Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ads Keep Changing When Page Is Loaded


  • Please log in to reply
22 replies to this topic

#1 deadend3

deadend3

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 07 March 2008 - 11:12 AM

Hi there, ad's keep changing to the same ones, and when I load a page in IE there are several more pages open on there own with adverts on. IE takes ages to download pages now, I am using Windows XP with the series pack 2. how do I find out what I am infected with and get rid of it please ?

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:42 PM

Posted 07 March 2008 - 11:19 PM

Hello and :flowers: to BC deadend3,

Please describe the ads in more deta, what do they say, what they look like, etc. Also, please let us know by name what security programs you have installed.

At this point, I would like you to run a scan with SUPERAntiSpyware in Safe Mode. You will, of course, install it in Normal Mode. You may wish to print out these instructions or copy them to notepad so you will have them available in Safe Mode.

Download and install SUPERAntiSpyware free found here: SUPERAntiSpyware

Be sure to click on the download button to the left, not on the free trial download on the right.

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
  • Close browsers before scanning
  • Scan for tracking cookies
  • Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
Reboot into Safe Mode
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
Reboot into Normal Mode
To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
Click close and close again to exit the program.

So, in your next reply
  • let us know what your operating system is
  • describe the ads you are getting
  • name the security programs you have installed and
  • post the log from the SUPERAntiSpyware scan
Orange Blossom :thumbsup:

Edited by Orange Blossom, 07 March 2008 - 11:20 PM.
change word location

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 deadend3

deadend3
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 08 March 2008 - 03:23 AM

Thanks Orange Blossom for your reply. I have saved your instructions and will folow them on Tuesday. I am just setting off to catch a plane to Ireland for the weekend. I have norton installed on my lappy btw. My os is windows XP with the pack 2 thingy and the ads are for a poker game and dating agencies and some are just pictures of semi naked women with a play arrow in the middle like a frozen frame on a video. they not only replace other ads, they also replace any pic on a web page. they replace certain bit's on here. as I am typing the two boxes on the left of this reply box have two of the frozen video images in. if I refresh the page for a couple of seconds I see the emoticons and the quick access links, then it changes to the vids.

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:42 PM

Posted 09 March 2008 - 12:52 AM

Hello deadend3,

Thanks for the additional information.

Have a safe trip. We'll be here when you get back.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:04:42 AM

Posted 09 March 2008 - 05:23 PM

Thanks Orange Blossom for your reply. I have saved your instructions and will folow them on Tuesday. I am just setting off to catch a plane to Ireland for the weekend. I have norton installed on my lappy btw. My os is windows XP with the pack 2 thingy and the ads are for a poker game and dating agencies and some are just pictures of semi naked women with a play arrow in the middle like a frozen frame on a video. they not only replace other ads, they also replace any pic on a web page. they replace certain bit's on here. as I am typing the two boxes on the left of this reply box have two of the frozen video images in. if I refresh the page for a couple of seconds I see the emoticons and the quick access links, then it changes to the vids.



:thumbsup: sounds very 'interesting 'dont it Posted Image and remarkably like sumunt I met on another computer that too was not feeling very well ; I think it safe to say you ARE infected ;(and dear Norton strikes again)

if the computer will let you, after the super antispyware program could you try running the FREE version of asquared http://www.emsisoft.com/en/software/free/

its exe is http://download6.emsisoft.com/a2FreeSetup.exe I suggest you download it, fully update it, then reboot into safe mode and run a full deep scan with it; this may take a wee while depending on how much is on the computer ; it will produce a log, which you could kindly post back here



IF the computer will also let you you could run an on line scan from trend


http://housecall.trendmicro.com/uk/ it too could take a wee while especially on the first run to load the definitions , then to run the scan ; to state the hopefully obvious you need to stay ON line to run this scan and please let the computer run it without interruptions;

it will produce a 'report' at the end of what it finds; could you kindly post it too?

#6 deadend3

deadend3
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 10 March 2008 - 08:31 AM

Thanks for that Ruby, Norton does pick it up and deals with it but not fully, it detects 2 trojans every other day and removes them, the lappy is OK for about 4 hours then they are back again. It obviously isn't getting rid of all traces of them. Am back in the UK on Tuesday so I will do as you say then :thumbsup:

#7 deadend3

deadend3
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 11 March 2008 - 04:04 PM

Hi, here are the results from the super antispyware program, this took over 3 hours to run so I will do the other scans tomorrow if that's ok :thumbsup:



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/11/2008 at 08:50 PM

Application Version : 4.0.1154

Core Rules Database Version : 3417
Trace Rules Database Version: 1409

Scan type : Complete Scan
Total Scan Time : 03:18:12

Memory items scanned : 160
Memory threats detected : 1
Registry items scanned : 6288
Registry threats detected : 47
File items scanned : 99277
File threats detected : 197

Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\GEBYV.DLL
C:\WINDOWS\SYSTEM32\GEBYV.DLL

Adware.MyWebSearch
[MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
HKLM\Software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\Programmable
C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable
HKLM\Software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-21-3242310747-1381664494-2001036000-1007\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE

Adware.ContextHelper
HKLM\Software\Classes\CLSID\{0D39A900-0F3A-4C29-A254-3E65244FDC34}
HKCR\CLSID\{0D39A900-0F3A-4C29-A254-3E65244FDC34}
HKCR\CLSID\{0D39A900-0F3A-4C29-A254-3E65244FDC34}
HKCR\CLSID\{0D39A900-0F3A-4C29-A254-3E65244FDC34}#AppID
HKCR\CLSID\{0D39A900-0F3A-4C29-A254-3E65244FDC34}\InprocServer32
HKCR\CLSID\{0D39A900-0F3A-4C29-A254-3E65244FDC34}\InprocServer32#ThreadingModel
HKCR\CLSID\{0D39A900-0F3A-4C29-A254-3E65244FDC34}\ProgID
HKCR\CLSID\{0D39A900-0F3A-4C29-A254-3E65244FDC34}\Programmable
HKCR\CLSID\{0D39A900-0F3A-4C29-A254-3E65244FDC34}\TypeLib
HKCR\CLSID\{0D39A900-0F3A-4C29-A254-3E65244FDC34}\VersionIndependentProgID
C:\PROGRAM FILES\CONTEXTTOOL\CONTEXTTOOL-1.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}

Adware.Vundo-Variant/Small-A
HKLM\Software\Classes\CLSID\{1965b81c-d4d3-4549-92f2-0bed9cd1daf3}
HKCR\CLSID\{1965B81C-D4D3-4549-92F2-0BED9CD1DAF3}
HKCR\CLSID\{1965B81C-D4D3-4549-92F2-0BED9CD1DAF3}\InprocServer32
HKCR\CLSID\{1965B81C-D4D3-4549-92F2-0BED9CD1DAF3}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\VLWYCEWV.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1965b81c-d4d3-4549-92f2-0bed9cd1daf3}
C:\WINDOWS\SYSTEM32\ATEYEDLI.DLL
C:\WINDOWS\SYSTEM32\HVKNBHQQ.DLL
C:\WINDOWS\SYSTEM32\HVNJTUTM.DLL
C:\WINDOWS\SYSTEM32\JFUTPFQY.DLL
C:\WINDOWS\SYSTEM32\JLDIGAQI.DLL
C:\WINDOWS\SYSTEM32\UBAJQEJC.DLL
C:\WINDOWS\SYSTEM32\VSELPJVP.DLL
C:\WINDOWS\SYSTEM32\YSTAPNWM.DLL

Trojan.WinFixer
HKLM\Software\Classes\CLSID\{2F8321FE-5E8B-41FF-B1D0-68EEBF32F90F}
HKCR\CLSID\{2F8321FE-5E8B-41FF-B1D0-68EEBF32F90F}
HKCR\CLSID\{2F8321FE-5E8B-41FF-B1D0-68EEBF32F90F}\InprocServer32
HKCR\CLSID\{2F8321FE-5E8B-41FF-B1D0-68EEBF32F90F}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F8321FE-5E8B-41FF-B1D0-68EEBF32F90F}

Adware.Tracking Cookie
C:\Documents and Settings\Paul\Cookies\paul@ads.vlaze[1].txt
C:\Documents and Settings\Paul\Cookies\paul@192com.112.2o7[1].txt
C:\Documents and Settings\Paul\Cookies\paul@tradedoubler[2].txt
C:\Documents and Settings\Paul\Cookies\paul@ad1.emediate[1].txt
C:\Documents and Settings\Paul\Cookies\paul@pacificpoker[1].txt
C:\Documents and Settings\Paul\Cookies\paul@doubleclick[2].txt
C:\Documents and Settings\Paul\Cookies\paul@ad.zanox[2].txt
C:\Documents and Settings\Paul\Cookies\paul@ads.cartoonnetwork[2].txt
C:\Documents and Settings\Paul\Cookies\paul@clickbank[1].txt
C:\Documents and Settings\Paul\Cookies\paul@a[2].txt
C:\Documents and Settings\Paul\Cookies\paul@linksynergy[4].txt
C:\Documents and Settings\Paul\Cookies\paul@carphonewarehouse.112.2o7[1].txt
C:\Documents and Settings\Paul\Cookies\paul@cassava[1].txt
C:\Documents and Settings\Paul\Cookies\paul@atdmt[2].txt
C:\Documents and Settings\Paul\Cookies\paul@adviva[2].txt
C:\Documents and Settings\Paul\Cookies\paul@adnetserver[1].txt
C:\Documents and Settings\Paul\Cookies\paul@systemerrorfixer[1].txt
C:\Documents and Settings\Paul\Cookies\paul@www.clash-media[1].txt
C:\Documents and Settings\Paul\Cookies\paul@azjmp[2].txt
C:\Documents and Settings\Paul\Cookies\paul@msnportal.112.2o7[1].txt
C:\Documents and Settings\Paul\Cookies\paul@premiumtv.122.2o7[1].txt
C:\Documents and Settings\Paul\Cookies\paul@s[1].txt
C:\Documents and Settings\Paul\Cookies\paul@xiti[1].txt
C:\Documents and Settings\Paul\Cookies\paul@advertising[3].txt
C:\Documents and Settings\Paul\Cookies\paul@adserver[1].txt
C:\Documents and Settings\Paul\Cookies\paul@zedo[2].txt
C:\Documents and Settings\Paul\Cookies\paul@tacoda[2].txt
C:\Documents and Settings\Paul\Cookies\paul@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Paul\Cookies\paul@adserver.mediarun[1].txt
C:\Documents and Settings\Paul\Cookies\paul@aff.primaryads.co[2].txt
C:\Documents and Settings\Paul\Cookies\paul@bestsellerantivirus[1].txt
C:\Documents and Settings\Paul\Cookies\paul@optimost[2].txt
C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wfloqmdpgko.stats.esomniture[1].txt
C:\Documents and Settings\Paul\Cookies\paul@ads.pointroll[2].txt
C:\Documents and Settings\Paul\Cookies\paul@mediaplex[2].txt
C:\Documents and Settings\Paul\Cookies\paul@maxserving[1].txt
C:\Documents and Settings\Paul\Cookies\paul@date.ventivmedia[2].txt
C:\Documents and Settings\Paul\Cookies\paul@serving-sys[2].txt
C:\Documents and Settings\Paul\Cookies\paul@adbrite[2].txt
C:\Documents and Settings\Paul\Cookies\paul@ads.turner[1].txt
C:\Documents and Settings\Paul\Cookies\paul@mediatraffic[1].txt
C:\Documents and Settings\Paul\Cookies\paul@888[1].txt
C:\Documents and Settings\Paul\Cookies\paul@adecn[1].txt
C:\Documents and Settings\Paul\Cookies\paul@ehg-legonewyorkinc.hitbox[1].txt
C:\Documents and Settings\Paul\Cookies\paul@mywebsearch[1].txt
C:\Documents and Settings\Paul\Cookies\paul@media.adrevolver[1].txt
C:\Documents and Settings\Paul\Cookies\paul@pinnaclesystems.122.2o7[1].txt
C:\Documents and Settings\Paul\Cookies\paul@ad.yieldmanager[1].txt
C:\Documents and Settings\Paul\Cookies\paul@b2adz[1].txt
C:\Documents and Settings\Paul\Cookies\paul@006.free-counters.co[2].txt
C:\Documents and Settings\Paul\Cookies\paul@pcantiviruspro[1].txt
C:\Documents and Settings\Paul\Cookies\paul@bluestreak[2].txt
C:\Documents and Settings\Paul\Cookies\paul@stats.sellmosoft[1].txt
C:\Documents and Settings\Paul\Cookies\paul@interclick[2].txt
C:\Documents and Settings\Paul\Cookies\paul@revsci[1].txt
C:\Documents and Settings\Paul\Cookies\paul@sale.bestsellerantivirus[2].txt
C:\Documents and Settings\Paul\Cookies\paul@sale.antispywaresuite[1].txt
C:\Documents and Settings\Paul\Cookies\paul@tribalfusion[2].txt
C:\Documents and Settings\Paul\Cookies\paul@gamefinder.disney.go[1].txt
C:\Documents and Settings\Paul\Cookies\paul@stat.easydate[1].txt
C:\Documents and Settings\Paul\Cookies\paul@192[1].txt
C:\Documents and Settings\Paul\Cookies\paul@msnaccountservices.112.2o7[1].txt
C:\Documents and Settings\Paul\Cookies\paul@adserver.easyad[1].txt
C:\Documents and Settings\Paul\Cookies\paul@casalemedia[1].txt
C:\Documents and Settings\Paul\Cookies\paul@adrevolver[1].txt
C:\Documents and Settings\Paul\Cookies\paul@bs.serving-sys[1].txt
C:\Documents and Settings\Paul\Cookies\paul@adrevolver[3].txt
C:\Documents and Settings\Paul\Cookies\paul@fastclick[1].txt
C:\Documents and Settings\Paul\Cookies\paul@apmebf[2].txt
C:\Documents and Settings\Paul\Cookies\paul@anat.tacoda[1].txt
C:\Documents and Settings\Paul\Cookies\paul@videoegg.adbureau[2].txt
C:\Documents and Settings\Paul\Cookies\paul@ehg-ioffer.hitbox[1].txt
C:\Documents and Settings\Paul\Cookies\paul@goclick[2].txt
C:\Documents and Settings\Paul\Cookies\paul@a[1].txt
C:\Documents and Settings\Paul\Cookies\paul@adrevenue[2].txt
C:\Documents and Settings\Paul\Cookies\paul@2o7[2].txt
C:\Documents and Settings\Paul\Cookies\paul@antispywaresuite[1].txt
C:\Documents and Settings\Paul\Cookies\paul@adtech[1].txt
C:\Documents and Settings\Paul\Cookies\paul@atwola[1].txt
C:\Documents and Settings\Paul\Cookies\paul@fortunecity[1].txt
C:\Documents and Settings\Paul\Cookies\paul@server.iad.liveperson[1].txt
C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wdkiuocjelp.stats.esomniture[1].txt
C:\Documents and Settings\Paul\Cookies\paul@realmedia[1].txt
C:\Documents and Settings\Paul\Cookies\paul@sale.pcantiviruspro[2].txt
C:\Documents and Settings\Paul\Cookies\paul@burstnet[1].txt
C:\Documents and Settings\Paul\Cookies\paul@banner.32vegas[1].txt
C:\Documents and Settings\Paul\Cookies\paul@advancedcleaner[1].txt
C:\Documents and Settings\Paul\Cookies\paul@www.burstnet[1].txt
C:\Documents and Settings\Paul\Cookies\paul@adopt.euroclick[1].txt
C:\Documents and Settings\Paul\Cookies\paul@edge.ru4[2].txt
C:\Documents and Settings\Paul\Cookies\paul@adultfriendfinder[1].txt
C:\Documents and Settings\Paul\Cookies\paul@statcounter[2].txt
C:\Documents and Settings\Paul\Cookies\paul@statse.webtrendslive[1].txt
C:\Documents and Settings\Paul\Cookies\paul@eas.apm.emediate[2].txt
C:\Documents and Settings\Paul\Cookies\paul@specificclick[2].txt
C:\Documents and Settings\Paul\Cookies\paul@www.admedia365[2].txt
C:\Documents and Settings\Paul\Cookies\paul@secure.advancedcleaner[2].txt
C:\Documents and Settings\Paul\Cookies\paul@servedby.adxpower[2].txt
C:\Documents and Settings\Paul\Cookies\paul@www.ticketsnow2[1].txt
C:\Documents and Settings\Paul\Cookies\paul@americanexpress.122.2o7[1].txt
C:\Documents and Settings\Paul\Cookies\paul@53858341[2].txt
C:\Documents and Settings\Paul\Cookies\paul@enhance[2].txt
C:\Documents and Settings\Paul\Cookies\paul@secure.systemerrorfixer[1].txt
C:\Documents and Settings\Paul\Cookies\paul@advertising[2].txt
C:\Documents and Settings\Paul\Cookies\paul@linksynergy[2].txt
C:\Documents and Settings\Paul\Cookies\paul@linksynergy[3].txt

Trojan.Downloader-Gen/MROFIN
C:\WINDOWS\MROFINU1188.EXE.TMP

Adware.Vundo-Variant/PolyMorph-A
C:\WINDOWS\SYSTEM32\CBXVTRR.DLL
C:\WINDOWS\SYSTEM32\DDCAYVW.DLL
C:\WINDOWS\SYSTEM32\WVUSRRS.DLL

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\DCBEG.INI
C:\WINDOWS\SYSTEM32\DCBEG.INI2
C:\WINDOWS\SYSTEM32\MCRH.TMP
C:\WINDOWS\SYSTEM32\VYBEG.INI

Trace.Known Threat Sources
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\QPSXKPQH\styles[2].css
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\AVUZW36B\i605_main[1].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\K1AZCX2F\CA33PDXH.htm
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\5TG63FDD\CAIF81A3.php
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\15DIVZXY\browserdetect[2].js
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\IYBR90BN\fileslist[2].js
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\AVUZW36B\crypt[1].htm
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\AVUZW36B\lupa[1].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\39TBYAM5\closebutton[1].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\DP72OFA3\Activex[1].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\DP72OFA3\progressbar[2].js
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\452NG5IF\common[2].js
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9J3L7LV0\secpanel[1].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\K1AZCX2F\i605_bar[1].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\O1EZ85Q9\window[1].js
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\W1UR41A7\buttonbg[1].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\15DIVZXY\styles[1].css
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\O1EZ85Q9\pbbg[1].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\AVUZW36B\i35_no_flash[1].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\AVUZW36B\disc-cd[1].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\KNMRWPS5\i35_icon1[1].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\5TG63FDD\i35_btn5[1].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\24IPRDOC\CA8LE349.
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\DP72OFA3\window[1].js
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\8X2N4PUZ\progressbar[2].js
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\15DIVZXY\managers[1].htm
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\IYBR90BN\pbmarker[2].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\452NG5IF\stats[1].jpg
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\O1EZ85Q9\index[1].htm
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\KDENGTIB\i35_bg3[1].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\DP72OFA3\i35_btn6[1].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\452NG5IF\i35_icon3[1].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\24IPRDOC\i35_bg1[1].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\W1UR41A7\i605_button[1].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9J3L7LV0\ajax[1].htm
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\39TBYAM5\CANLLFQQ.php
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\KDENGTIB\shieldred[1].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\39TBYAM5\errorhandler[1].htm
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\QPSXKPQH\i35_btn2[1].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\KNMRWPS5\spyware[1].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\24IPRDOC\alert[1].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\W1UR41A7\pbbg[1].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\O1EZ85Q9\i35_icon2[1].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\IYBR90BN\CAKH8JW7.htm
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\QPSXKPQH\managers[1].htm
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\8X2N4PUZ\i35_btn3[1].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\5TG63FDD\common[2].js
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\DP72OFA3\errorhandler[1].htm
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\W1UR41A7\kluch[1].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\DP72OFA3\ax[1].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\KNMRWPS5\closebutton[1].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\15DIVZXY\logo2[1].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\IYBR90BN\index[1].htm
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\IYBR90BN\ajax[1].htm
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\452NG5IF\buttonbg[1].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\W1UR41A7\i35_icon4[1].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9J3L7LV0\stats[1].jpg
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\QPSXKPQH\pbmarker[1].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\K1AZCX2F\i35_btn1[1].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\5TG63FDD\CAGPQJ8L.htm
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\15DIVZXY\i35_line2[1].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\39TBYAM5\i35_btn4[1].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\5TG63FDD\crypt[1].htm
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\8X2N4PUZ\i35_bg-btn1[1].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\QPSXKPQH\i35_spacer[1].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\24IPRDOC\i35_bg-btn2[1].gif
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\AVUZW36B\CASRDJ6Y.htm
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9J3L7LV0\i35_line1[1].gif

#8 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:04:42 AM

Posted 11 March 2008 - 06:05 PM

ouchPosted Image
please let us know when you have managed to complete the other scans which I would expect to produce some interesting results too :thumbsup:



once those results are reported on here, I suspect you will be asked to run some specialist tools under guidance from the authorised Specialists on here .........................so be prepared Posted Image

#9 deadend3

deadend3
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 11 March 2008 - 06:30 PM

Hi Ruby, I managed to run the first of those scans you asked me to. This one took about 3 hours too so I will run the other one tomorrow, it's just about bed time now :thumbsup:

a-squared Free - Version 3.1
Last update: 11/03/2008 21:23:37

Scan settings:

Objects: Memory, Traces, Cookies, C:\
Scan archives: On
Heuristics: On
ADS Scan: On

Scan start: 11/03/2008 21:25:14

[224] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoestb.dll detected: Riskware.AdTool.Win32.MyWebSearch
[1760] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe detected: Adware.Win32.MyWebSearch
[1760] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoestb.dll detected: Riskware.AdTool.Win32.MyWebSearch
[1940] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoestb.dll detected: Riskware.AdTool.Win32.MyWebSearch
[1940] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL detected: Riskware.AdTool.Win32.MyWebSearch.au
[156] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoestb.dll detected: Riskware.AdTool.Win32.MyWebSearch
[3836] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoestb.dll detected: Riskware.AdTool.Win32.MyWebSearch
[2240] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoestb.dll detected: Riskware.AdTool.Win32.MyWebSearch
[3212] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoestb.dll detected: Riskware.AdTool.Win32.MyWebSearch
c:\program files\funwebproducts detected: Trace.Directory.FunWebProducts
c:\program files\funwebproducts\screensaver detected: Trace.Directory.MyWebSearch Toolbar
c:\program files\funwebproducts\screensaver\images detected: Trace.Directory.MyWebSearch Toolbar
c:\program files\funwebproducts\shared detected: Trace.Directory.MyWebSearch Toolbar
c:\program files\funwebproducts\shared\cache detected: Trace.Directory.MyWebSearch Toolbar
c:\program files\mywebsearch\bar detected: Trace.Directory.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\1.bin detected: Trace.Directory.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\avatar detected: Trace.Directory.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\cache detected: Trace.Directory.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\game detected: Trace.Directory.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\history detected: Trace.Directory.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\settings detected: Trace.Directory.MyWebSearch Toolbar
c:\program files\mywebsearch\srchastt detected: Trace.Directory.MyWebSearch Toolbar
c:\program files\mywebsearch\srchastt\1.bin detected: Trace.Directory.MyWebSearch Toolbar
c:\program files\mywebsearch detected: Trace.Directory.MyWebSearchToobar
c:\program files\mywebsearch detected: Trace.Directory.MyWebSearchToolbar
c:\program files\funwebproducts\shared\cache\cursormaniabtn.html detected: Trace.File.MyWebSearch Toolbar
c:\program files\funwebproducts\shared\cache\funbuddyiconbtn.html detected: Trace.File.MyWebSearch Toolbar
c:\program files\funwebproducts\shared\cache\myfuncardsimbtn.html detected: Trace.File.MyWebSearch Toolbar
c:\program files\funwebproducts\shared\cache\smileycentralbtn.html detected: Trace.File.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\1.bin\f3bkgerr.jpg detected: Trace.File.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\1.bin\f3brovly.dll detected: Trace.File.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\1.bin\f3cjpeg.dll detected: Trace.File.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\1.bin\f3dtactl.dll detected: Trace.File.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\1.bin\f3histsw.dll detected: Trace.File.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\1.bin\f3htmlmu.dll detected: Trace.File.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\1.bin\f3httpct.dll detected: Trace.File.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\1.bin\f3imstub.dll detected: Trace.File.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\1.bin\f3popswt.dll detected: Trace.File.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\1.bin\f3reprox.dll detected: Trace.File.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\1.bin\f3scrctr.dll detected: Trace.File.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\1.bin\f3shllvw.dll detected: Trace.File.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\1.bin\f3spacer.wmv detected: Trace.File.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\1.bin\f3wallpp.dat detected: Trace.File.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\1.bin\f3wphook.dll detected: Trace.File.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\1.bin\m3ffxtbr.jar detected: Trace.File.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\1.bin\m3ffxtbr.manifest detected: Trace.File.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\1.bin\m3html.dll detected: Trace.File.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\1.bin\m3impipe.exe detected: Trace.File.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\1.bin\m3msg.dll detected: Trace.File.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\1.bin\m3ntstbr.jar detected: Trace.File.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\1.bin\m3ntstbr.manifest detected: Trace.File.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\1.bin\m3outlcn.dll detected: Trace.File.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\1.bin\m3skin.dll detected: Trace.File.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\1.bin\m3skplay.exe detected: Trace.File.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\1.bin\mwsbar.dll detected: Trace.File.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\1.bin\mwsoemon.exe detected: Trace.File.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\1.bin\mwsoeplg.dll detected: Trace.File.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\avatar\common.f3s detected: Trace.File.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\cache\files.ini detected: Trace.File.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\game\checkers.f3s detected: Trace.File.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\game\chess.f3s detected: Trace.File.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\game\reversi.f3s detected: Trace.File.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\history\search2 detected: Trace.File.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\settings\prevcfg2.htm detected: Trace.File.MyWebSearch Toolbar
c:\program files\mywebsearch\bar\settings\s_pid.dat detected: Trace.File.MyWebSearch Toolbar
c:\windows\system32\f3pssavr.scr detected: Trace.File.MyWebSearchToobar
c:\windows\system32\f3pssavr.scr detected: Trace.File.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{9afb8248-617f-460d-9366-d71cdeda3179} detected: Trace.Registry.FunWebProducts
Key: HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 detected: Trace.Registry.FunWebProducts
Key: HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler detected: Trace.Registry.FunWebProducts
Key: HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 detected: Trace.Registry.FunWebProducts
Key: HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar detected: Trace.Registry.FunWebProducts
Key: HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 detected: Trace.Registry.FunWebProducts
Key: HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 detected: Trace.Registry.FunWebProducts
Key: HKEY_CLASSES_ROOT\funwebproducts.htmlmenu detected: Trace.Registry.FunWebProducts
Key: HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 detected: Trace.Registry.FunWebProducts
Key: HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager detected: Trace.Registry.FunWebProducts
Key: HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 detected: Trace.Registry.FunWebProducts
Key: HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton detected: Trace.Registry.FunWebProducts
Key: HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 detected: Trace.Registry.FunWebProducts
Key: HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol detected: Trace.Registry.FunWebProducts
Key: HKEY_CLASSES_ROOT\interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} detected: Trace.Registry.FunWebProducts
Key: HKEY_CLASSES_ROOT\typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} detected: Trace.Registry.FunWebProducts
Key: HKEY_CLASSES_ROOT\typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} detected: Trace.Registry.FunWebProducts
Key: HKEY_LOCAL_MACHINE\software\fun web products detected: Trace.Registry.FunWebProducts
Key: HKEY_LOCAL_MACHINE\software\funwebproducts detected: Trace.Registry.FunWebProducts
Value: HKEY_USERS\S-1-5-21-3242310747-1381664494-2001036000-1007\Software\Fun Web Products\Data --> DataDir detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_USERS\S-1-5-21-3242310747-1381664494-2001036000-1007\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> DisplayName detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_USERS\S-1-5-21-3242310747-1381664494-2001036000-1007\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> URL detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_USERS\S-1-5-21-3242310747-1381664494-2001036000-1007\Software\MyWebSearch\bar --> MenuExtLabel detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> aim.exe detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> icq.exe detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> icqlite.exe detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> incmail.exe detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> msimn.exe detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> msmsgs.exe detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> msn.exe detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> msnmsgr.exe detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> mwsSrcAs.dll detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> outlook.exe detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> waol.exe detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches --> ypager.exe detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Email-IM\0 --> AppName detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Email-IM\0 --> Path detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Email-IM\0 --> Toolbar detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Outlook --> MyWebSearch.OutlookAddin detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\MSNMessenger --> DLLDir detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\MSNMessenger --> DLLFile detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\ScreenSaver --> ImagesDir detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn --> ETag detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn --> HTMLMenuRevision detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn --> LastHTMLMenuURL detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\FunBuddyIconBtn --> ETag detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\FunBuddyIconBtn --> HTMLMenuRevision detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\FunBuddyIconBtn --> LastHTMLMenuURL detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn --> ETag detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn --> HTMLMenuRevision detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn --> LastHTMLMenuURL detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyFreqNone detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyFreqUninstalled detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyTextNone.0 detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyTextNone.numActive detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyTextUninstalled.0 detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> BuddyTextUninstalled.numActive detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> MSN.1 detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> MSN.2 detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> MSN.numActive detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos --> MSN.numActive2 detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn --> ETag detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn --> HTMLMenuPosDeleted detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn --> HTMLMenuRevision detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn --> LastHTMLMenuURL detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products --> CacheDir detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products --> JpegConversionLib detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer --> CacheDir detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer --> CheckForConnection detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer --> CurInstall detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer --> Dir detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer --> pl detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer --> sr detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\DownloadInformation --> CODEBASE detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\DownloadInformation --> INF detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\InstalledVersion --> LastModified detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} --> Installer detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} --> SystemComponent detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> DisplayName detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> URL detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin --> Description detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin --> FriendlyName detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin --> LoadBehavior detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin --> Description detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin --> FriendlyName detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin --> LoadBehavior detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\sources --> f3PopularScreensavers detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run --> My Web Search Bar detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run --> MyWebSearch Email Plugin detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall --> DisplayName detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall --> HelpLink detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall --> Publisher detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall --> UninstallString detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall --> UrlInfoAbout detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> CacheDir detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> ConfigDateStamp detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> ConfigRevision detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> ConfigRevisionURL detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> CurInstall detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> Dir detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> Flags detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> HistoryDir detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> HTMLMenuRevision detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> Id detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> LastConfigRequest detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> NextConfigRequest detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> pid detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> pl detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> PluginPath detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> SettingsDir detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> sr detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> sscLabel detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> sscSet detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> sscURL detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> un detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar --> Visible detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEMON --> Version detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> AIM.0.old detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> AIM.1.old detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> AIM.numActive detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> AIM.numActive2 detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> AIMT.0 detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> AIMT.1 detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> AIMT.numActive2 detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> GoogleTalkHTML.0 detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> GoogleTalkHTML.1 detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> GoogleTalkHTML.numActive2 detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> Yahoo.0.old detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> Yahoo.1.old detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> Yahoo.2.old detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> Yahoo.3.old detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> Yahoo.4.old detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> Yahoo.5.old detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> Yahoo.numActive detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo --> Yahoo.numActive2 detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG --> Path detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG --> StandardSmileyDir.AIM detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG --> Version detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\OEHosts --> boscript detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\OEHosts --> Windows2 detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\OEHosts --> Windows3 detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\OEHosts --> Windows4 detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\OEHosts --> Windows5 detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\OEHosts --> Windows6 detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\OEHosts --> Windows7 detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> ABS detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> ConfigDateStamp detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> CurInstall detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> DES detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> Dir detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> eintl detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> esh detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> Id detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> LastRequest detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> lsp detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> NextRequest detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> pid detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> pl detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant --> sr detected: Trace.Registry.MyWebSearch Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SkinTools --> PlayerPath detected: Trace.Registry.MyWebSearch Toolbar
Key: HKEY_CLASSES_ROOT\clsid\{00a6faf6-072e-44cf-8957-5838f569a31d} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{07b18ea1-a523-4961-b6bb-170de4475cca} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{07b18eab-a523-4961-b6bb-170de4475cca} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{147a976f-eee1-4377-8ea7-4716e4cdd239} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{25560540-9571-4d7b-9389-0f166788785a} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{3e720452-b472-4954-b7aa-33069eb53906} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{53ced2d0-5e9a-4761-9005-648404e6f7e5} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{8e6f1832-9607-4440-8530-13be7c4b1d14} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{938aa51a-996c-4884-98ce-80dd16a5c9da} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{98d9753d-d73b-42d5-8c85-4469cda897ab} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{9ff05104-b030-46fc-94b8-81276e4e27df} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{a4730ebe-43a6-443e-9776-36915d323ad3} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{a9571378-68a1-443d-b082-284f960c6d17} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{b813095c-81c0-4e40-aa14-67520372b987} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{cff4ce82-3aa2-451f-9b77-7165605fb835} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{d9fffb27-d62a-4d64-8cec-1ff006528805} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{07b18eaa-a523-4961-b6bb-170de4475cca} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{07b18eac-a523-4961-b6bb-170de4475cca} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{1093995a-ba37-41d2-836e-091067c4ad17} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{120927bf-1700-43bc-810f-fab92549b390} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{1f52a5fa-a705-4415-b975-88503b291728} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{3e720451-b472-4954-b7aa-33069eb53906} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{3e720453-b472-4954-b7aa-33069eb53906} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{90449521-d834-4703-bb4e-d3aa44042ff8} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{991aac62-b100-47ce-8b75-253965244f69} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\mywebsearch.htmlpanel detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\mywebsearch.outlookaddin detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\typelib\{3e720450-b472-4954-b7aa-33069eb53906} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\typelib\{e47caee0-deea-464a-9326-3f2801535a4d} detected: Trace.Registry.MyWebSearchToobar
Value: HKEY_USERS\S-1-5-21-3242310747-1381664494-2001036000-1007\software\microsoft\internet explorer\urlsearchhooks --> {00a6faf6-072e-44cf-8957-5838f569a31d} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_USERS\S-1-5-21-3242310747-1381664494-2001036000-1007\software\mywebsearch detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_LOCAL_MACHINE\software\microsoft\office\outlook\addins\mywebsearch.outlookaddin detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_LOCAL_MACHINE\software\microsoft\office\word\addins\mywebsearch.outlookaddin detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{07b18ea1-a523-4961-b6bb-170de4475cca} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\mywebsearch bar uninstall detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_LOCAL_MACHINE\software\mywebsearch detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{00a6faf6-072e-44cf-8957-5838f569a31d} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{07b18ea1-a523-4961-b6bb-170de4475cca} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{07b18eab-a523-4961-b6bb-170de4475cca} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{147a976f-eee1-4377-8ea7-4716e4cdd239} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{25560540-9571-4d7b-9389-0f166788785a} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{3e720452-b472-4954-b7aa-33069eb53906} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{53ced2d0-5e9a-4761-9005-648404e6f7e5} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{8e6f1832-9607-4440-8530-13be7c4b1d14} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{938aa51a-996c-4884-98ce-80dd16a5c9da} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{98d9753d-d73b-42d5-8c85-4469cda897ab} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{9ff05104-b030-46fc-94b8-81276e4e27df} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{a4730ebe-43a6-443e-9776-36915d323ad3} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{a9571378-68a1-443d-b082-284f960c6d17} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{b813095c-81c0-4e40-aa14-67520372b987} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{cff4ce82-3aa2-451f-9b77-7165605fb835} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\clsid\{d9fffb27-d62a-4d64-8cec-1ff006528805} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{07b18eaa-a523-4961-b6bb-170de4475cca} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{07b18eac-a523-4961-b6bb-170de4475cca} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{1093995a-ba37-41d2-836e-091067c4ad17} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{120927bf-1700-43bc-810f-fab92549b390} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{1f52a5fa-a705-4415-b975-88503b291728} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{3e720451-b472-4954-b7aa-33069eb53906} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{3e720453-b472-4954-b7aa-33069eb53906} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{90449521-d834-4703-bb4e-d3aa44042ff8} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{991aac62-b100-47ce-8b75-253965244f69} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\mywebsearch.htmlpanel detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\mywebsearch.outlookaddin detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\typelib\{3e720450-b472-4954-b7aa-33069eb53906} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_CLASSES_ROOT\typelib\{e47caee0-deea-464a-9326-3f2801535a4d} detected: Trace.Registry.MyWebSearchToolbar
Value: HKEY_USERS\S-1-5-21-3242310747-1381664494-2001036000-1007\software\microsoft\internet explorer\urlsearchhooks --> {00a6faf6-072e-44cf-8957-5838f569a31d} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_USERS\S-1-5-21-3242310747-1381664494-2001036000-1007\software\mywebsearch detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_LOCAL_MACHINE\software\microsoft\office\outlook\addins\mywebsearch.outlookaddin detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_LOCAL_MACHINE\software\microsoft\office\word\addins\mywebsearch.outlookaddin detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{07b18ea1-a523-4961-b6bb-170de4475cca} detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\mywebsearch bar uninstall detected: Trace.Registry.MyWebSearchToolbar
Key: HKEY_LOCAL_MACHINE\software\mywebsearch detected: Trace.Registry.MyWebSearchToolbar
c:\program files\mywebsearch\bar\message detected: Trace.Directory.Zwinky Toolbar
c:\program files\mywebsearch\bar\notifier detected: Trace.Directory.Zwinky Toolbar
c:\program files\mywebsearch\bar\1.bin\f3htmlmu.dll detected: Trace.File.Zwinky Toolbar
c:\program files\mywebsearch\bar\1.bin\m3slsrch.exe detected: Trace.File.Zwinky Toolbar
c:\program files\mywebsearch\bar\1.bin\m3srchmn.exe detected: Trace.File.Zwinky Toolbar
c:\program files\mywebsearch\bar\settings\prevcfg2.htm detected: Trace.File.Zwinky Toolbar
c:\program files\mywebsearch\bar\settings\s_pid.dat detected: Trace.File.Zwinky Toolbar
c:\program files\mywebsearch\srchastt\1.bin\mwssrcas.dll detected: Trace.File.Zwinky Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WR --> cmd detected: Trace.Registry.BitTorrent Smart
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WR --> configversion detected: Trace.Registry.BitTorrent Smart
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WR --> i detected: Trace.Registry.BitTorrent Smart
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WR --> nextupdate detected: Trace.Registry.BitTorrent Smart
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WR --> p detected: Trace.Registry.BitTorrent Smart
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WR --> version detected: Trace.Registry.BitTorrent Smart
Value: HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_CLASSES_ROOT\CLSID\{2EFF3CF7-99C1-4c29-BC2B-68E057E22340}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_CLASSES_ROOT\CLSID\{A6573479-9075-4A65-98A6-19FD29CF7374}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_CLASSES_ROOT\CLSID\{D778513B-1C40-4819-B0C5-49E40B39AFD0}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EFF3CF7-99C1-4c29-BC2B-68E057E22340}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6573479-9075-4A65-98A6-19FD29CF7374}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D778513B-1C40-4819-B0C5-49E40B39AFD0}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run --> My Web Search Bar detected: Trace.Registry.Zwinky Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run --> MyWebSearch Email Plugin detected: Trace.Registry.Zwinky Toolbar
c:\program files\napster detected: Trace.Directory.Napster
c:\program files\napster\nmsubscriptionstub.dll detected: Trace.File.Napster
Value: HKEY_CLASSES_ROOT\CLSID\{C1B8CE59-7FE5-4316-8803-712EC96EA636}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Napster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1B8CE59-7FE5-4316-8803-712EC96EA636}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Napster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1} --> AuthorizedCDFPrefix detected: Trace.Registry.Napster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1} --> Comments detected: Trace.Registry.Napster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1} --> Contact detected: Trace.Registry.Napster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1} --> DisplayName detected: Trace.Registry.Napster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1} --> DisplayVersion detected: Trace.Registry.Napster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1} --> EstimatedSize detected: Trace.Registry.Napster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1} --> HelpLink detected: Trace.Registry.Napster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1} --> HelpTelephone detected: Trace.Registry.Napster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1} --> InstallDate detected: Trace.Registry.Napster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1} --> InstallLocation detected: Trace.Registry.Napster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1} --> InstallSource detected: Trace.Registry.Napster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1} --> Language detected: Trace.Registry.Napster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1} --> ModifyPath detected: Trace.Registry.Napster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1} --> Publisher detected: Trace.Registry.Napster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1} --> Readme detected: Trace.Registry.Napster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1} --> Size detected: Trace.Registry.Napster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1} --> SystemComponent detected: Trace.Registry.Napster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1} --> UninstallString detected: Trace.Registry.Napster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1} --> URLInfoAbout detected: Trace.Registry.Napster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1} --> URLUpdateInfo detected: Trace.Registry.Napster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1} --> Version detected: Trace.Registry.Napster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1} --> VersionMajor detected: Trace.Registry.Napster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1} --> VersionMinor detected: Trace.Registry.Napster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1} --> WindowsInstaller detected: Trace.Registry.Napster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Napster\Client --> AffiliateId detected: Trace.Registry.Napster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Napster\Client --> CurrentUser detected: Trace.Registry.Napster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Napster\Client --> RegistrationURL detected: Trace.Registry.Napster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Napster\Common --> ExternalLinkHandler detected: Trace.Registry.Napster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Napster\Common --> ExternalLinkHandlerParams detected: Trace.Registry.Napster
C:\Documents and Settings\Paul\Cookies\paul@commercialbreaksandbeats.co[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Paul\Cookies\paul@link[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Paul\Cookies\paul@rubiconproject[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\obevejs0.default\cookies.txt:32 detected: Trace.TrackingCookie
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\obevejs0.default\cookies.txt:36 detected: Trace.TrackingCookie
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\obevejs0.default\cookies.txt:37 detected: Trace.TrackingCookie
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\obevejs0.default\cookies.txt:38 detected: Trace.TrackingCookie
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\obevejs0.default\cookies.txt:39 detected: Trace.TrackingCookie
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\obevejs0.default\cookies.txt:40 detected: Trace.TrackingCookie
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\obevejs0.default\cookies.txt:41 detected: Trace.TrackingCookie
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\obevejs0.default\cookies.txt:55 detected: Trace.TrackingCookie
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\obevejs0.default\cookies.txt:113 detected: Trace.TrackingCookie
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\obevejs0.default\cookies.txt:114 detected: Trace.TrackingCookie
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\obevejs0.default\cookies.txt:115 detected: Trace.TrackingCookie
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\obevejs0.default\cookies.txt:123 detected: Trace.TrackingCookie
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\obevejs0.default\cookies.txt:124 detected: Trace.TrackingCookie
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\obevejs0.default\cookies.txt:146 detected: Trace.TrackingCookie
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\obevejs0.default\cookies.txt:147 detected: Trace.TrackingCookie
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\obevejs0.default\cookies.txt:148 detected: Trace.TrackingCookie
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\obevejs0.default\cookies.txt:149 detected: Trace.TrackingCookie
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\obevejs0.default\cookies.txt:150 detected: Trace.TrackingCookie
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\obevejs0.default\cookies.txt:157 detected: Trace.TrackingCookie
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\obevejs0.default\cookies.txt:167 detected: Trace.TrackingCookie
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\obevejs0.default\cookies.txt:227 detected: Trace.TrackingCookie
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\obevejs0.default\cookies.txt:234 detected: Trace.TrackingCookie
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\obevejs0.default\cookies.txt:235 detected: Trace.TrackingCookie
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\obevejs0.default\cookies.txt:236 detected: Trace.TrackingCookie
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\obevejs0.default\cookies.txt:238 detected: Trace.TrackingCookie
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\obevejs0.default\cookies.txt:239 detected: Trace.TrackingCookie
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\obevejs0.default\cookies.txt:284 detected: Trace.TrackingCookie
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\obevejs0.default\cookies.txt:285 detected: Trace.TrackingCookie
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\obevejs0.default\cookies.txt:286 detected: Trace.TrackingCookie
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\obevejs0.default\cookies.txt:287 detected: Trace.TrackingCookie
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\obevejs0.default\cookies.txt:288 detected: Trace.TrackingCookie
C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\obevejs0.default\cookies.txt:297 detected: Trace.TrackingCookie
C:\Documents and Settings\Paul\My Documents\My Pictures\new tags\PLAY_MP3.exe detected: Adware.Win32.Agent.zk
C:\Documents and Settings\Paul\My Documents\My Pictures\new tags\videos_en-gb.exe detected: Adware.Win32.Comet.bg
C:\Program Files\alot\alotUninst.exe detected: Adware.Win32.Comet.bg
C:\Program Files\Internet Explorer\msimg32.dll detected: Riskware.AdTool.Win32.MyWebSearch.au
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll detected: Riskware.AdTool.Win32.MyWebSearch.i
C:\Program Files\Mozilla Firefox\SmitfraudFix\Process.exe detected: Riskware.RiskTool.Win32.Processor.20
C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe detected: Riskware.RiskTool.Win32.Reboot.f
C:\Program Files\MSN Messenger\msimg32.dll detected: Riskware.AdTool.Win32.MyWebSearch.au
C:\Program Files\MSN Messenger\riched20.dll detected: Adware.Win32.MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL detected: Riskware.AdTool.Win32.MyWebSearch.at
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL detected: Adware.Win32.MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL detected: Riskware.AdTool.Win32.MyWebSearch.l
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL detected: Adware.Win32.MyWebSearch.af
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL detected: Riskware.AdTool.Win32.MyWebSearch.au
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL detected: Riskware.AdTool.Win32.MyWebSearch.au
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR detected: Adware.Win32.MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL detected: Riskware.AdTool.Win32.MyWebSearch.au
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL detected: Adware.Win32.MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE detected: Adware.Win32.MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL detected: Adware.Win32.MyWebSearch.an
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL detected: Riskware.AdTool.Win32.MyWebSearch.aq
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL detected: Adware.Win32.MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL detected: Riskware.AdTool.Win32.MyWebSearch.bc
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL detected: Adware.IWon.a
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL detected: Adware.Win32.MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL detected: Riskware.AdTool.Win32.MyWebSearch.as
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL detected: Riskware.AdTool.Win32.MyWebSearch.ad
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE detected: Riskware.AdTool.Win32.MyWebSearch.au
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE detected: Riskware.AdTool.Win32.MyWebSearch.au
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL detected: Riskware.AdTool.Win32.MyWebSearch.bc
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE detected: Adware.Win32.MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL detected: Riskware.AdTool.Win32.MyWebSearch.au
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL detected: Riskware.AdTool.Win32.MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL detected: Riskware.AdTool.Win32.MyWebSearch.i
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL detected: Riskware.AdTool.Win32.MyWebSearch.as
C:\WINDOWS\system32\f3PSSavr.scr detected: Adware.Win32.MyWebSearch
C:\WINDOWS\system32\Process.exe detected: Riskware.RiskTool.Win32.Processor.20

Scanned

Files: 186069
Traces: 381331
Cookies: 621
Processes: 36

Found

Files: 37
Traces: 475
Cookies: 35
Processes: 9
Registry keys: 0

Scan end: 11/03/2008 23:22:05
Scan time: 1:56:51

#10 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:42 PM

Posted 11 March 2008 - 09:33 PM

Hello deadend3,

Among other things, you have a Vundo infection. There will be several steps to completely disinfect your computer. To begin, please follow the steps in this guide. If you have any questions as you go through it, please ask as a reply to this thread. Once you have completed the guide, please post the Vundofix log as a reply to this thread.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#11 deadend3

deadend3
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 12 March 2008 - 03:33 AM

Hi Ruby, I tried running the online scan but it came up there was an error with the sites digital signature then crashes firefox when I ran the scan.

#12 deadend3

deadend3
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 12 March 2008 - 04:36 AM

Hi Orange blossom, I ran the Vundofix and it found nothing :thumbsup:

#13 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:42 PM

Posted 12 March 2008 - 04:13 PM

Hi deadend3,

Go ahead and post the log anyway.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#14 deadend3

deadend3
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 12 March 2008 - 04:26 PM

There was no log, presume this was because it found nothing, Virtumundobegone came up with one though



[03/12/2008, 9:33:23] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Paul\My Documents\My Pictures\new tags\VirtumundoBeGone.exe" )
[03/12/2008, 9:33:32] - Detected System Information:
[03/12/2008, 9:33:32] - Windows Version: 5.1.2600, Service Pack 2
[03/12/2008, 9:33:32] - Current Username: Paul (Admin)
[03/12/2008, 9:33:32] - Windows is in NORMAL mode.
[03/12/2008, 9:33:32] - Searching for Browser Helper Objects:
[03/12/2008, 9:33:32] - BHO 1: {00A6FAF1-072E-44cf-8957-5838F569A31D} (MyWebSearch Search Assistant BHO)
[03/12/2008, 9:33:32] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[03/12/2008, 9:33:32] - BHO 3: {07B18EA1-A523-4961-B6BB-170DE4475CCA} (mwsBar BHO)
[03/12/2008, 9:33:32] - BHO 4: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
[03/12/2008, 9:33:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/12/2008, 9:33:32] - Checking for HKLM\...\Winlogon\Notify\NppBho
[03/12/2008, 9:33:32] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing.
[03/12/2008, 9:33:32] - BHO 5: {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} (ALOT Toolbar)
[03/12/2008, 9:33:32] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/12/2008, 9:33:32] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[03/12/2008, 9:33:32] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[03/12/2008, 9:33:32] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[03/12/2008, 9:33:32] - BHO 10: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[03/12/2008, 9:33:32] - BHO 11: {E08DE81E-7E47-4777-84C5-C45DA13BCF91} ()
[03/12/2008, 9:33:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/12/2008, 9:33:32] - Checking for HKLM\...\Winlogon\Notify\jkkjhih
[03/12/2008, 9:33:32] - Key not found: HKLM\...\Winlogon\Notify\jkkjhih, continuing.
[03/12/2008, 9:33:33] - Finished Searching Browser Helper Objects
[03/12/2008, 9:33:33] - Finishing up...
[03/12/2008, 9:33:33] - Nothing found! Exiting...

#15 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:42 PM

Posted 12 March 2008 - 04:46 PM

Hello deadend3,

Even if Vundofix found nothing, there will be a log. You will find it here: C:\vundofix.txt

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users