg32.dll|1
DllUnregister \f3brovly.dll|1
DllUnregister %PROGRAM_FILES%\wingames\iehelper.dll|1
DllUnregister %PROGRAM_FILES%\wingames\iehelper.dll|1
DllUnregister %PROGRAM_FILES%\mozilla firefox\plugins\NPMyWebS.dll
DllUnregister %PROGRAM_FILES%\MSN Messenger\msimg32.dll
DllUnregister %PROGRAM_FILES%\MSN Messenger\riched20.dll
DllUnregister %PROGRAM_FILES%\Internet Explorer\msimg32.dll

# Files and folders to be deleted

FolderDelete C:\Documents and Settings\EMMA\Application Data\FunWebProducts
FileDelete C:\WINDOWS\system32\f3PSSavr.scr
FileDelete C:\Program Files\Uninstall Fun Web Products.dll
FileDelete C:\Program Files\Internet Explorer\msimg32.dll
FolderDelete C:\Program Files\MyWebSearch
FolderDelete C:\Program Files\MYWEBS~1
FileDelete \f3PSSavr.scr
FolderDelete C:\Program Files\toolbar
FileDelete \9bb71.exe
FileDelete \ebkp.dll
FileDelete \m3slsrch.exe
FileDelete \m3srchmn.exe
FileDelete \mgssetp.exe
FileDelete \mwsbar.dll
FileDelete \soref_rgbndl.exe
FileDelete \toolbar.dll
FolderDelete C:\Program Files\MySearch
FileDelete \s4ezsetp.dll
FileDelete \pagerevisor.dll
FileDelete \mybar.dll
FileDelete \adinstalle.exe
FileDelete \aj[1].exe
FileDelete \files.ini
FileDelete \mybar.dll
FileDelete \mysearchpluginproxy.class
FileDelete \mysrchas.dll
FileDelete \npmysrch.dll
FileDelete \pagerevisor.dll
FileDelete \partner.dat
FileDelete \s42ns.exe
FileDelete \s4bar.dll
FileDelete \s4ezsetp.dll
FileDelete \s4plugin.dll
FileDelete \s4popswt.dll
FileDelete \s4sept.exe
FileDelete \soproc.exe
FileDelete \vt.adware.toolbar.myway.f-f62d8517208d03dc2e890fc97c0122e7.exe
FileDelete \s4ezsetp.dll
FileDelete \pagerevisor.dll
FileDelete \mybar.dll
FileDelete \aj[1].exe
FileDelete \adinstalle.exe
FileDelete \vt.adware.toolbar.myway.f-f62d8517208d03dc2e890fc97c0122e7.exe
FileDelete \soproc.exe
FileDelete \s4sept.exe
FileDelete \S4PLUGIN.DLL
FileDelete \S4BAR.DLL
FileDelete \S4EZSETP.DLL
FileDelete \NPMYSRCH.DLL
FolderDelete C:\Program Files\FunWebProducts
FileDelete \f3brovly.dll
FileDelete %PROGRAM_FILES%\wingames\iehelper.dll
FileDelete %PROGRAM_FILES%\wingames\wingames.dll
FileDelete %PROGRAM_FILES%\mozilla firefox\plugins\NPMyWebS.dll
FileDelete %PROGRAM_FILES%\MSN Messenger\msimg32.dll
FileDelete %PROGRAM_FILES%\MSN Messenger\riched20.dll
FileDelete %PROGRAM_FILES%\Internet Explorer\msimg32.dll

# Registry keys to be deleted

RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.DataControl.1
RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.DataControl
RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler.1
RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler
RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar.1
RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar
RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.1
RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.2
RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu
RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManager.1
RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManager
RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManager.1
RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManager
RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton.1
RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton
RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl.1
RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl
RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.ShellViewControl.1
RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.ShellViewControl
RegDeleteKey HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel.1
RegDeleteKey HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel
RegDeleteKey HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin.1
RegDeleteKey HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin
RegDeleteKey HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin.1
RegDeleteKey HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin
RegDeleteKey HKLM\SOFTWARE\FocusInteractive
RegDeleteKey HKLM\SOFTWARE\Fun Web Products
RegDeleteKey HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin
RegDeleteKey HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall
RegDeleteKey HKLM\SOFTWARE\MyWebSearch
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService
RegDeleteKey HKLM\SOFTWARE\MySearch
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\sources\f3PopularScreensavers
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall
RegDeleteKey HKLM\software\microsoft\code store database\distribution units\{58f0b492-a42e-435a-bcbf-c6b2608077ba}\contains
RegDeleteKey HKLM\software\microsoft\internet explorer\toolbar {014da6c9-189f-421a-88cd-07cfe51cff10}
RegDeleteKey HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{014da6c1-189f-421a-88cd-07cfe51cff10}
RegDeleteKey HKLM\software\microsoft\windows\currentversion\uninstall\my search uninstall
RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}
RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A}
RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{2EFF3CF7-99C1-4c29-BC2B-68E057E22340}
RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}
RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}
RegDeleteKey HKCR\MyWebSearchToolBar.ToolbarPlugin.1
RegDeleteKey HKCR\MyWebSearchToolBar.ToolbarPlugin
RegDeleteKey HKCR\clsid\{014da6ca-189f-421a-88cd-07cfe51cff10}
RegDeleteKey HKCR\clsid\{014da6cc-189f-421a-88cd-07cfe51cff10}
RegDeleteKey HKCR\clsid\{014da6c0-189f-421a-88cd-07cfe51cff10}
RegDeleteKey HKCR\clsid\{85204a50-6997-4543-9ff8-d9bbcb9108f5}
RegDeleteKey HKCR\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}
RegDeleteKey HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
RegDeleteKey HKCR\clsid\{014da6c1-189f-421a-88cd-07cfe51cff10}
RegDeleteKey HKCR\clsid\{014da6c5-189f-421a-88cd-07cfe51cff10}
RegDeleteKey HKCR\clsid\{014da6c7-189f-421a-88cd-07cfe51cff10}
RegDeleteKey HKCR\clsid\{014da6cb-189f-421a-88cd-07cfe51cff10}
RegDeleteKey HKCR\clsid\{014da6ce-189f-421a-88cd-07cfe51cff10}
RegDeleteKey HKCR\clsid\{04079856-5845-4dea-848c-3ecd647aa554}
RegDeleteKey HKCR\clsid\{2cb71122-a917-44c1-ad6c-0573fb63803e}
RegDeleteKey HKCR\clsid\{fac94900-96d9-47fa-ba33-7ef1bbfbbcec}
RegDeleteKey HKCR\interface\{014da6ca-189f-421a-88cd-07cfe51cff10}
RegDeleteKey HKCR\interface\{014da6cc-189f-421a-88cd-07cfe51cff10}
RegDeleteKey HKCR\mysearch.popswatterbarbutton
RegDeleteKey HKCR\mysearch.popswatterbarbutton.1
RegDeleteKey HKCR\mysearch.popswatterbarbutton.1\clsid
RegDeleteKey HKCR\mysearch.popswatterbarbutton\clsid
RegDeleteKey HKCR\mysearch.popswatterbarbutton\curver
RegDeleteKey HKCR\mysearch.popswattersettingscontrol
RegDeleteKey HKCR\mysearch.popswattersettingscontrol.1
RegDeleteKey HKCR\mysearchtoolbar.netscapeshutdown
RegDeleteKey HKCR\mysearchtoolbar.netscapeshutdown.1
RegDeleteKey HKCR\mysearchtoolbar.netscapestartup
RegDeleteKey HKCR\mysearchtoolbar.netscapestartup.1
RegDeleteKey HKCR\mysearchtoolbar.netscapestartup\curver
RegDeleteKey HKCR\mysearchtoolbar.settingsplugin
RegDeleteKey HKCR\mysearchtoolbar.settingsplugin.1
RegDeleteKey HKCR\mysearchtoolbar.settingsplugin\clsid
RegDeleteKey HKCR\typelib\{014da6c0-189f-421a-88cd-07cfe51cff10}
RegDeleteKey HKCR\typelib\{85204a50-6997-4543-9ff8-d9bbcb9108f5}
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|MyWebSearch Email Plugin
RegDeleteKey HKCU\software\microsoft\internet explorer\menuext\web rebates.
RegDeleteKey HKCU\software\microsoft\internet explorer\new windows\allow www.mysearch.com
RegDeleteKey HKCU\software\microsoft\internet explorer\toolbar\webbrowser {014da6c9-189f-421a-88cd-07cfe51cff10}
RegDeleteKey HKCU\software\microsoft\internet explorer\urlsearchhooks {04079856-5845-4dea-848c-3ecd647aa554}
RegDeleteKey HKCU\software\microsoft\windows\currentversion\ext\stats\{014da6c1-189f-421a-88cd-07cfe51cff10}
RegDeleteKey HKCU\software\microsoft\windows\currentversion\ext\stats\{58f0b492-a42e-435a-bcbf-c6b2608077ba}
RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|My Web Search Bar
RegDeleteKey HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
RegDeleteKey HKCR\FunWebProducts.DataControl.1
RegDeleteKey HKCR\FunWebProducts.DataControl
RegDeleteKey HKCR\FunWebProducts.HistoryKillerScheduler.1
RegDeleteKey HKCR\FunWebProducts.HistoryKillerScheduler
RegDeleteKey HKCR\FunWebProducts.HistorySwatterControlBar.1
RegDeleteKey HKCR\FunWebProducts.HistorySwatterControlBar
RegDeleteKey HKCR\FunWebProducts.HTMLMenu.1
RegDeleteKey HKCR\FunWebProducts.HTMLMenu
RegDeleteKey HKCR\FunWebProducts.HTMLMenu.2
RegDeleteKey HKCR\FunWebProducts.IECookiesManager.1
RegDeleteKey HKCR\FunWebProducts.IECookiesManager
RegDeleteKey HKCR\FunWebProducts.KillerObjManager.1
RegDeleteKey HKCR\FunWebProducts.KillerObjManager
RegDeleteKey HKCR\FunWebProducts.KillerObjManager
RegDeleteKey HKCR\FunWebProducts.PopSwatterBarButton.1
RegDeleteKey HKCR\FunWebProducts.PopSwatterBarButton
RegDeleteKey HKCR\FunWebProducts.PopSwatterSettingsControl.1
RegDeleteKey HKCR\FunWebProducts.PopSwatterSettingsControl
RegDeleteKey HKCR\FunWebProducts.ShellViewControl.1
RegDeleteKey HKCR\FunWebProducts.ShellViewControl
RegDeleteKey HKCR\ScreenSaverControl.ScreenSaverInstaller.1
RegDeleteKey HKCR\ScreenSaverControl.ScreenSaverInstaller
RegDeleteKey HKLM\SOFTWARE\Fun Web Products
RegDeleteKey HKLM\SOFTWARE\FunWebProducts
RegSetStringValue HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.dat|ReplaceApps|*.*
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.dat|Permissions|00000001
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.dat|Runtime|00000007
RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MyWebSearch Email Plugin
RegDelValue HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00A6FAF6-072E-44cf-8957-5838F569A31D}
RegDeleteKey HKCR\Interface\{2763e333-b168-41a0-a112-d35f96f410c0}
RegDeleteKey HKCR\clsid\{2763e333-b168-41a0-a112-d35f96f410c0}
RegDeleteKey HKCR\MIME\Database\Content Type\application/x-f3embed
RegDeleteKey HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
RegDeleteKey HKCU\SOFTWARE\MyWebSearch
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts

# Heuristics

FileMoveIfContainsText \MyWeb*.exe
FileMoveIfContainsText \FunWeb*.exe
FileMoveIfContainsText \MyWeb*.dll
FileMoveIfContainsText \FunWeb*.dll

# Miscellaneous

OptionUseRecycleBin
SystemEmptyInternetCache
SystemEmptyTempFolder
SystemEmptyRecycleBin
OptionOnDeleteFailUseReboot
OptionSaveLog C:\Documents and Settings\EMMA\Desktop\BFUlog.txt
SystemRestartIfNeeded
Success: ProcessKillByPID 540
Success: ProcessKill \MWSOEMON.EXE|1
Failed: ServiceStop MyWebSearchService (service not found)
Failed: ServiceDelete MyWebSearchService (service not found)
Failed: DllUnregister \ebkp.dll|1 (file not found)
Failed: DllUnregister \mwsbar.dll|1 (file not found)
Failed: DllUnregister \toolbar.dll|1 (file not found)
Failed: DllUnregister \s4ezsetp.dll|1 (file not found)
Failed: DllUnregister \pagerevisor.dll|1 (file not found)
Failed: DllUnregister \mybar.dll|1 (file not found)
Failed: DllUnregister \mysrchas.dll|1 (file not found)
Failed: DllUnregister \npmysrch.dll|1 (file not found)
Failed: DllUnregister \s4bar.dll|1 (file not found)
Failed: DllUnregister \s4plugin.dll|1 (file not found)
Failed: DllUnregister \s4popswt.dll|1 (file not found)
Failed: DllUnregister \s4ezsetp.dll|1 (file not found)
Failed: DllUnregister \msimg32.dll|1 (file not found)
Failed: DllUnregister \f3brovly.dll|1 (file not found)
Success: FolderDelete C:\Documents and Settings\EMMA\Application Data\FunWebProducts
Success: FileDelete C:\WINDOWS\system32\f3PSSavr.scr
Success: FileDelete C:\Program Files\Internet Explorer\msimg32.dll
Failed: FolderDelete C:\Program Files\MyWebSearch (operation failed)
Failed: FolderDelete C:\Program Files\MYWEBS~1 (operation failed)
Failed: FolderDelete C:\Program Files\toolbar (folder not found)
Failed: FolderDelete C:\Program Files\MySearch (folder not found)
Success: FolderDelete C:\Program Files\FunWebProducts
Success: RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.DataControl.1
Success: RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.DataControl
Success: RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler.1
Success: RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler
Success: RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar.1
Success: RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar
Success: RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.1
Success: RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.2
Success: RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu
Success: RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManager.1
Success: RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManager
Success: RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManager.1
Success: RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManager
Success: RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton.1
Success: RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton
Success: RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl.1
Success: RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl
Success: RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.ShellViewControl.1
Success: RegDeleteKey HKLM\SOFTWARE\Classes\FunWebProducts.ShellViewControl
Success: RegDeleteKey HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel.1
Success: RegDeleteKey HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel
Success: RegDeleteKey HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin.1
Success: RegDeleteKey HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin
Success: RegDeleteKey HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin.1
Success: RegDeleteKey HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin
Success: RegDeleteKey HKLM\SOFTWARE\FocusInteractive
Success: RegDeleteKey HKLM\SOFTWARE\Fun Web Products
Success: RegDeleteKey HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin
Success: RegDeleteKey HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin
Success: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
Success: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Success: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall
Success: RegDeleteKey HKLM\SOFTWARE\MyWebSearch
Failed: RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\MySearch (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\sources\f3PopularScreensavers (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (key does not exist)
Failed: RegDeleteKey HKLM\software\microsoft\code store database\distribution units\{58f0b492-a42e-435a-bcbf-c6b2608077ba}\contains (key does not exist)
Failed: RegDeleteKey HKLM\software\microsoft\internet explorer\toolbar {014da6c9-189f-421a-88cd-07cfe51cff10} (key does not exist)
Failed: RegDeleteKey HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{014da6c1-189f-421a-88cd-07cfe51cff10} (key does not exist)
Failed: RegDeleteKey HKLM\software\microsoft\windows\currentversion\uninstall\my search uninstall (key does not exist)
Success: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Success: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
Success: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Success: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}
Success: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A}
Success: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{2EFF3CF7-99C1-4c29-BC2B-68E057E22340}
Success: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Success: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
Success: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
Success: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
Success: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}
Success: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
Success: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Success: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}
Success: RegDeleteKey HKCR\MyWebSearchToolBar.ToolbarPlugin.1
Success: RegDeleteKey HKCR\MyWebSearchToolBar.ToolbarPlugin
Failed: RegDeleteKey HKCR\clsid\{014da6ca-189f-421a-88cd-07cfe51cff10} (key does not exist)
Failed: RegDeleteKey HKCR\clsid\{014da6cc-189f-421a-88cd-07cfe51cff10} (key does not exist)
Failed: RegDeleteKey HKCR\clsid\{014da6c0-189f-421a-88cd-07cfe51cff10} (key does not exist)
Failed: RegDeleteKey HKCR\clsid\{85204a50-6997-4543-9ff8-d9bbcb9108f5} (key does not exist)
Success: RegDeleteKey HKCR\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}
Success: RegDeleteKey HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Failed: RegDeleteKey HKCR\clsid\{014da6c1-189f-421a-88cd-07cfe51cff10} (key does not exist)
Failed: RegDeleteKey HKCR\clsid\{014da6c5-189f-421a-88cd-07cfe51cff10} (key does not exist)
Failed: RegDeleteKey HKCR\clsid\{014da6c7-189f-421a-88cd-07cfe51cff10} (key does not exist)
Failed: RegDeleteKey HKCR\clsid\{014da6cb-189f-421a-88cd-07cfe51cff10} (key does not exist)
Failed: RegDeleteKey HKCR\clsid\{014da6ce-189f-421a-88cd-07cfe51cff10} (key does not exist)
Failed: RegDeleteKey HKCR\clsid\{04079856-5845-4dea-848c-3ecd647aa554} (key does not exist)
Failed: RegDeleteKey HKCR\clsid\{2cb71122-a917-44c1-ad6c-0573fb63803e} (key does not exist)
Failed: RegDeleteKey HKCR\clsid\{fac94900-96d9-47fa-ba33-7ef1bbfbbcec} (key does not exist)
Failed: RegDeleteKey HKCR\interface\{014da6ca-189f-421a-88cd-07cfe51cff10} (key does not exist)
Failed: RegDeleteKey HKCR\interface\{014da6cc-189f-421a-88cd-07cfe51cff10} (key does not exist)
Failed: RegDeleteKey HKCR\mysearch.popswatterbarbutton (key does not exist)
Failed: RegDeleteKey HKCR\mysearch.popswatterbarbutton.1 (key does not exist)
Failed: RegDeleteKey HKCR\mysearch.popswatterbarbutton.1\clsid (key does not exist)
Failed: RegDeleteKey HKCR\mysearch.popswatterbarbutton\clsid (key does not exist)
Failed: RegDeleteKey HKCR\mysearch.popswatterbarbutton\curver (key does not exist)
Failed: RegDeleteKey HKCR\mysearch.popswattersettingscontrol (key does not exist)
Failed: RegDeleteKey HKCR\mysearch.popswattersettingscontrol.1 (key does not exist)
Failed: RegDeleteKey HKCR\mysearchtoolbar.netscapeshutdown (key does not exist)
Failed: RegDeleteKey HKCR\mysearchtoolbar.netscapeshutdown.1 (key does not exist)
Failed: RegDeleteKey HKCR\mysearchtoolbar.netscapestartup (key does not exist)
Failed: RegDeleteKey HKCR\mysearchtoolbar.netscapestartup.1 (key does not exist)
Failed: RegDeleteKey HKCR\mysearchtoolbar.netscapestartup\curver (key does not exist)
Failed: RegDeleteKey HKCR\mysearchtoolbar.settingsplugin (key does not exist)
Failed: RegDeleteKey HKCR\mysearchtoolbar.settingsplugin.1 (key does not exist)
Failed: RegDeleteKey HKCR\mysearchtoolbar.settingsplugin\clsid (key does not exist)
Failed: RegDeleteKey HKCR\typelib\{014da6c0-189f-421a-88cd-07cfe51cff10} (key does not exist)
Failed: RegDeleteKey HKCR\typelib\{85204a50-6997-4543-9ff8-d9bbcb9108f5} (key does not exist)
Success: RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|MyWebSearch Email Plugin
Failed: RegDeleteKey HKCU\software\microsoft\internet explorer\menuext\web rebates. (key does not exist)
Failed: RegDeleteKey HKCU\software\microsoft\internet explorer\new windows\allow www.mysearch.com (key does not exist)
Failed: RegDeleteKey HKCU\software\microsoft\internet explorer\toolbar\webbrowser {014da6c9-189f-421a-88cd-07cfe51cff10} (key does not exist)
Failed: RegDeleteKey HKCU\software\microsoft\internet explorer\urlsearchhooks {04079856-5845-4dea-848c-3ecd647aa554} (key does not exist)
Failed: RegDeleteKey HKCU\software\microsoft\windows\currentversion\ext\stats\{014da6c1-189f-421a-88cd-07cfe51cff10} (key does not exist)
Failed: RegDeleteKey HKCU\software\microsoft\windows\currentversion\ext\stats\{58f0b492-a42e-435a-bcbf-c6b2608077ba} (key does not exist)
Success: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|My Web Search Bar
Success: RegDeleteKey HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Failed: RegDeleteKey HKCR\FunWebProducts.DataControl.1 (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.DataControl (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.HistoryKillerScheduler.1 (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.HistoryKillerScheduler (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.HistorySwatterControlBar.1 (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.HistorySwatterControlBar (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.HTMLMenu.1 (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.HTMLMenu (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.HTMLMenu.2 (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.IECookiesManager.1 (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.IECookiesManager (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.KillerObjManager.1 (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.KillerObjManager (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.KillerObjManager (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.PopSwatterBarButton.1 (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.PopSwatterBarButton (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.PopSwatterSettingsControl.1 (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.PopSwatterSettingsControl (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.ShellViewControl.1 (key does not exist)
Failed: RegDeleteKey HKCR\FunWebProducts.ShellViewControl (key does not exist)
Success: RegDeleteKey HKCR\ScreenSaverControl.ScreenSaverInstaller.1
Success: RegDeleteKey HKCR\ScreenSaverControl.ScreenSaverInstaller
Failed: RegDeleteKey HKLM\SOFTWARE\Fun Web Products (key does not exist)
Success: RegDeleteKey HKLM\SOFTWARE\FunWebProducts
Success: RegSetStringValue HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.dat|ReplaceApps|*.*
Success: RegSetDwordValue HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.dat|Permissions|00000001
Success: RegSetDwordValue HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.dat|Runtime|00000007
Success: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MyWebSearch Email Plugin
Success: RegDelValue HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00A6FAF6-072E-44cf-8957-5838F569A31D}
Success: RegDeleteKey HKCR\Interface\{2763e333-b168-41a0-a112-d35f96f410c0}
Failed: RegDeleteKey HKCR\clsid\{2763e333-b168-41a0-a112-d35f96f410c0} (key does not exist)
Success: RegDeleteKey HKCR\MIME\Database\Content Type\application/x-f3embed
Success: RegDeleteKey HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Success: RegDeleteKey HKCU\SOFTWARE\MyWebSearch
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (key does not exist)
Success: FolderDelete C:\Documents and Settings\EMMA\Local Settings\Temporary Internet Files\Content.IE5\0H2F89EB
Success: FolderDelete C:\Documents and Settings\EMMA\Local Settings\Temporary Internet Files\Content.IE5\291YJE14
Success: FolderDelete C:\Documents and Settings\EMMA\Local Settings\Temporary Internet Files\Content.IE5\2M1P0ZJ4
Success: FolderDelete C:\Documents and Settings\EMMA\Local Settings\Temporary Internet Files\Content.IE5\49I3CXI7
Success: FolderDelete C:\Documents and Settings\EMMA\Local Settings\Temporary Internet Files\Content.IE5\5373XH4A
Success: FolderDelete C:\Documents and Settings\EMMA\Local Settings\Temporary Internet Files\Content.IE5\839NQURP
Success: FolderDelete C:\Documents and Settings\EMMA\Local Settings\Temporary Internet Files\Content.IE5\8HIFGTQB
Success: FolderDelete C:\Documents and Settings\EMMA\Local Settings\Temporary Internet Files\Content.IE5\BR9FFHOW
Success: FolderDelete C:\Documents and Settings\EMMA\Local Settings\Temporary Internet Files\Content.IE5\C5IRST6J
Success: FolderDelete C:\Documents and Settings\EMMA\Local Settings\Temporary Internet Files\Content.IE5\DOSB11WH
Success: FolderDelete C:\Documents and Settings\EMMA\Local Settings\Temporary Internet Files\Content.IE5\FAKJ3L4X
Success: FolderDelete C:\Documents and Settings\EMMA\Local Settings\Temporary Internet Files\Content.IE5\K3HNIU7D
Success: FolderDelete C:\Documents and Settings\EMMA\Local Settings\Temporary Internet Files\Content.IE5\MDNWDK7I
Success: FolderDelete C:\Documents and Settings\EMMA\Local Settings\Temporary Internet Files\Content.IE5\N3WG5ZPA
Success: FolderDelete C:\Documents and Settings\EMMA\Local Settings\Temporary Internet Files\Content.IE5\O9FEZ5YO
Success: FolderDelete C:\Documents and Settings\EMMA\Local Settings\Temporary Internet Files\Content.IE5\U1H2ZAH4
Success: FolderDelete C:\Documents and Settings\EMMA\Local Settings\Temporary Internet Files\Content.IE5\WLUJ01IN
Success: FolderDelete C:\Documents and Settings\EMMA\Local Settings\Temporary Internet Files\Content.IE5\WXER0PER
Success: FolderDelete C:\Documents and Settings\EMMA\Local Settings\Temporary Internet Files\Content.IE5\XRBFTHGE
Success: FolderDelete C:\Documents and Settings\EMMA\Local Settings\Temporary Internet Files\Content.IE5\ZSOM0Z18
Success: FolderDelete C:\DOCUME~1\EMMA\LOCALS~1\Temp\.kmztmp
Success: FolderDelete C:\DOCUME~1\EMMA\LOCALS~1\Temp\0016wrd.~lk
Success: FolderDelete C:\DOCUME~1\EMMA\LOCALS~1\Temp\Drivers
Failed: FileDelete C:\DOCUME~1\EMMA\LOCALS~1\Temp\etilqs_2jwgz7Gooil9Eb35udFf (operation failed)
Success: FolderDelete C:\DOCUME~1\EMMA\LOCALS~1\Temp\Google Toolbar
Success: FolderDelete C:\DOCUME~1\EMMA\LOCALS~1\Temp\hsperfdata_EMMA
Success: FileDelete C:\DOCUME~1\EMMA\LOCALS~1\Temp\jusched.log
Success: FolderDelete C:\DOCUME~1\EMMA\LOCALS~1\Temp\mProjector1683943926
Success: FolderDelete C:\DOCUME~1\EMMA\LOCALS~1\Temp\mProjector2713751999
Success: FolderDelete C:\DOCUME~1\EMMA\LOCALS~1\Temp\plugtmp
Success: FolderDelete C:\DOCUME~1\EMMA\LOCALS~1\Temp\plugtmp-1
Failed: FolderDelete C:\DOCUME~1\EMMA\LOCALS~1\Temp\Temporary Directory 1 for bfu.zip (operation failed)
Success: FolderDelete C:\DOCUME~1\EMMA\LOCALS~1\Temp\WER1214.dir00
Success: FolderDelete C:\DOCUME~1\EMMA\LOCALS~1\Temp\WER1760.dir00
Failed: FileDelete C:\DOCUME~1\EMMA\LOCALS~1\Temp\~DF2BF9.tmp (operation failed)
Failed: FileDelete C:\WINDOWS\Temp\CLML_AGENT_LOG1.txt (operation failed)
Success: FolderDelete C:\WINDOWS\Temp\Cookies
Success: FileDelete C:\WINDOWS\Temp\DOC.log
Success: FileDelete C:\WINDOWS\Temp\dtshrt.log
Success: FileDelete C:\WINDOWS\Temp\ehelp.log
Success: FileDelete C:\WINDOWS\Temp\flash.log
Success: FolderDelete C:\WINDOWS\Temp\Google Toolbar
Success: FileDelete C:\WINDOWS\Temp\GoogleToolbarInstaller1.log
Success: FileDelete C:\WINDOWS\Temp\GoogleToolbarInstaller2.log
Success: FolderDelete C:\WINDOWS\Temp\History
Success: FileDelete C:\WINDOWS\Temp\hpware.log
Success: FileDelete C:\WINDOWS\Temp\LUInit.exe
Success: FileDelete C:\WINDOWS\Temp\LUInit.ini
Success: FileDelete C:\WINDOWS\Temp\netfxsl.log
Success: FileDelete C:\WINDOWS\Temp\netfxupdate.log
Success: FileDelete C:\WINDOWS\Temp\NetFxUpdate_v1.1.4322.log
Success: FileDelete C:\WINDOWS\Temp\Perflib_Perfdata_924.dat
Success: FileDelete C:\WINDOWS\Temp\Perflib_Perfdata_9c0.dat
Success: FileDelete C:\WINDOWS\Temp\RGI113.tmp
Success: FileDelete C:\WINDOWS\Temp\SCG.log
Success: FileDelete C:\WINDOWS\Temp\sdpintl.ini
Success: FolderDelete C:\WINDOWS\Temp\slu4484.tmp
Success: FileDelete C:\WINDOWS\Temp\slu44bf.tmp
Success: FolderDelete C:\WINDOWS\Temp\slu44c2.tmp
Success: FolderDelete C:\WINDOWS\Temp\slu62ad.tmp
Success: FolderDelete C:\WINDOWS\Temp\slu6668.tmp
Success: FileDelete C:\WINDOWS\Temp\slu6699.tmp
Success: FileDelete C:\WINDOWS\Temp\slu66b9.tmp
Success: FolderDelete C:\WINDOWS\Temp\slu7303.tmp
Success: FileDelete C:\WINDOWS\Temp\slu7337.tmp
Success: FileDelete C:\WINDOWS\Temp\slu7358.tmp
Success: FolderDelete C:\WINDOWS\Temp\slucd7.tmp
Success: FileDelete C:\WINDOWS\Temp\SPL1.tmp
Success: FileDelete C:\WINDOWS\Temp\SPL12E.tmp
Success: FileDelete C:\WINDOWS\Temp\SPL1F.tmp
Success: FileDelete C:\WINDOWS\Temp\SPL2.tmp
Success: FileDelete C:\WINDOWS\Temp\SPL29.tmp
Success: FileDelete C:\WINDOWS\Temp\SPL3.tmp
Success: FileDelete C:\WINDOWS\Temp\SPL4.tmp
Success: FileDelete C:\WINDOWS\Temp\SPL50.tmp
Success: FileDelete C:\WINDOWS\Temp\SPLBC.tmp
Success: FileDelete C:\WINDOWS\Temp\SPLBD.tmp
Success: FileDelete C:\WINDOWS\Temp\SPLD2.tmp
Success: FileDelete C:\WINDOWS\Temp\SPLEC.tmp
Success: FileDelete C:\WINDOWS\Temp\SPLED.tmp
Success: FileDelete C:\WINDOWS\Temp\sqlite_55t6qpTzyDLBcmz
Success: FileDelete C:\WINDOWS\Temp\sqlite_63hyp7kFakFuroz
Success: FileDelete C:\WINDOWS\Temp\sqlite_9NaqsFuOoDCuytv
Success: FileDelete C:\WINDOWS\Temp\sqlite_bQG4HQU8xd39dfe
Success: FileDelete C:\WINDOWS\Temp\sqlite_DbItfw2FCamgZfo
Success: FileDelete C:\WINDOWS\Temp\sqlite_EhHNj82J2pPgvmu
Success: FileDelete C:\WINDOWS\Temp\sqlite_ElrTW2n158mDNF6
Success: FileDelete C:\WINDOWS\Temp\sqlite_fHNkkWbhFeq8fWc
Failed: FileDelete C:\WINDOWS\Temp\sqlite_G7XK0fEXN8oTPF9 (operation failed)
Success: FileDelete C:\WINDOWS\Temp\sqlite_gqsknslI3y7VQLI
Success: FileDelete C:\WINDOWS\Temp\sqlite_HMSqBc9ELdbE5ry
Success: FileDelete C:\WINDOWS\Temp\sqlite_LnDDqtR2X6Qe6rP
Success: FileDelete C:\WINDOWS\Temp\sqlite_MmUaF6GCsMRPBNv
Success: FileDelete C:\WINDOWS\Temp\sqlite_NOCa924ocpvhmH8
Success: FileDelete C:\WINDOWS\Temp\sqlite_poDBNxErpaKds0a
Success: FileDelete C:\WINDOWS\Temp\sqlite_QaaegtplM0nidni
Success: FileDelete C:\WINDOWS\Temp\sqlite_qkhFA1FHn0R76ah
Success: FileDelete C:\WINDOWS\Temp\sqlite_QRJnRxdaT5EVjpI
Success: FileDelete C:\WINDOWS\Temp\sqlite_S5aMHpFL7BdbQGi
Success: FileDelete C:\WINDOWS\Temp\sqlite_SudysvUnBvfchhx
Success: FileDelete C:\WINDOWS\Temp\sqlite_VCL3bdvvA7iEy6Y
Success: FileDelete C:\WINDOWS\Temp\sqlite_Ye7F2pzCN6ia63U
Success: FileDelete C:\WINDOWS\Temp\sqlite_zsrsg05hXVJ3lb9
Success: FileDelete C:\WINDOWS\Temp\Support.log
Success: FileDelete C:\WINDOWS\Temp\SYMEVENT.LOG
Success: FileDelete C:\WINDOWS\Temp\T30DebugLogFile.txt
Success: FolderDelete C:\WINDOWS\Temp\Temporary Internet Files
Success: SystemEmptyRecycleBin
Success: SystemRun C:\WINDOWS\explorer.exe||1
Script completed at 17:33:52.

ActorSeeksJob · 29-03-2009 5:15pm

can you post the smitfraudfix log and a new HJT log

gypsylee · 29-03-2009 6:31pm

Hi, the logs are below. Thanks.

SmitFraudFix v2.405

Scan done at 15:01:10.32, 29/03/2009
Run from C:\Documents and Settings\EMMA\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8aa7a4d2-73c7-4fca-bef7-7923e38a3b1c}"="farrandly"

[HKEY_CLASSES_ROOT\CLSID\{8aa7a4d2-73c7-4fca-bef7-7923e38a3b1c}\InProcServer32]
@="C:\WINDOWS\system32\tczij.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8aa7a4d2-73c7-4fca-bef7-7923e38a3b1c}\InProcServer32]
@="C:\WINDOWS\system32\tczij.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Program Files\Video ActiveX Access\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{01C79DFE-6A25-48C0-B0C4-B8881E914877}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3A1294E7-09B3-4AFF-B29C-AAAA1E3399E0}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{01C79DFE-6A25-48C0-B0C4-B8881E914877}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3A1294E7-09B3-4AFF-B29C-AAAA1E3399E0}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{01C79DFE-6A25-48C0-B0C4-B8881E914877}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3A1294E7-09B3-4AFF-B29C-AAAA1E3399E0}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:30:53, on 29/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.254/
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - C:\Program Files\Starware316\bin\Starware316.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Starware - {F7C7AA47-BCA6-451D-8DBC-C10A8F75C8C7} - C:\Program Files\Starware\bin\Starware.dll
O3 - Toolbar: Starware316 - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware316\bin\Starware316.dll
O3 - Toolbar: Starware - {9839B3B7-3F99-4498-884D-6CFCCD251AB1} - C:\Program Files\Starware\bin\Starware.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1120616011-2897995549-1849173236-1010\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'KEVIN')
O4 - HKUS\S-1-5-21-1120616011-2897995549-1849173236-1011\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'JENNIFER')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Exif Launcher S.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe

--
End of file - 7226 bytes

ActorSeeksJob · 29-03-2009 8:54pm

hello

Download Rooter.exe to your desktop

Then doubleclick it to start the tool
A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here

Download OTListIt2 to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
%systemroot%\System32\antiwpa.dll
%systemroot%\SYSTEM32\wpa.dll
%systemroot%\setup\scripts\biestart.exe
%systemroot%\system32\drivers\royal.sys
%systemroot%\system32\serauth1.dll
%systemroot%\system32\serauth2.dll
%systemroot%\system32\sysaudio.sys
%systemroot%\system32\wdmaud.sys
%systemroot%\system32\aeaudio.sys
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

gypsylee · 30-03-2009 7:13pm

Right here we go again. Please see logs below.
OTListIt Extras logfile created on: 30/03/2009 20:07:13 - Run 1
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\EMMA\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

446.48 Mb Total Physical Memory | 150.09 Mb Available Physical Memory | 33.62% Memory free
1.03 Gb Paging File | 0.74 Gb Available in Paging File | 71.54% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.12 Gb Total Space | 51.65 Gb Free Space | 74.72% Space Free | Partition Type: NTFS
Drive

| 5.42 Gb Total Space | 0.63 Gb Free Space | 11.54% Space Free | Partition Type: FAT32
Drive E: | 201.16 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-C94F920E24
Current User Name: EMMA
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: Off

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:CyberLink PowerCinema (CyberLink Corp.)
C:\Program Files\CyberLink\PowerCinema\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program (CyberLink Corp.)
C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 1.0
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{526294AE-4192-4A19-9BF0-66CE5631C757}" = Art Attack
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{62614D95-337A-F73E-325D-A2F26103677D}" = HannahMontanaScrapbook
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{88B32652-CAE0-4909-A463-5840D2689D93}" = FUJIFILM FinePixViewer S Ver.2.1
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A0D14CE3-52F4-415C-9454-C8991722A723}" = Disney Flix 3.0
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B97ACE80-6D9B-11D6-AFFD-0040052179B6}" = Crazy Taxi
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"Five-A-Side Football" = Five-A-Side Football
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"Lexmark 730 Series" = Lexmark 730 Series
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"McDonald's Fairies " = McDonald's Fairies
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MSNINST" = MSN
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SSSInst" = Screensavers Installer Version 2
"Starware" = Starware 4.2.1.0
"Starware316" = Starware316 4.4.1.0
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Zylom Games Player Plugin" = Zylom Games Player Plugin

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04/02/2009 14:08:01 | Computer Name = YOUR-C94F920E24 | Source = Application Hang | ID = 1002
Description = Hanging application AdobeUpdateManager.exe, version 3.0.0.40, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 05/02/2009 13:22:30 | Computer Name = YOUR-C94F920E24 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3257, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 14/02/2009 13:21:57 | Computer Name = YOUR-C94F920E24 | Source = Application Hang | ID = 1002
Description = Hanging application googleearth.exe, version 4.2.181.2634, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 14/02/2009 13:21:57 | Computer Name = YOUR-C94F920E24 | Source = Application Hang | ID = 1002
Description = Hanging application googleearth.exe, version 4.2.181.2634, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 28/02/2009 13:27:30 | Computer Name = YOUR-C94F920E24 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3306, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 05/03/2009 17:28:15 | Computer Name = YOUR-C94F920E24 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3334, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 14/03/2009 13:08:49 | Computer Name = YOUR-C94F920E24 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3334, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 25/03/2009 20:24:38 | Computer Name = YOUR-C94F920E24 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 25/03/2009 20:26:41 | Computer Name = YOUR-C94F920E24 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 25/03/2009 20:30:47 | Computer Name = YOUR-C94F920E24 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

[ System Events ]
Error - 29/03/2009 10:00:23 | Computer Name = YOUR-C94F920E24 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 29/03/2009 10:00:23 | Computer Name = YOUR-C94F920E24 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 29/03/2009 10:00:23 | Computer Name = YOUR-C94F920E24 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdK8 Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 29/03/2009 10:07:37 | Computer Name = YOUR-C94F920E24 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 29/03/2009 10:09:02 | Computer Name = YOUR-C94F920E24 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 29/03/2009 10:09:09 | Computer Name = YOUR-C94F920E24 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 29/03/2009 17:11:06 | Computer Name = YOUR-C94F920E24 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service lxcf_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44106F}

Error - 29/03/2009 17:11:06 | Computer Name = YOUR-C94F920E24 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxcf_device service to
connect.

Error - 29/03/2009 17:11:06 | Computer Name = YOUR-C94F920E24 | Source = Service Control Manager | ID = 7000
Description = The lxcf_device service failed to start due to the following error:
%%1053

Error - 29/03/2009 17:11:35 | Computer Name = YOUR-C94F920E24 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service lxcf_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44106F}

< End of report >

gypsylee · 30-03-2009 7:15pm

OTListIt logfile created on: 30/03/2009 20:07:13 - Run 1
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\EMMA\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

446.48 Mb Total Physical Memory | 150.09 Mb Available Physical Memory | 33.62% Memory free
1.03 Gb Paging File | 0.74 Gb Available in Paging File | 71.54% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.12 Gb Total Space | 51.65 Gb Free Space | 74.72% Space Free | Partition Type: NTFS
Drive

| 5.42 Gb Total Space | 0.63 Gb Free Space | 11.54% Space Free | Partition Type: FAT32
Drive E: | 201.16 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-C94F920E24
Current User Name: EMMA
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: Off

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\HP\HP Software Update\HPwuSchd2.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\FinePixViewerS\QuickDCF2.exe (FUJIFILM Corporation)
PRC - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
PRC - C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
PRC - c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\HP\HP Software Update\HPwuSchd2.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\FinePixViewerS\QuickDCF2.exe (FUJIFILM Corporation)
PRC - C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
PRC - C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
PRC - c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\EMMA\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (CLCapSvc [Auto | Running]) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
SRV - (CLSched [Auto | Running]) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
SRV - (CyberLink Media Library Service [Auto | Running]) -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (LiveUpdate Notice Service [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (lxcf_device [On_Demand | Stopped]) -- C:\WINDOWS\system32\lxcfcoms.exe ( )
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (bb-run [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\bb-run.sys (Promise Technology, Inc.)
DRV - (CoachAud [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\CoachAud.sys (FotoNation Inc.)
DRV - (CoachUsb [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\CoachUsb.sys (FotoNation Inc.)
DRV - (CoachVid [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\CoachVid.sys (FotoNation Inc.)
DRV - (ftsata2 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys (Promise Technology, Inc.)
DRV - (iaStor [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (NTPASp50 [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\NTPASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (Ps2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/29 09:35:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/29 09:35:57 | 00,000,000 | ---D | M]

[2009/01/15 17:37:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EMMA\Application Data\mozilla\Extensions
[2009/01/15 17:37:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EMMA\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/01/15 17:37:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EMMA\Application Data\mozilla\Firefox\Profiles\u3z2uic1.default\extensions
[2009/01/15 17:29:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/29 09:35:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/29 09:35:50 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/29 09:35:50 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/01/04 16:36:50 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2006/07/05 19:47:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/01/04 16:36:50 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/03/08 10:35:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/09/22 20:14:04 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/04/16 05:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/03/28 19:11:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/01/04 16:36:50 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - C:\Program Files\Starware316\bin\Starware316.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Starware) - {F7C7AA47-BCA6-451D-8DBC-C10A8F75C8C7} - C:\Program Files\Starware\bin\Starware.dll (Starware)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Starware) - {9839B3B7-3F99-4498-884D-6CFCCD251AB1} - C:\Program Files\Starware\bin\Starware.dll (Starware)
O3 - HKLM\..\Toolbar: (Starware316) - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware316\bin\Starware316.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode (Promise Technology, Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run (Hewlett-Packard Company)
O4 - HKLM..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16 ()
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" (SoftThinks)
O4 - HKLM..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe (FUJIFILM Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File -

\AUTOEXEC.BAT () - [ FAT32 ]
O32 - Autorun File -

\Autorun.inf () - [ FAT32 ]
O32 - Autorun File - E:\Autorun.exe () - [ CDFS ]
O32 - Autorun File - E:\autorun.inf () - [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/03/30 19:53:51 | 00,498,688 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\EMMA\Desktop\OTListIt2.exe
[2009/03/30 19:51:38 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/30 19:50:29 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\EMMA\Desktop\Rooter.exe
[2009/03/29 19:27:08 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2009/03/29 19:27:08 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2009/03/29 19:27:08 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2009/03/29 19:27:08 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2009/03/29 19:27:08 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2009/03/29 19:27:08 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2009/03/29 19:27:08 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2009/03/29 19:27:08 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2009/03/29 19:27:08 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2009/03/29 19:27:08 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2009/03/29 19:27:08 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2009/03/29 19:27:08 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2009/03/29 19:27:08 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2009/03/29 19:27:07 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2009/03/29 17:24:58 | 00,000,000 | ---D | C] -- C:\DOCUME~1\EMMA\Desktop\BFU
[2009/03/29 17:24:13 | 00,013,165 | ---- | C] () -- C:\DOCUME~1\EMMA\Desktop\MyWebSearch.bfu
[2009/03/29 17:22:09 | 00,000,000 | ---D | C] -- C:\BFU
[2009/03/29 15:10:08 | 46,824,2432 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/29 15:01:22 | 00,002,858 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/03/29 15:00:38 | 00,000,000 | ---D | C] -- C:\DOCUME~1\EMMA\Desktop\SmitfraudFix
[2009/03/27 21:11:30 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/23 19:57:12 | 00,308,534 | ---- | C] () -- C:\DOCUME~1\EMMA\Desktop\hanna-miely-hannah-montana-2125770-500-500.jpg
[2009/03/21 11:00:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/03/21 11:00:07 | 00,000,000 | ---D | C] -- C:\Program Files\Zylom Games
[2009/03/20 18:27:16 | 01,591,928 | ---- | C] () -- C:\DOCUME~1\EMMA\Desktop\gamesplayerinstall.exe
[2009/03/13 18:33:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\EMMA\Application Data\com.lightmaker.deagostini.ScrapBook.F5516A9051B0E5952398AAEA0EA47B6FE96034B0.1
[2009/03/13 18:33:14 | 00,000,778 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\HannahMontanaScrapbook.lnk
[2009/03/13 18:33:09 | 00,000,000 | ---D | C] -- C:\Program Files\HannahMontanaScrapbook
[2009/03/13 18:33:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/03/07 14:54:56 | 00,009,728 | ---- | C] () -- C:\DOCUME~1\EMMA\My Documents\Alicante ad.wps
[2009/03/05 21:20:44 | 00,000,000 | ---D | C] -- C:\DOCUME~1\EMMA\Desktop\New Folder
[2009/03/05 17:19:34 | 00,157,193 | ---- | C] () -- C:\DOCUME~1\EMMA\Desktop\club penguin.jpg

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/03/30 19:53:52 | 00,498,688 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\EMMA\Desktop\OTListIt2.exe
[2009/03/30 19:50:30 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\EMMA\Desktop\Rooter.exe
[2009/03/30 19:06:15 | 00,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/03/30 15:48:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/30 15:48:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/30 15:48:17 | 46,824,2432 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/29 22:11:00 | 03,771,350 | -H-- | M] () -- C:\Documents and Settings\EMMA\Local Settings\Application Data\IconCache.db
[2009/03/29 17:24:13 | 00,013,165 | ---- | M] () -- C:\DOCUME~1\EMMA\Desktop\MyWebSearch.bfu
[2009/03/29 15:01:23 | 00,002,858 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/03/29 09:11:25 | 00,441,690 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/29 09:11:25 | 00,382,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/29 09:11:25 | 00,053,892 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/27 21:25:19 | 00,003,658 | ---- | M] () -- C:\Documents and Settings\EMMA\Application Data\wklnhst.dat
[2009/03/23 19:57:13 | 00,308,534 | ---- | M] () -- C:\DOCUME~1\EMMA\Desktop\hanna-miely-hannah-montana-2125770-500-500.jpg
[2009/03/20 18:27:25 | 01,591,928 | ---- | M] () -- C:\DOCUME~1\EMMA\Desktop\gamesplayerinstall.exe
[2009/03/13 18:33:16 | 00,000,778 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\HannahMontanaScrapbook.lnk
[2009/03/12 17:57:30 | 00,182,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/11 23:45:10 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/07 14:54:57 | 00,009,728 | ---- | M] () -- C:\DOCUME~1\EMMA\My Documents\Alicante ad.wps
[2009/03/05 17:19:37 | 00,157,193 | ---- | M] () -- C:\DOCUME~1\EMMA\Desktop\club penguin.jpg

========== LOP Check ==========

[2009/03/21 11:00:08 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/13 18:33:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2006/09/29 21:09:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2007/10/05 12:47:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2006/05/22 21:19:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/01/08 13:54:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2006/05/22 21:16:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2009/01/16 08:55:41 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2006/05/22 20:51:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2006/05/22 21:10:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2009/03/25 22:00:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Starware
[2009/03/10 21:10:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Starware316
[2009/01/12 16:35:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2007/07/26 10:23:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/21 11:00:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/03/29 17:30:37 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\EMMA\Application Data
[2009/03/13 18:32:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EMMA\Application Data\Adobe
[2009/03/30 19:01:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EMMA\Application Data\AdobeUM
[2009/03/13 18:33:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EMMA\Application Data\com.lightmaker.deagostini.ScrapBook.F5516A9051B0E5952398AAEA0EA47B6FE96034B0.1
[2009/01/16 08:57:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EMMA\Application Data\Disney Flix 3.0
[2008/01/01 17:23:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EMMA\Application Data\FUJIFILM
[2007/11/19 19:36:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EMMA\Application Data\Google
[2007/04/02 20:35:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EMMA\Application Data\Help
[2006/11/27 20:39:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EMMA\Application Data\HP
[2008/11/09 18:30:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EMMA\Application Data\HPQ
[2005/12/07 13:30:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EMMA\Application Data\Identities
[2006/12/01 16:39:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EMMA\Application Data\Macromedia
[2008/03/09 11:30:35 | 00,000,000 | --SD | M] -- C:\Documents and Settings\EMMA\Application Data\Microsoft
[2009/01/15 17:37:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EMMA\Application Data\Mozilla
[2007/03/13 21:24:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EMMA\Application Data\Real
[2009/01/20 17:46:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EMMA\Application Data\Starware
[2009/03/10 21:10:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EMMA\Application Data\Starware316
[2006/12/01 16:40:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EMMA\Application Data\Sun
[2007/03/08 20:50:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EMMA\Application Data\Template
[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/03/30 15:48:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Custom Scans ==========

< %systemroot%\System32\antiwpa.dll >

< %systemroot%\SYSTEM32\wpa.dll >

< %systemroot%\setup\scripts\biestart.exe >

< %systemroot%\system32\drivers\royal.sys >

< %systemroot%\system32\serauth1.dll >

< %systemroot%\system32\serauth2.dll >

< %systemroot%\system32\sysaudio.sys >

< %systemroot%\System32\wdmaud.sys >

< %systemroot%\System32\aeaudio.sys >

========== Alternate Data Streams ==========

@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAAA7DD7
< End of report >

ActorSeeksJob · 30-03-2009 9:01pm

hello

Run OTList2.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O2 - BHO: () - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - C:\Program Files\Starware316\bin\Starware316.dll ()
O2 - BHO: (Starware) - {F7C7AA47-BCA6-451D-8DBC-C10A8F75C8C7} - C:\Program Files\Starware\bin\Starware.dll (Starware)
O3 - HKLM\..\Toolbar: (Starware) - {9839B3B7-3F99-4498-884D-6CFCCD251AB1} - C:\Program Files\Starware\bin\Starware.dll (Starware)
O3 - HKLM\..\Toolbar: (Starware316) - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware316\bin\Starware316.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab (Reg Error: Key error.)
[2009/03/30 19:51:38 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/30 19:50:29 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\EMMA\Desktop\Rooter.exe
[2009/03/29 19:27:08 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2009/03/29 19:27:08 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2009/03/29 19:27:08 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2009/03/29 19:27:08 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2009/03/29 19:27:08 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2009/03/29 19:27:08 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2009/03/29 19:27:08 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2009/03/29 19:27:08 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2009/03/29 19:27:08 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2009/03/29 19:27:08 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2009/03/29 19:27:08 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2009/03/29 19:27:08 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2009/03/29 19:27:08 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2009/03/29 19:27:07 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2009/03/29 17:24:58 | 00,000,000 | ---D | C] -- C:\DOCUME~1\EMMA\Desktop\BFU
[2009/03/29 17:24:13 | 00,013,165 | ---- | C] () -- C:\DOCUME~1\EMMA\Desktop\MyWebSearch.bfu
[2009/03/29 17:22:09 | 00,000,000 | ---D | C] -- C:\BFU
[2009/03/29 15:01:22 | 00,002,858 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/03/29 15:00:38 | 00,000,000 | ---D | C] -- C:\DOCUME~1\EMMA\Desktop\SmitfraudFix
[2009/03/25 22:00:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Starware
[2009/03/10 21:10:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Starware316
[2009/01/20 17:46:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EMMA\Application Data\Starware
[2009/03/10 21:10:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EMMA\Application Data\Starware316
:Services

:Reg

:Files
C:\Program Files\Starware316
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL2 log ( don't check the boxes beside LOP Check or Purity this time )

gypsylee · 30-03-2009 9:40pm

Hi, I cannot manage to paste the contents which you told me to paste under the Custom Scans/Fixes section. On your last post i.e. I had to manually type in the contents i.e. %systemroot% etc but there is too much text this time for me to do this. Can you tell me how to paste? Thanks. Can you make sense of what I am posting and logging or is my computer fec*ed? Thanks for all your help, I am really grateful but I do not want to be wasting your time if it is beyond redemption...

ActorSeeksJob · 30-03-2009 10:37pm

no its not that bad

so you cant copy and paste or dont know how to ? strange

post me a new HJT log instead

gypsylee · 31-03-2009 6:42am

Hi, when I go to copy it won't let me copy just the grey boxed area, it copies the whole thread. Anyway below is the new HJT thread. Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:41:52, on 31/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\WINDOWS\System32\svchost.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.254/
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - C:\Program Files\Starware316\bin\Starware316.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Starware - {F7C7AA47-BCA6-451D-8DBC-C10A8F75C8C7} - C:\Program Files\Starware\bin\Starware.dll
O3 - Toolbar: Starware316 - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware316\bin\Starware316.dll
O3 - Toolbar: Starware - {9839B3B7-3F99-4498-884D-6CFCCD251AB1} - C:\Program Files\Starware\bin\Starware.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Exif Launcher S.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe

--
End of file - 6869 bytes

ActorSeeksJob · 31-03-2009 4:08pm

hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - C:\Program Files\Starware316\bin\Starware316.dll
O2 - BHO: Starware - {F7C7AA47-BCA6-451D-8DBC-C10A8F75C8C7} - C:\Program Files\Starware\bin\Starware.dll
O3 - Toolbar: Starware316 - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware316\bin\Starware316.dll
O3 - Toolbar: Starware - {9839B3B7-3F99-4498-884D-6CFCCD251AB1} - C:\Program Files\Starware\bin\Starware.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

3. Reboot into Safe Mode by continuously tapping the F8 key as soon as the computer begins to boot. A menu should come up where you will be given the option to enter Safe Mode.

4. Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders in bold (if present):

C:\Documents and Settings\All Users\Application Data\Starware
C:\Documents and Settings\All Users\Application Data\Starware316
C:\Documents and Settings\EMMA\Application Data\Starware
C:\Documents and Settings\EMMA\Application Data\Starware316
C:\Program Files\Starware316
C:\Program Files\Starware

Then post a new HJT Log

gypsylee · 31-03-2009 6:28pm

Hi, hope I followed your instructions correctly. Below is the HJT log. Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:19:19, on 31/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.254/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Exif Launcher S.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe

--
End of file - 4936 bytes

ActorSeeksJob · 31-03-2009 11:57pm

hello

Please download ATF Cleaner by Atribune.

Double-clickATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser

ClickFirefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser

ClickOpera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases

[*]Click on My Computer under Scan.
[*]Once the scan is complete, it will display the results. Click on View Scan Report.
[*]You will see a list of infected items there. Click on Save Report As....
[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

gypsylee · 02-04-2009 8:34am

Hi, I was following your instructions as per your last post. Downloaded ATF Cleaner and ran. All okay. Downloaded and ran Malwarebytes' Anti-Malware. All okay.
Problems began when I tried to run Kaspersky. I could not install the application from run. Internet connection then failed and I have not been able to get the internet connection since. I am on my work computer now so I am unable to post any logs at the moment. Should I download Firefox on to my computer again? Will this get the internet connection up and running or have I just wrecked the whole thing? Any suggestions? Thanks.

ActorSeeksJob · 02-04-2009 11:54am

do you have the MBAM log ?

Transfer and run this

Please click here to download AVP Tool by Kaspersky.

Save it to your desktop.
Reboot your computer into SafeMode.

You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
Use your up arrow key to highlight SafeMode then hit enter.
Double click the setup file to run it.
Click Next to continue.
It will by default install it to your desktop folder.Click Next.
Hit ok at the prompt for scanning in Safe Mode.
It will then open a box There will be a tab that says Automatic scan.
Under Automatic scan make sure these are checked.

[*] System Memory
[*]Startup Objects
[*]Disk Boot Sectors.
[*]My Computer.
[*]Also any other drives (Removable that you may have)

Then click on Scan at the to right hand Corner.
It will automatically Neutralize any objects found.
If some objects are left unneutralized then click the button that says Neutralize all
If it says it cannot be Neutralized then chooose The delete option when prompted.
After that is done click on the reports button at the bottom and save it to file name it Kas.
Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

gypsylee · 03-04-2009 6:53pm

Hi, hope I followed your instructions correctly. Please see the logs below.Thanks.

Malwarebytes' Anti-Malware 1.35
Database version: 1929
Windows 5.1.2600 Service Pack 2

01/04/2009 20:36:59
mbam-log-2009-04-01 (20-36-58).txt

Scan type: Quick Scan
Objects scanned: 83443
Time elapsed: 3 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 106
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 164
Files Infected: 385

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\starware (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\starware316 (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\starware (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\starware316 (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\KEVIN\Start Menu\Programs\SpyCrush (Rogue.SpyCrush) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Starware (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware\bin (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware\icons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware316 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware316\bin (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware316\icons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\PopupBlocker (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\Recipes (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\Reference (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\SearchMatch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\Weather (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\Games (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\Movies (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\Reference (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\Screensavers (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\SearchAssistPlus (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\SearchMatch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\Weather (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\PopupBlocker (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\Recipes (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\Reference (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\SearchMatch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\Weather (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware316 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware316\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware316\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware316\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware316\Games (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware316\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware316\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware316\Movies (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware316\Reference (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware316\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware316\Screensavers (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware316\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware316\SearchAssistPlus (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware316\SearchMatch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware316\SearchMatch\searchMatchPages (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware316\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware316\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware316\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware316\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware316\Weather (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\JENNIFER\Application Data\Starware (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\JENNIFER\Application Data\Starware\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\JENNIFER\Application Data\Starware\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\JENNIFER\Application Data\Starware\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\JENNIFER\Application Data\Starware\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\JENNIFER\Application Data\Starware\PopupBlocker (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\JENNIFER\Application Data\Starware\Recipes (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\JENNIFER\Application Data\Starware\Reference (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\JENNIFER\Application Data\Starware\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\JENNIFER\Application Data\Starware\SearchMatch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\JENNIFER\Application Data\Starware\SearchMatch\searchMatchPages (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\JENNIFER\Application Data\Starware\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\JENNIFER\Application Data\Starware\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\JENNIFER\Application Data\Starware\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\JENNIFER\Application Data\Starware\Weather (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\JENNIFER\Application Data\Starware316 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\JENNIFER\Application Data\Starware316\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\JENNIFER\Application Data\Starware316\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\JENNIFER\Application Data\Starware316\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\JENNIFER\Application Data\Starware316\Games (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\JENNIFER\Application Data\Starware316\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\JENNIFER\Application Data\Starware316\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\JENNIFER\Application Data\Starware316\Movies (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\JENNIFER\Application Data\Starware316\Reference (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\JENNIFER\Application Data\Starware316\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\JENNIFER\Application Data\Starware316\Screensavers (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\JENNIFER\Application Data\Starware316\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\JENNIFER\Application Data\Starware316\SearchAssistPlus (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\JENNIFER\Application Data\Starware316\SearchMatch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\JENNIFER\Application Data\Starware316\SearchMatch\searchMatchPages (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\JENNIFER\Application Data\Starware316\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\JENNIFER\Application Data\Starware316\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\JENNIFER\Application Data\Starware316\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\JENNIFER\Application Data\Starware316\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\JENNIFER\Application Data\Starware316\Weather (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Application Data\Starware (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Application Data\Starware\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Application Data\Starware\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Application Data\Starware\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Application Data\Starware\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Application Data\Starware\PopupBlocker (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Application Data\Starware\Recipes (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Application Data\Starware\Reference (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Application Data\Starware\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Application Data\Starware\SearchMatch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Application Data\Starware\SearchMatch\searchMatchPages (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Application Data\Starware\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Application Data\Starware\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Application Data\Starware\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Application Data\Starware\Weather (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Application Data\Starware316 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Application Data\Starware316\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Application Data\Starware316\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Application Data\Starware316\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Application Data\Starware316\Games (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Application Data\Starware316\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Application Data\Starware316\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Application Data\Starware316\Movies (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Application Data\Starware316\Reference (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Application Data\Starware316\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Application Data\Starware316\Screensavers (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Application Data\Starware316\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Application Data\Starware316\SearchAssistPlus (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Application Data\Starware316\SearchMatch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Application Data\Starware316\SearchMatch\searchMatchPages (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Application Data\Starware316\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Application Data\Starware316\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Application Data\Starware316\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Application Data\Starware316\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Application Data\Starware316\Weather (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInst (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInst\bin (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInst\Ready (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInst\temp (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInst\Upload (Adware.Comet) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Start Menu\Programs\SpyCrush\SpyCrush 3.2 Website.lnk (Rogue.SpyCrush) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Start Menu\Programs\SpyCrush\SpyCrush 3.2.lnk (Rogue.SpyCrush) -> Quarantined and deleted successfully.
C:\Documents and Settings\KEVIN\Start Menu\Programs\SpyCrush\Uninstall SpyCrush 3.2.lnk (Rogue.SpyCrush) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loader.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_def.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_def.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_def.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0001DB86 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0004A7D5 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\000D0715 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00521638.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0052186B.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00521BD6.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00521E27.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\01FF3090 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0217A3F6.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0217A8A9.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0217AC33.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0217AE08.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0217B192.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Starware\brand.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware\StarwareConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware\StarwareUninstall.exe (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware316\brand.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware316\Starware316Config.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware316\Starware316Uninstall.exe (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware316\icons\star_16.ico (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\Layouts\PreferencesLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\Layouts\PreferencesLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\Recipes\RecipesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\Recipes\RecipesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\Reference\ReferenceOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\Reference\ReferenceOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\SearchMatch\SearchMatchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\Weather\AlertArchive.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\Weather\WeatherOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware\Weather\WeatherOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\Configurator\Configurator.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\Configurator\Configurator.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\Games\GamesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\Games\GamesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\Movies\MoviesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\Movies\MoviesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\Reference\ReferenceOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\Reference\ReferenceOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\Screensavers\ScreensaversOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\SearchAssistPlus\SearchAssistPlusOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\SearchAssistPlus\SearchAssistPlusOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\SearchMatch\SearchMatchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\SearchMatch\SearchMatchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\Weather\AlertArchive.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\Weather\WeatherOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware316\Weather\WeatherOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\Layouts\PreferencesLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\Layouts\PreferencesLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\Recipes\RecipesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\Recipes\RecipesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\Reference\ReferenceOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\Reference\ReferenceOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\SearchMatch\SearchMatchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\Weather\AlertArchive.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\Weather\WeatherOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware\Weather\WeatherOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware316\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware316\Configurator\Configurator.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware316\Configurator\Configurator.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\DECLAN\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and dele

gypsylee · 03-04-2009 6:57pm

Sorry, realised too late I had posted the whole Kas log. Can't seem to just post th dleted virus/malware in the report. Sorry again.

No sound on computer

Comments