I keep getting an error stating that my computer has the W32.Myzor.FK@yf virus. I can't seem to get it removed. I recently downloaded the Hijack This application. Here is the log file. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:23:04 PM, on 12/6/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\WebMediaViewer\hpmon.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE C:\Program Files\S4F\Filter7.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe C:\Users\Arianne\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe C:\Windows\system32\ctfmon.exe C:\Program Files\WebMediaViewer\hpmom.exe C:\Program Files\iolo\System Mechanic Professional\AntiVirus\iAVEmailScanner.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C} - C:\Program Files\WebMediaViewer\hpmun.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [S4F] C:\Program Files\S4F\Filter7.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Policies\Explorer\Run: [QuickTime Task] C:\Program Files\WebMediaViewer\qttask.exe O4 - HKLM\..\Policies\Explorer\Run: [VMware hptray] C:\Program Files\WebMediaViewer\hpmon.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm172YYUS O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: Explorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll O11 - Options group: [JAVA_IBM] Java (IBM) O13 - Gopher Prefix: O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 13351 bytes Please help!!!
Hi gnewton18. Nice little collection of Malware you got there. ; ) Let’s start with the following and then go from there.. Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and before the Windows icon appears press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode with Networking". Download Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. • If an update is found, it will download and install the latest version. • Once the program has loaded, select Perform full scan, then click Scan. • When the scan is complete, click OK, then Show Results to view the results. • Make sure that everything is checked, and click Remove Selected. <-- Don't forget this. • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt Reboot into Normal Mode.. • Please post the MBAM Log and a fresh HJT log in your next reply. 2OG
Thanks. I did all that you told me to do. Here is the mbam log: Malwarebytes' Anti-Malware 1.31 Database version: 1475 Windows 6.0.6001 Service Pack 1 12/8/2008 2:21:21 PM mbam-log-2008-12-08 (14-21-21).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 178742 Time elapsed: 46 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 152 Registry Values Infected: 11 Registry Data Items Infected: 2 Folders Infected: 19 Files Infected: 87 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{64466b8e-20a7-4a4a-aff4-aad9ca68b52c} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64466b8e-20a7-4a4a-aff4-aad9ca68b52c} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64466b8e-20a7-4a4a-aff4-aad9ca68b52c} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3b8fb116-d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3b8fb116-d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\webmedia.chl (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Online Alert Manager (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer add-on (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Toolbar (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar search scope monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\vmware hptray (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\QuickTime Task (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\PopSwatr (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\PopSwatr\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\WebMediaViewer (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Windows\System32\twain_32 (Backdoor.Bot) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\WebMediaViewer\hpmun.dll (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Windows\System32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\WebMediaViewer\browseu.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\WebMediaViewer\hpmon.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\WebMediaViewer\hpmun.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\WebMediaViewer\myc.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\WebMediaViewer\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\WebMediaViewer\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\WebMediaViewer\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\WebMediaViewer\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\WebMediaViewer\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\WebMediaViewer\qttaskm.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\WebMediaViewer\qttasku.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\WebMediaViewer\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Windows\System32\twain_32\local.ds (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\System32\twain_32\user.ds (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Users\Arianne\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Users\Arianne\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Users\Arianne\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Users\Arianne\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Users\Arianne\Favorites\Run Virus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Run Virus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully. Also, here is the new hijack log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:25:10 PM, on 12/8/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Windows\ehome\ehmsas.exe C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [S4F] C:\Program Files\S4F\Filter7.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user') O4 - Startup: ClearPlay Easy Updates.lnk = C:\Program Files\ClearPlay\ClearPlay Easy Updates\ClearPlayEasyUpdates.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll O11 - Options group: [JAVA_IBM] Java (IBM) O13 - Gopher Prefix: O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10932 bytes
I am not getting the error message anymore and my internet is definitely running a lot faster. Thank you so much for your help.
gnewton18, I don’t see a 3rd party firewall or an Anti-Virus on your computer.. That is why you became infected.. 1. Install a good software firewall on your system. At a minimum a good software firewall should have application control, i.e., the ability to set permissions for Internet access on a program-by-program basis. Rely on the Windows firewall? Unfortunately, this gives you a false sense of security. It only protects incoming traffic. But outgoing traffic, with your credit card info, social security number, bank accounts, passwords and other confidential information is not protected. The Windows firewall will let it all go out. (both in XP and Vista) I have tested and recommend ZoneAlarm [freeware] In all my tests, the firewall guarded against all external and internal threats it encountered. ZoneAlarm is an excellent firewall choice for just about any average user. This is a more or less "set it and forget it" firewall. 2. Install a good Anti-Virus package. Of all the Anti-Virus programs I have tested, I recommend Avira AntiVir. One of my personal favorite free Antiviral Programs. AntiVir software is a reliable free antivirus solution, that constantly and rapidly scans your computer for malicious programs (such as viruses, Trojans, backdoor programs, hoaxes, worms, dialers etc.), monitoring every action executed by the user or by the operating system and being able to react promptly when a malicious program is detected. It would have caught and deleted the Trojans that you were infested with. Hate nag screens? Me too. I use Avira AntiVir as part of the protection on my computer and here's how to stop that annoying Avira Antivir PE Classic avnotify nag screen: http://www.elitekiller.com/files/disable_antivir_nag.htm 2OG
