0

ESTEEMED GEEKS AND GEEKETTES: My Toshiba Satellite Laptop with Windows 7(64) has been infested by that lovely hybrid ROGUE: Personal Shield Pro.

I did read the prerequisite "read this before..."instructions from Phillephan, but to be honest as I read them after several unidentifiable (to me) terms, I started to have an anxiety attack. I know I have some aptitude because NSA tried to hire me to be a programmer 40 years ago. But I don't have the experience and I do have ADD, so I go from anxiety to suicidal impulses, then rage (both of which I reject in favor of having a singlemalt scotch). I just need to regain my computer's use before I have a meltdown.

I need to know if SPYWARE DOCTOR (Spyware-Experts.com) and/or STOPzilla(iS3)are legit software to use to obliterate Personal Shield Pro, completely or as much as possible. Is one clearly better?

The rest is just for curious geeks. I thought I had eliminated it before by deleting my security BitDefender,and reinstalling it since it appeared to have disabled one of the BitDefender files. But it returned. This time I was unable to open most programs, unable go online on Internet Explorer.

I switched to my Mozilla Firefox. I queried on Google and followed directions from Spyware-Experts and rebooted on Safe Mode, then followed directions and downloaded two files for Spyware Doctor. Then I panicked. I had just read that Personal Shield Pro poses as a security program, then encourages you to "fix the Problem." and after a second-generation infestation trys to sell you a software cure. I had just downloaded the cure after a simple query about Personal Shield Pro. HOW DO I KNOW THE PERSONAL SHIELD PRO ogres didn't simply post a phony cure for their phony security????? One that would be one of the first to pop up in response to a query?

My son suggested going in and booting as administrator and wiping out my user file, which he said worked on computers at his work.

3
Contributors
32
Replies
34
Views
6 Years
Discussion Span
Last Post by jholland1964
Featured Replies
  • You are assuming a LOT and very wrongly. The Sticky, while dated, 2008, is kept up to date on a regular basis. [B][I][COLOR="Red"]If your "handle" appendage, 1964, is a hint of your experience, you come from a generation of IT people that were notoriously abusive to "non-techs." [/COLOR][/I][/B] Again another … Read More

  • Thanks so much for your kind words, they are greatly appreciated. Happy we could get it all resolved. Good working with you too! Read More

0

I have been very successful removing Malware and virus with MalWareBytes. I have used this product to clean the laptops of students at the university I worked at. It is pretty thorough.

The software can be found at http://www.malwarebytes.org/. There is a free version which I have used exclusively and a version they sell with additional real time protection. As much as I have used it I probably should have purchased it, but for the most part I have used it on other folks computers.

Make sure that you are on the malware bytes site I listed above before you start the download since there are many malware products that will try to redirect away from this site. Te download link, will redirect you to TechSpot or majorgeeks to perform the actual download. Either site should be OK.

I have found that If I go to a clean machine and download the installer to a USB Drive and then install on the infected machine from the USB drive I have had greater success.

It will probably take several euns to completely remove all of the malware and you should boot into Safe mode for the first couple of runs. Once the complete scan comes back clean you are probably safe. If it finds any malware or viruses make sure you run it again until you have a clean scan.

Good Luck

0

I need to know if SPYWARE DOCTOR (Spyware-Experts.com) and/or STOPzilla(iS3)are legit software to use to obliterate Personal Shield Pro, completely or as much as possible.
No they are not. If they were they would be in PhilliePhan's sticky.
Please use those programs listed in his sticky and post the logs here.
WE read the logs, you don't. You just need to follow the instructions exactly as given.

0

I have been very successful removing Malware and virus with MalWareBytes. I have used this product to clean the laptops of students at the university I worked at. It is pretty thorough.

The software can be found at http://www.malwarebytes.org/. There is a free version which I have used exclusively and a version they sell with additional real time protection. As much as I have used it I probably should have purchased it, but for the most part I have used it on other folks computers.

Make sure that you are on the malware bytes site I listed above before you start the download since there are many malware products that will try to redirect away from this site. Te download link, will redirect you to TechSpot or majorgeeks to perform the actual download. Either site should be OK.

I have found that If I go to a clean machine and download the installer to a USB Drive and then install on the infected machine from the USB drive I have had greater success.

It will probably take several euns to completely remove all of the malware and you should boot into Safe mode for the first couple of runs. Once the complete scan comes back clean you are probably safe. If it finds any malware or viruses make sure you run it again until you have a clean scan.

Good Luck

thnx svilla. I will try this.

0

Do you really want to clean the computer?

Then follow the steps given by PhilliePhan which INCLUDES, along with other steps, Malwarebytes' Anti-Malware.

Do you really want it clean or not?

The steps you read from Spyware-Experts cannot be trusted, the website itself has a poor reputation.

Do you honestly think that the steps given were posted just for the sake of posting something? We have steps we request because THOSE are the ones that work to begin cleaning a computer.

0

I need to know if SPYWARE DOCTOR (Spyware-Experts.com) and/or STOPzilla(iS3)are legit software to use to obliterate Personal Shield Pro, completely or as much as possible.
No they are not. If they were they would be in PhilliePhan's sticky.
Please use those programs listed in his sticky and post the logs here.
WE read the logs, you don't. You just need to follow the instructions exactly as given.

I have about no chance of following PhilliePhan's sticky without my head blowing off. As a longtime PR person I would go back and carefully read that sticky and decide whether it is conducive to "follow exactly as given," and determine whether or not the attitudes in communications project arrogance and distain,"or truly assist your mission of "helping."

Sgt Taylor, USMC and still frustrd

0

svilla[/B, while we always welcome help here. We also have a sticky for those wishing to offer assistance. You need to follow those rules if you wish to assist.You will find it at the top of the page and I ask that you read it.

Forum Rules and Policy for First Responders
-- Please refer initial posters for assistance to our Read Me First Sticky Post
We would like everyone to start with these steps so that a "baseline" for further assistance can be established.

0

I have about no chance of following PhilliePhan's sticky without my head blowing off. As a longtime PR person I would go back and carefully read that sticky and decide whether it is conducive to "follow exactly as given," and determine whether or not the attitudes in communications project arrogance and distain,"or truly assist your mission of "helping."

Sgt Taylor, USMC and still frustrd

Then your chances of getting the computer clean are very slight. I am very sorry. There are multiple tools required to rid the computer of this infection and if you are not willing to run these simple tools then as stated the chances of getting the computer clean are very small.We have helped posters remove this infection many times with great success. There are accepted tools used to clean this and then fix damaged files but they must all be run correctly otherwise further damage will result until it is possible the computer will not be usable.
hopefully you will be willing to run the tools. We only want to assist.

Edited by jholland1964: n/a

0

I have no doubt you wish to assist. I am sure, also, that you get frustrated by people not following instructions. I also have no doubt that the "sticky" from PhilliePhan is technically "tight." It is just intimidating and a little overwhelming after 5 or 6 hours of watching your computer going haywire.

Also, it is dated July 15, 2008, which was why I did not automatically "just do it." There is a lot of evolution in virus's in three years. (I'm not stupid, I copied every word so I can follow the instructions if I found no other viable solution, as I did your responses and that of svilla.) Also, I am well backed up.

If your "handle" appendage, 1964, is a hint of your experience, you come from a generation of IT people that were notoriously abusive to "non-techs." Frankly, some of us would have loved to poison our IT guy's tea (when we weren't praising them for their knowledge). I do appreciate your efforts and assistance. I will follow the instructions as well as I am able. Hopefully I am not excommunicated. Thank you for your assistance, and PhilliePhan for his obviously dilligent work on documenting a tough one.

P.S. As a former Marine Sgt, I can smell attitude from a thousand yards. I was also sincere in my suggestion that someone check out the sticky to see how user-friendly it is. And maybe put an "last updated on" notation. Besides my PR experience, I was a technical writer for a time.

1

You are assuming a LOT and very wrongly. The Sticky, while dated, 2008, is kept up to date on a regular basis.
If your "handle" appendage, 1964, is a hint of your experience, you come from a generation of IT people that were notoriously abusive to "non-techs."

Again another wrong assumption. I am not a "tech" as you assume, I have never been and never have claimed to be. I am simply an ordinary computer user who has taken up assistance in malware removal as a hobby. The 1964 "appendage" was used in order to not have to go through "umpteen" other numbers to be able to use the name I wanted to use or take on a suggested user name that I didn't want to use.

The Sticky is user friendly if a person will use it as described and if you read other threads here you will see that it is used by all when posting here.

Honestly I don't know what it is that you are expecting or what it is that you want us to do. There is no magic bullet or button to push to remove infections like this one. They all require multiple steps and tools and there is no other way to remove them. We can't give you different steps if they are not available and they are not available. There is no ONE step to remove this infection.

If you don't feel you can follow the steps then I suggest you take the computer to a shop and have it cleaned.

Edited by jholland1964: n/a

0

You are assuming a LOT and very wrongly. The Sticky, while dated, 2008, is kept up to date on a regular basis.
If your "handle" appendage, 1964, is a hint of your experience, you come from a generation of IT people that were notoriously abusive to "non-techs."

Again another wrong assumption. I am not a "tech" as you assume, I have never been and never have claimed to be. I am simply an ordinary computer user who has taken up assistance in malware removal as a hobby. The 1964 "appendage" was used in order to not have to go through "umpteen" other numbers to be able to use the name I wanted to use or take on a suggested user name that I didn't want to use.

The Sticky is user friendly if a person will use it as described and if you read other threads here you will see that it is used by all when posting here.

Honestly I don't know what it is that you are expecting or what it is that you want us to do. There is no magic bullet or button to push to remove infections like this one. They all require multiple steps and tools and there is no other way to remove them. We can't give you different steps if they are not available and they are not available. There is no ONE step to remove this infection.

If you don't feel you can follow the steps then I suggest you take the computer to a shop and have it cleaned.

I guess I lived up to my name. As I thought about what I said to you I thought "maybe this web page is just over my head." Anyway, I am going to censor myself for being abusive.... frustration is no excuse. I'm not sure I can follow the sticky from PhillePhan... I am going to read it very carefully.... I will query the terms I am not sure about and make a decision. Since there is a question about the reliability of spyware-experts' website and product, I'll take the computer to a shop to be fixed. Thank you for your time in responding and your efforts to help. My comments were out of line.

0

Apology accepted. Now if you do want assistance with the removal of this infection I will be happy to give you the steps needed one at a time. You complete step one and report back with the needed log and then I will give you step two and so on. But you have to be willing to do the steps as given.
If you don't feel that you can follow the steps this way then your only option is to take it to a shop.

0

Thank you..
had been reading the sticky. tried to remove window live mail,window live messenger (p2p programs?) got error 0X80070641, WLMimeFilter - amd64 I know they pop up on my wife's user but she closes them and doesn't use either.

I am in safe mode now. 64-bit OS I am ready to follow your lead....I will be prompt in response

0

There is no reason to remove these programs you noted, they are NOT P2P programs. They are normal programs found on most Windows 7 operating systems and likely cannot be removed. Just CLOSE them.

Ok, you are exactly where you should be right now, Safe Mode with Networking. Very good!
These instructions are the standard, always used instructions and they were created by Bleepingcomputer website and are used on most good, legitimate sites for these removals.
I have posted attachment pictures so you can see what is needed to do.
Here is what you need to do:
In Internet Explorer go up to Tools, Internet Options. Connections Tab. Click the LAN Button.
When LAN Settings opens if there is a checkmark in use Proxy Server, REMOVE that check mark and click OK. Then OK your way out of Internet Options.

Then do this:
Download rkill and save it to the desktop.

http://www.bleepingcomputer.com/download/anti-virus/rkill

When at the download page, click on the Download Now button labeled iExplore.exe download link. When you are prompted where to save it, please save it on your desktop.

If you are unable to connect to the site to download RKill, please go back and do steps again and make sure the infection has not reenabled the proxy settings. You may have to do this quite a few times before you can get RKill downloaded. If you still cannot download the RKill program on the infected computer, you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

Once it is downloaded, double-click on the iExplore.exe icon in order to automatically attempt to stop any processes associated with Personal Shield Pro and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that RKill is an infection, do not be concerned. . So, please try running RKill until the malware is no longer running. You will then be able to proceed with the rest of the guide. Do not reboot your computer after running RKill as the malware programs will start again.

After you have done the above, come back and I will give you the additional steps. I promise, none of this is hard, just takes some time.

Edited by jholland1964: n/a

Attachments Connections,_LAN_Button.jpg 59.02 KB Internet_Options,_Connection_Tab.jpg 63.54 KB LAN_Setting_Remove_Checkmark.jpg 44.81 KB
0

First of all for now, there is no reason to remove these programs you noted, they are NOT P2P programs. They are normal programs found on most Windows 7 operating systems and likely cannot be removed. Just CLOSE them.

Ok, you are exactly where you should be right now, Safe Mode with Networking. Very good!
These instructions are the standard, always used instructions and they were created by Bleepingcomputer website and are used on most good, legitimate sites for these removals.
I have posted attachment pictures so you can see what is needed to do.
Here is what you need to do:
In Internet Explorer go up to Tools, Internet Options. Connections Tab. Click the LAN Button.
When LAN Settings opens if there is a checkmark in use Proxy Server, REMOVE that check mark and click OK. Then OK your way out of Internet Options.

Then do this:
Download rkill and save it to the desktop.

http://www.bleepingcomputer.com/download/anti-virus/rkill

When at the download page, click on the Download Now button labeled iExplore.exe download link. When you are prompted where to save it, please save it on your desktop.

If you are unable to connect to the site to download RKill, please go back and do steps again and make sure the infection has not reenabled the proxy settings. You may have to do this quite a few times before you can get RKill downloaded. If you still cannot download the RKill program on the infected computer, you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

Once it is downloaded, double-click on the iExplore.exe icon in order to automatically attempt to stop any processes associated with Personal Shield Pro and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that RKill is an infection, do not be concerned. . So, please try running RKill until the malware is no longer running. You will then be able to proceed with the rest of the guide. Do not reboot your computer after running RKill as the malware programs will start again.

After you have done the above, come back and I will give you the additional steps. I promise, none of this is hard, just takes some time.

1ST STEP DONE
WORD PAD LOG:his log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 07/30/2011 at 12:15:39.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:

Rkill completed on 07/30/2011 at 12:15:42.

0

1ST STEP DONE
WORD PAD LOG:his log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 07/30/2011 at 12:15:39.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:

Rkill completed on 07/30/2011 at 12:15:42.

I ACTUALLY RAN RKILL TWICE.... I THINK I TERMINATED IT EARLY THE FIRST TIME.


LOG FOR 2ND RUN: This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 07/30/2011 at 12:19:09.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:

C:\Users\Owner\Downloads\eXplorer.exe


Rkill completed on 07/30/2011 at 12:19:11.

0

Now do the following:
Download Malwarebytes'Anti- malware and save it to your desktop.
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button

Once downloaded, close all programs and Windows on your computer, including this one.

Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MBAM onto your computer.

When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button. If MalwareBytes' prompts you to reboot, please do not do so.

On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer for Personal Shield Pro related files.

MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the attached image below with infected files found noted in Red.
Scroll through the list and be sure there ARE check marks next to each item noted in Red. Once you are certain the check marks are there then click the Remove Selected button and then Reboot the computer.

Go to MBA-M and open the program. Go to the Logs Tab and open it. Double click on the Bottom log to open it up. When the log opens go up to the Edit Button and click Select All, then select the Copy button.
Then come back here and open a new reply. Place your cursor into the Reply and Right Click to choose Paste. That log will then be posted here and I will take a look.

Attachments MBA-M.jpg 83.64 KB
0

Now do the following:
Download Malwarebytes'Anti- malware and save it to your desktop.
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button

Once downloaded, close all programs and Windows on your computer, including this one.

Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MBAM onto your computer.

When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button. If MalwareBytes' prompts you to reboot, please do not do so.

On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer for Personal Shield Pro related files.

MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the attached image below with infected files found noted in Red.
Scroll through the list and be sure there ARE check marks next to each item noted in Red. Once you are certain the check marks are there then click the Remove Selected button and then Reboot the computer.

Go to MBA-M and open the program. Go to the Logs Tab and open it. Double click on the Bottom log to open it up. When the log opens go up to the Edit Button and click Select All, then select the Copy button.
Then come back here and open a new reply. Place your cursor into the Reply and Right Click to choose Paste. That log will then be posted here and I will take a look.

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7327

Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.7601.17514

7/30/2011 2:20:48 PM
mbam-log-2011-07-30 (14-20-48).txt

Scan type: Full scan (C:\|)
Objects scanned: 432954
Time elapsed: 45 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 212
Registry Values Infected: 19
Registry Data Items Infected: 0
Folders Infected: 13
Files Infected: 104

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TotalRecipeSearch_14Service (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a0154e07-2b48-475c-a82a-80efd84ea33e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A0154E07-2B48-475C-A82A-80EFD84EA33E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A0154E07-2B48-475C-A82A-80EFD84EA33E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TotalRecipeSearch_14bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ab56dfde-0c14-45b3-9df6-7b0eba617870} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8a7d2060-824d-4b17-b00a-759b1b5f30d9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df22384f-cf68-4d19-969f-10423715528b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF22384F-CF68-4D19-969F-10423715528B} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF22384F-CF68-4D19-969F-10423715528B} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF22384F-CF68-4D19-969F-10423715528B} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9e5c950c-93f2-46b4-a47e-8450fff4d841} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{398035f8-0621-4534-aef6-b5592a68f6d8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9A74121D-E910-4C66-8CBC-2A342BD03EB5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b5ede79d-b004-47dd-93f9-152b0d145914} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{bcf02409-9333-44e7-96e8-01890ea9d58e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4FFED4E7-CF5A-467C-965C-0E425314E0CF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d0dabaca-3c45-4ee9-b0da-533cad1985b0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TotalRecipeSearch_14.DynamicBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TotalRecipeSearch_14.DynamicBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1f82c34-7195-49a8-9c9b-47c064c22132} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{b7b60f9d-f1e4-4694-9a40-1538ea07a795} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{C76ED8C1-24E5-43A8-807F-448264610140} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TotalRecipeSearch_14.FeedManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TotalRecipeSearch_14.FeedManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b38fbaed-ded1-4ba6-ba2e-f2515fd49442} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{ffed91ad-6369-48f5-b351-2a42d09cb27c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6A6B3763-2264-4710-B165-26DB0B35920C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TotalRecipeSearch_14.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TotalRecipeSearch_14.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B38FBAED-DED1-4BA6-BA2E-F2515FD49442} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B38FBAED-DED1-4BA6-BA2E-F2515FD49442} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A4503EC3-1111-4B62-8F46-0D88508F8A7B} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TotalRecipeSearch_14.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TotalRecipeSearch_14.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A4503EC3-1111-4B62-8F46-0D88508F8A7B} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{895f3dbd-2484-4a14-a0ea-c3252ebb0ff7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{529b4045-715c-46e7-bc81-81e3aaec9060} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{23A73CDC-711C-4D7E-AECC-D9AECFA152AA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8c4b563e-52a1-4a10-b700-f8bf1cd7b726} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TotalRecipeSearch_14.MultipleButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TotalRecipeSearch_14.MultipleButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{96b8a0ef-0d9d-4a92-b548-376db4bbb58b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{ee201ae6-533c-4947-97ea-12627d4854a0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4A80A60D-BDEF-4D70-BCCC-D0DAD25FF951} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TotalRecipeSearch_14.XMLSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TotalRecipeSearch_14.XMLSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{96B8A0EF-0D9D-4A92-B548-376DB4BBB58B} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{396a4e14-83e7-4941-b0d9-b598e1b97197} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{829e44ed-cb4f-4ccc-990f-428fbd0b128a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{D70D51A6-C90C-4BF4-9C91-DC0B943754DE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TotalRecipeSearch_14.RadioSettings.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TotalRecipeSearch_14.RadioSettings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9c524bf-4044-402a-aa00-8c3b3da86125} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TotalRecipeSearch_14.ScriptButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TotalRecipeSearch_14.ScriptButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{03f3147c-cea6-4aae-b0ae-8d8abe7a8080} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{06a16622-19d9-47e8-9fec-6ca8cf275bd7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{81C8B625-F505-4E26-84F9-207AF4240B00} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{03F3147C-CEA6-4AAE-B0AE-8D8ABE7A8080} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2502086b-5a46-4d05-8d5b-a1e77ab8bb32} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{cc748b11-e10d-4c87-9a24-93e429fdd1fd} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2D465563-7CA8-45EC-83F2-6F5C293762F3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TotalRecipeSearch_14.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TotalRecipeSearch_14.ThirdPartyInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2502086B-5A46-4D05-8D5B-A1E77AB8BB32} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f7921d9c-168a-40ee-a4a9-42dd202b0bb4} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TotalRecipeSearch_14.UrlAlertButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TotalRecipeSearch_14.UrlAlertButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TotalRecipeSearch_14.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TotalRecipeSearch_14.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TotalRecipeSearch_14.Radio (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TotalRecipeSearch_14.Radio.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TotalRecipeSearch_14.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TotalRecipeSearch_14.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TotalRecipeSearch_14.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TotalRecipeSearch_14.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\TotalRecipeSearch_14 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{73E0BD4D-0A0F-4C5D-BDB0-FC2B18ADDE1A}_is1 (Rogue.ErrorWiz) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@TotalRecipeSearch_14.com/Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Value: My Web Search Bar Search Scope Monitor -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TotalRecipeSearch_14 Browser Plugin Loader (Adware.MyWebSearch) -> Value: TotalRecipeSearch_14 Browser Plugin Loader -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\pC01300FcNeJ01300 (Trojan.FakeAlert) -> Value: pC01300FcNeJ01300 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{A0154E07-2B48-475C-A82A-80EFD84EA33E} (Adware.MyWebSearch) -> Value: {A0154E07-2B48-475C-A82A-80EFD84EA33E} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A0154E07-2B48-475C-A82A-80EFD84EA33E} (Adware.MyWebSearch) -> Value: {A0154E07-2B48-475C-A82A-80EFD84EA33E} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{8A7D2060-824D-4B17-B00A-759B1B5F30D9} (Adware.MyWebSearch) -> Value: {8A7D2060-824D-4B17-B00A-759B1B5F30D9} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{A0154E07-2B48-475C-A82A-80EFD84EA33E} (Adware.MyWebSearch) -> Value: {A0154E07-2B48-475C-A82A-80EFD84EA33E} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{8a7d2060-824d-4b17-b00a-759b1b5f30d9} (Adware.MyWebSearch) -> Value: {8a7d2060-824d-4b17-b00a-759b1b5f30d9} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{a0154e07-2b48-475c-a82a-80efd84ea33e} (Adware.MyWebSearch) -> Value: {a0154e07-2b48-475c-a82a-80efd84ea33e} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Value: (default) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\14ffxtbr@TotalRecipeSearch_14.com (Adware.MyWebSearch) -> Value: [email]14ffxtbr@TotalRecipeSearch_14.com[/email] -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files (x86)\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
c:\program files (x86)\mywebsearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\totalrecipesearch_14\bar\1.bin\14brmon.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\programdata\pc01300fcnej01300\pc01300fcnej01300.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files (x86)\totalrecipesearch_14\bar\1.bin\14barsvc.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\totalrecipesearch_14\bar\1.bin\14bar.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\totalrecipesearch_14\bar\1.bin\14SrcAs.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3PSSAVR.SCR (PUP.FunWebProducts) -> Not selected for removal.
c:\program files (x86)\mywebsearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3RESTUB.DLL (PUP.FunWebProducts) -> Not selected for removal.
c:\program files (x86)\mywebsearch\bar\1.bin\F3SCHMON.EXE (PUP.FunWebProducts) -> Not selected for removal.
c:\program files (x86)\mywebsearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\totalrecipesearch_14\bar\1.bin\14auxstb.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\totalrecipesearch_14\bar\1.bin\14brstub.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\totalrecipesearch_14\bar\1.bin\14datact.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\totalrecipesearch_14\bar\1.bin\14dlghk.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\totalrecipesearch_14\bar\1.bin\14dyn.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\totalrecipesearch_14\bar\1.bin\14feedmg.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\totalrecipesearch_14\bar\1.bin\14highin.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\totalrecipesearch_14\bar\1.bin\14html.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\totalrecipesearch_14\bar\1.bin\14htmlmu.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\totalrecipesearch_14\bar\1.bin\14httpct.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\totalrecipesearch_14\bar\1.bin\14idle.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\totalrecipesearch_14\bar\1.bin\14ieovr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\totalrecipesearch_14\bar\1.bin\14impipe.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\totalrecipesearch_14\bar\1.bin\14medint.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\totalrecipesearch_14\bar\1.bin\14mlbtn.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\totalrecipesearch_14\bar\1.bin\14msg.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\totalrecipesearch_14\bar\1.bin\14Plugin.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\totalrecipesearch_14\bar\1.bin\14radio.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\totalrecipesearch_14\bar\1.bin\14regfft.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\totalrecipesearch_14\bar\1.bin\14regiet.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\totalrecipesearch_14\bar\1.bin\14script.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\totalrecipesearch_14\bar\1.bin\14skin.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\totalrecipesearch_14\bar\1.bin\14skplay.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\totalrecipesearch_14\bar\1.bin\14tpinst.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\totalrecipesearch_14\bar\1.bin\14uabtn.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\windows live\messenger\msimg32.dll (PUP.FunWebProducts) -> Not selected for removal.
c:\program files (x86)\windows live\messenger\riched20.dll (PUP.FunWebProducts) -> Not selected for removal.
c:\Users\Owner\AppData\LocalLow\totalrecipesearch_14ei\Installr\Cache\01906D1C.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Not selected for removal.
c:\Windows\SysWOW64\f3PSSavr.scr (PUP.FunWebProducts) -> Not selected for removal.
c:\Users\Owner\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\m3ffxtbr.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\m3ntstbr.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Users\Owner\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
c:\Users\Owner\downloads\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

0

Whew!!! boy, that may be some sort of record!:)
Go to normal mode and update and run Malwarebytes' again the same way, Full Scan, remove everything found and reboot.

0

Whew!!! boy, that may be some sort of record!:)
Go to normal mode and update and run Malwarebytes' again the same way, Full Scan, remove everything found and reboot.

Whew, Whew.....another dubious record for my career: Thank you so much for your kind and efficient assistance and generosity with your time. my Here's the log:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7327

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

7/30/2011 4:13:35 PM
mbam-log-2011-07-30 (16-13-35).txt

Scan type: Full scan (C:\|)
Objects scanned: 434404
Time elapsed: 1 hour(s), 4 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files (x86)\windows live\messenger\msimg32.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files (x86)\windows live\messenger\riched20.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.

Some questions so I don't have a repeat incidence:Should I follow this procedure with my external back up drive, so I won't re-infect if I lose files and want to recover? (I can do it later, of course.)

Should I use Windows security, instead of BitDefender?

Should I be using Uniblue Registry Booster, Drive Scanner, System Tweak and Speed My Computer?

0

Should I be using Uniblue Registry Booster, Drive Scanner, System Tweak and Speed My Computer?
All of those programs are JUNK. They should be uninstalled using Add/Remove.

Should I use Windows security, instead of BitDefender?

No BitDefender is just fine.

However, you are not complete with the clean up yet. This Personal Shield Pro makes some major changes to the computer and you will need to correct those also.
It changes your Windows HOSTS file, you will need to replace this file with the default version for your operating system.
Here are the steps:
Please download the following batch file and save it to your desktop:

http://download.bleepingcomputer.com/bats/hosts-perm.bat

When the file has finished downloading, double-click on the hosts-perm.bat file that is now on your desktop. If Windows asks if you if you are sure you want to run it, please allow it to run. Once it starts you will see a small black window that opens and then quickly goes away. This is normal and is nothing to be worried about. You should now be able to access your HOSTS file.

Next do the following:
Go to C:\Windows\System32\Drivers\etc\HOSTS You need to Delete that HOSTS file.

Once you have done that then do this:
Once it is deleted, download the following HOSTS file
http://download.bleepingcomputer.com/misc/host-files/windows-7/hosts
and save it in the C:\Windows\System32\Drivers\etc folder.

Once you have done that Reboot the computer and come back here and report. You have just a few more steps once this part is finished.

As far as the external drive you can scan it with MBA-M to be sure it is not infected, but don't do it now. Let's finish with all this first. Ok?

Edited by jholland1964: n/a

0

should i be using uniblue registry booster, drive scanner, system tweak and speed my computer?
all of those programs are junk. They should be uninstalled using add/remove.

should i use windows security, instead of bitdefender?

no bitdefender is just fine.

However, you are not complete with the clean up yet. This personal shield pro makes some major changes to the computer and you will need to correct those also.
It changes your windows hosts file, you will need to replace this file with the default version for your operating system.
Here are the steps:
Please download the following batch file and save it to your desktop:

http://download.bleepingcomputer.com/bats/hosts-perm.bat

when the file has finished downloading, double-click on the hosts-perm.bat file that is now on your desktop. If windows asks if you if you are sure you want to run it, please allow it to run. Once it starts you will see a small black window that opens and then quickly goes away. this is normal and is nothing to be worried about. you should now be able to access your hosts file.

Next do the following:
Go to c:\windows\system32\drivers\etc\hosts you need to delete that hosts file.

Once you have done that then do this:
Once it is deleted, download the following hosts file
http://download.bleepingcomputer.com/misc/host-files/windows-7/hosts
and save it in the c:\windows\system32\drivers\etc folder.

Once you have done that reboot the computer and come back here and report. You have just a few more steps once this part is finished.

As far as the external drive you can scan it with mba-m to be sure it is not infected, but don't do it now. Let's finish with all this first. Ok?

i am hung up at the step for saving the new hosts file to the c:........hosts\ect file
i have downloaded the file but it goes into the download file and i can't get it onto the desktop????

0

i am hung up at the step for saving the new hosts file to the c:........hosts\ect file
i have downloaded the file but it goes into the download file and i can't get it onto the desktop????

right click the file and choose copy. Then open the C:\Windows\System32\Drivers\etc\ folder and right click and Choose Paste. See if it goes in ok.

0

right click the file and choose copy. Then open the C:\Windows\System32\Drivers\etc\ folder and right click and Choose Paste. See if it goes in ok.

I think I just got it. I'll double check and reboot, or try above. thanks

0

I think I just got it. I'll double check and reboot, or try above. thanks

Hosts is in the proper file now. Thanks for your patience. Whats next?

0

You are doing SUPER! Exactly as asked with everything.

Just a couple more things so we can be 100% certain that things are fully cleaned up and won't happen again.
I want you to do the following:
Download DDS by sUBs and save it to your Desktop.

http://download.bleepingcomputer.com/sUBs/dds.scr

Be sure follow the instructions below carefully
• If your AV has a script blocker, please disable it
• DoubleClick on dds.scr to run the tool
* A command box will open, displaying added information for your reading pleasure while DDS completes its scan.
* Upon completion, a Dialog Box should open instructing you to save and post the TWO resulting logs (DDS.txt & Attach.txt).
Copy&Paste both the DDS.txt and the DDS Attach.txt into your post

This is basically a simple scanner program that can show us what has been happening, possibly HOW it happened and also what programs are installed on the computer that may not be needed OR that may have helped contribute to this problem. The logs are quite long and might take more than one reply to paste them completely.

Edited by jholland1964: n/a

0

You are doing SUPER! Exactly as asked with everything.

Just a couple more things so we can be 100% certain that things are fully cleaned up and won't happen again.
I want you to do the following:
Download DDS by sUBs and save it to your Desktop.

http://download.bleepingcomputer.com/sUBs/dds.scr

Be sure follow the instructions below carefully
• If your AV has a script blocker, please disable it
• DoubleClick on dds.scr to run the tool
* A command box will open, displaying added information for your reading pleasure while DDS completes its scan.
* Upon completion, a Dialog Box should open instructing you to save and post the TWO resulting logs (DDS.txt & Attach.txt).
Copy&Paste both the DDS.txt and the DDS Attach.txt into your post

This is basically a simple scanner program that can show us what has been happening, possibly HOW it happened and also what programs are installed on the computer that may not be needed OR that may have helped contribute to this problem. The logs are quite long and might take more than one reply to paste them completely.

TWO FILES FOLLOW. YOU HAVE THE PATIENCE OF JOBE AND I HAVE A MUSCH IMPROVED APPRECIATION FOR WHY ONE HAS TO FOLLOW THE STEPS, EXACTLY
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/5/2009 1:02:13 PM
System Uptime: 7/30/2011 6:56:42 PM (1 hours ago)
.
Motherboard: TOSHIBA | | Satellite P505
Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz | U2E1 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 453 GiB total, 392.388 GiB free.
D: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID:
Description: Thomson USB CDC Device
Device ID: USB\VID_069B&PID_0704\0011E36BA02B
Manufacturer:
Name: Thomson USB CDC Device
PNP Device ID: USB\VID_069B&PID_0704\0011E36BA02B
Service:
.
==== System Restore Points ===================
.
RP173: 7/6/2011 8:41:39 AM - Windows Backup
RP174: 7/13/2011 9:37:33 AM - Windows Update
RP175: 7/13/2011 1:09:20 PM - Windows Update
RP176: 7/17/2011 10:06:35 AM - Windows Backup
RP177: 7/22/2011 10:35:37 AM - Installed TWC Customer Controls
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
6500_E709_eDocs
6500_E709_Help
6500_E709n
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Illustrator 10.0.3
Adobe Photoshop 7.0.1
Adobe Reader 9.4.5
Adobe SVG Viewer 3.0
Amazon Kindle For PC
Amazon MP3 Downloader 1.0.10
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Compatibility Pack for the 2007 Office system
Conduit Engine
D3DX10
Destinations
DeviceDiscovery
Direct DiscRecorder
DocMgr
DocProc
DVD MovieFactory for TOSHIBA
erLT
Fax
File Type Assistant
Final Media Player 2011
FOX News Live Stream
Free Radio TV Toolbar
FUJIFILM MyFinePix Studio 1.0
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
HDMI Control Manager
HP Product Detection
HP Update
HPProductAssistant
HPSSupply
Internet TV for Windows Media Center
InterVideo WinDVD BD for TOSHIBA
Java(TM) 6 Update 14
Junk Mail filter update
Logitech SetPoint
Malwarebytes' Anti-Malware version 1.51.1.1800
MapNeto 1 Toolbar
MarketResearch
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Works
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MyToshiba
NetZero Internet
NetZero Launcher
NTI Backup Now EZ
O2Micro Flash Memory Card Windows Driver
ProductContext
QuickBooks
Quickbooks Financial Center
QuickBooks Pro 2009
QuickTime
Realtek WLAN Driver
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Launcher
SmartWebPrinting
SolutionCenter
Status
SupportSoft Assisted Service
Toolbox
Toshiba Application Installer
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Online Backup
Toshiba Quality Application
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA USB Sleep and Charge Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
TrayApp
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wnciper
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wnciper
TurboTax 2010 wrapper
TWC Customer Controls
Uniblue DriverScanner
Uniblue RegistryBooster
Uniblue SpeedUpMyPC
Uniblue SystemTweaker
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2553975)
Visual Studio 2005 Tools for Office Second Edition Runtime
WebReg
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip 15.0
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
7/30/2011 9:54:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/30/2011 9:54:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/30/2011 9:54:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/30/2011 9:54:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/30/2011 9:49:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
7/30/2011 9:49:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
7/30/2011 9:24:58 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/30/2011 9:24:36 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bdfsfltr discache PxHlpa64 spldr Wanarpv6
7/30/2011 6:57:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PxHlpa64
7/30/2011 6:57:31 PM, Error: Service Control Manager [7000] - The TOSHIBA Optical Disc Drive Service service failed to start due to the following error: The system cannot find the path specified.
7/30/2011 6:57:31 PM, Error: Service Control Manager [7000] - The TOSHIBA HDD Protection service failed to start due to the following error: The system cannot find the path specified.
7/30/2011 6:06:58 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
7/30/2011 4:16:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NTI BackupNowEZSvr service to connect.
7/30/2011 4:16:56 PM, Error: Service Control Manager [7000] - The NTI BackupNowEZSvr service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/30/2011 10:46:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
7/30/2011 10:38:22 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
7/30/2011 10:33:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ehSched with arguments "-Service" in order to run the server: {33D8C85A-B8C1-4828-B51A-4F3349AD5F9E}
7/30/2011 10:31:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
7/30/2011 10:22:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
7/29/2011 6:22:40 PM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/29/2011 6:22:40 PM, Error: Service Control Manager [7038] - The lmhosts service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/29/2011 6:22:40 PM, Error: Service Control Manager [7000] - The TCP/IP NetBIOS Helper service failed to start due to the following error: The service did not start due to a logon failure.
7/29/2011 6:22:40 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure.
7/29/2011 6:20:41 PM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The data is invalid.
7/29/2011 6:17:29 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.
7/29/2011 6:17:29 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress.
7/29/2011 6:17:28 PM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/29/2011 6:17:28 PM, Error: Service Control Manager [7038] - The lmhosts service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/28/2011 12:30:59 PM, Error: Service Control Manager [7038] - The HPSLPSVC service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/28/2011 12:30:59 PM, Error: Service Control Manager [7000] - The Portable Device Enumerator Service service failed to start due to the following error: A system shutdown is in progress.
7/28/2011 12:30:59 PM, Error: Service Control Manager [7000] - The Human Interface Device Access service failed to start due to the following error: A system shutdown is in progress.
7/28/2011 12:30:59 PM, Error: Service Control Manager [7000] - The hpqcxs08 service failed to start due to the following error: A system shutdown is in progress.
7/28/2011 12:30:59 PM, Error: Service Control Manager [7000] - The HP Network Devices Support service failed to start due to the following error: The service did not start due to a logon failure.
7/28/2011 12:30:59 PM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: A system shutdown is in progress.
7/28/2011 10:01:51 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/28/2011 10:01:51 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
7/28/2011 10:01:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/23/2011 12:51:54 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Owner-PC\Owner SID (S-1-5-21-4152203797-1265048666-4062196912-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/23/2011 12:51:54 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Owner-PC\Owner SID (S-1-5-21-4152203797-1265048666-4062196912-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Owner at 19:37:05 on 2011-07-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5981.2230 [GMT -4:00]
.
AV: BitDefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: BitDefender AntiSpyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
FW: BitDefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\DRIVERS\o2flash.exe
C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
C:\windows\system32\Dwm.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\windows\system32\taskeng.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k HPService
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch64.exe
C:\Program Files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\NetZero\exec.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\NetZero\exec.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=YKxdm036YYus&ptb=5FE0B06F-4889-4D6F-9BCA-71806E7FEEB6
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
mStart Page = about:blank
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80116
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80116
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: {DAB35D68-1CDC-4375-8333-D7BBCEE3C0A0} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: {9dbb9aeb-5a16-4989-a66f-c0f1c909d647} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: {1e7e4de1-5ef4-4baa-9250-c26258dc499a} - No File
TB: Bitdefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [MyTOSHIBA] "C:\Program Files (x86)\Toshiba\My Toshiba\MyToshiba.exe" /AUTO
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [NetZero_uoltray] C:\Program Files (x86)\NetZero\exec.exe regrun
uRun: [SpeedUpMyPC] "C:\Program Files (x86)\Uniblue\SpeedUpMyPC\launcher.exe" delay 20000
uRun: [DriverScanner] "C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe" delay 20000
mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [ErrorTeck] C:\Program Files (x86)\ErrorTeck\ErrorTeck.exe /scan
dRunOnce: [{91120000-0031-0000-0000-0000000FF1CE}] C:\windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search
IE: Display All Images with Full Quality - "C:\Program Files (x86)\NetZero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "C:\Program Files (x86)\NetZero\qsacc\appres.dll/227"
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: propertypreservationinnercircle.com
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{534A62E7-B21F-4224-AFEB-2996507D4C92} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{B96BEFE0-DEAC-4EC5-BFF3-1B84E81E3F8D} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B96BEFE0-DEAC-4EC5-BFF3-1B84E81E3F8D}\553514C4561647865627F575962756C6563737 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B96BEFE0-DEAC-4EC5-BFF3-1B84E81E3F8D}\B48464D41425B45445 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{B96BEFE0-DEAC-4EC5-BFF3-1B84E81E3F8D}\C696E6B6379737 : DhcpNameServer = 66.82.4.8
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe /SETUP
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: {DAB35D68-1CDC-4375-8333-D7BBCEE3C0A0} - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: {9dbb9aeb-5a16-4989-a66f-c0f1c909d647} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB-X64: {1e7e4de1-5ef4-4baa-9250-c26258dc499a} - No File
TB-X64: Bitdefender Toolbar: {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\IEToolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe"
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [ErrorTeck] C:\Program Files (x86)\ErrorTeck\ErrorTeck.exe /scan
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4i56bwoj.default\
FF - prefs.js: browser.search.selectedEngine - My Way
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm036YYus&ptb=5FE0B06F-4889-4D6F-9BCA-71806E7FEEB6&psa=&ind=2011072717&ptnrS=YKxdm036YYus&si=XXXXXXXXXX&st=kwd&n=77de88cd&searchfor=
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\components\bdaphff3.6.dll
FF - component: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\components\bdaphff3.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: BitDefender Antiphishing Toolbar: FFToolbar@bitdefender.com - C:\Program Files\BitDefender\BitDefender 2011\bdaphffext
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys [2011-7-13 88144]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-6-11 99408]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [2009-5-8 45312]
R2 regi;regi;C:\windows\system32\drivers\regi.sys --> C:\windows\system32\drivers\regi.sys [?]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-11 252272]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UPDATESRV;BitDefender Desktop Update Service;C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe [2011-7-13 53224]
R3 BDFM;BDFM;C:\windows\system32\DRIVERS\bdfm.sys --> C:\windows\system32\DRIVERS\bdfm.sys [?]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\windows\system32\drivers\IntcHdmi.sys --> C:\windows\system32\drivers\IntcHdmi.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 O2MDGRDR;O2MDGRDR;C:\windows\system32\DRIVERS\o2mdgx64.sys --> C:\windows\system32\DRIVERS\o2mdgx64.sys [?]
R3 O2SDGRDR;O2SDGRDR;C:\windows\system32\DRIVERS\o2sdgx64.sys --> C:\windows\system32\DRIVERS\o2sdgx64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-29 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-29 135664]
S3 iprip;RIP Listener;C:\windows\System32\svchost.exe -k ipripsvc [2009-7-13 20992]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2009-10-16 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 Update Server;BitDefender Update Server v2;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2011-7-13 467248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 avc3;avc3;C:\windows\system32\DRIVERS\avc3.sys --> C:\windows\system32\DRIVERS\avc3.sys [?]
S4 avckf;avckf;C:\windows\system32\DRIVERS\avckf.sys --> C:\windows\system32\DRIVERS\avckf.sys [?]
.
=============== Created Last 30 ================
.
2011-07-30 17:32:01 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
2011-07-30 17:31:48 41272 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-30 17:31:47 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-30 17:31:45 25912 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-07-30 17:31:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-27 21:02:49 -------- d-----w- C:\Program Files (x86)\TotalRecipeSearch_14
2011-07-27 21:02:40 -------- d-----w- C:\Program Files (x86)\TotalRecipeSearch_14EI
2011-07-27 18:12:47 -------- d-----w- C:\ProgramData\pC01300FcNeJ01300
2011-07-22 14:37:15 -------- d-----w- C:\Users\Owner\AppData\Roaming\SupportSoft
2011-07-17 16:50:17 -------- d-----w- C:\Users\Owner\AppData\Local\{F1C43419-A90C-430B-944F-4F8114B17CF9}
2011-07-15 14:43:42 -------- d-----w- C:\ProgramData\Uniblue
2011-07-15 14:25:44 -------- dc-h--w- C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2011-07-13 13:06:58 3137536 ----a-w- C:\windows\System32\win32k.sys
2011-07-13 13:06:56 362496 ----a-w- C:\windows\System32\wow64win.dll
2011-07-13 13:06:56 338944 ----a-w- C:\windows\System32\conhost.exe
2011-07-13 13:06:56 214528 ----a-w- C:\windows\System32\winsrv.dll
2011-07-13 13:06:55 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2011-07-13 13:06:55 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2011-07-13 13:06:55 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2011-07-13 13:06:55 243200 ----a-w- C:\windows\System32\wow64.dll
2011-07-13 13:06:55 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2011-07-13 13:06:55 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2011-07-13 13:06:55 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2011-07-13 13:06:54 2048 ----a-w- C:\windows\SysWow64\user.exe
2011-07-12 17:16:40 -------- d-----w- C:\ProgramData\pL01300AdBdP01300
.
==================== Find3M ====================
.
2011-06-22 13:33:08 404640 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-03 06:56:38 421888 ----a-w- C:\windows\System32\KernelBase.dll
2011-06-03 05:57:52 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2011-06-03 05:56:11 272384 ----a-w- C:\windows\SysWow64\KernelBase.dll
2011-06-03 03:48:32 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-06-01 23:41:04 152576 ----a-w- C:\windows\SysWow64\msclmd.dll
2011-06-01 23:41:03 175616 ----a-w- C:\windows\System32\msclmd.dll
2011-05-28 03:30:09 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2011-05-28 02:53:58 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-05-24 11:42:55 404480 ----a-w- C:\windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\windows\SysWow64\drvinst.exe
2011-05-04 05:25:03 2315776 ----a-w- C:\windows\System32\tquery.dll
2011-05-04 05:22:25 778752 ----a-w- C:\windows\System32\mssvp.dll
2011-05-04 05:22:25 2223616 ----a-w- C:\windows\System32\mssrch.dll
2011-05-04 05:22:24 75264 ----a-w- C:\windows\System32\msscntrs.dll
2011-05-04 05:22:24 491520 ----a-w- C:\windows\System32\mssph.dll
2011-05-04 05:22:24 288256 ----a-w- C:\windows\System32\mssphtb.dll
2011-05-04 05:19:28 591872 ----a-w- C:\windows\System32\SearchIndexer.exe
2011-05-04 05:19:28 249856 ----a-w- C:\windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28 113664 ----a-w- C:\windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43 1549312 ----a-w- C:\windows\SysWow64\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- C:\windows\SysWow64\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- C:\windows\SysWow64\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- C:\windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- C:\windows\SysWow64\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- C:\windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- C:\windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- C:\windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- C:\windows\SysWow64\SearchProtocolHost.exe
2011-05-03 05:29:29 976896 ----a-w- C:\windows\System32\inetcomm.dll
2011-05-03 04:30:02 741376 ----a-w- C:\windows\SysWow64\inetcomm.dll
2010-03-29 22:40:20 100256 ----a-w- C:\Program Files\Common Files\LinkInstaller.exe
.
============= FINISH: 19:37:33.28 ===============

0

Ok, almost finished. You need to Uninstall these programs, as I said earlier, they are basically Junk programs and really can do much more harm than good.
Uniblue DriverScanner
Uniblue RegistryBooster
Uniblue SpeedUpMyPC
Uniblue SystemTweaker

These two, are not listed in Add/Remove but do have Program folders so they need to go also
C:\Program Files\ErrorTeck
C:\Program Files (x86)\TotalRecipeSearch

You also should change your Home Page to something other than .mywebsearch, it also brings in a LOT of questionable files.

A huge number of the infected files actually came from TotalRecipeSearch and it is known as a questionable website.Obviously somebody in your household is a cook or loves to cook. There are many other excellent websites where good recipes can be found, I would strongly advise against this one.

Your Java is also WAY out of date so it needs to be updated.
You should Uninstall the old Java using Add/Remove and then download this newest version from this web page.
http://www.java.com/en/download/

Once you have done all of the above come back and I will give you just two more FREE security programs which will help keep your computer safer.
You haven't had anymore indications of the PERSONAL SHIELD PRO have you...I hope anyway.

Edited by jholland1964: n/a

0

Ok, almost finished. You need to Uninstall these programs, as I said earlier, they are basically Junk programs and really can do much more harm than good.
Uniblue DriverScanner
Uniblue RegistryBooster
Uniblue SpeedUpMyPC
Uniblue SystemTweaker

These two, are not listed in Add/Remove but do have Program folders so they need to go also
C:\Program Files\ErrorTeck
C:\Program Files (x86)\TotalRecipeSearch

You also should change your Home Page to something other than .mywebsearch, it also brings in a LOT of questionable files.

A huge number of the infected files actually came from TotalRecipeSearch and it is known as a questionable website.Obviously somebody in your household is a cook or loves to cook. There are many other excellent websites where good recipes can be found, I would strongly advise against this one.

Your Java is also WAY out of date so it needs to be updated.
You should Uninstall the old Java using Add/Remove and then download this newest version from this web page.
http://www.java.com/en/download/

Once you have done all of the above come back and I will give you just two more FREE security programs which will help keep your computer safer.
You haven't had anymore indications of the PERSONAL SHIELD PRO have you...I hope anyway.

No Sign of Personal Shield Pro.
Uninstalled all Uniblue(4) and Errortek, old java, changed homepage, downloaded new Java, got rid of Total Recipes (2) files. Also took out two files I downloaded prior to contacting Daniweb (associated with Spyware Doctor that I did not install).

Edited by frstratd: n/a

0

Fantastic!!!
Now here are the two programs I mentioned.
First one is SpywareBlaster from Javacool. It is truly a MUST have program. I have not run my computers without it in years.
"SpywareBlaster doesn't scan for and clean spyware--it prevents it from being installed in the first place. SpywareBlaster prevents the installation of ActiveX-based spyware, adware, dialers, browser hijackers, and other potentially unwanted programs. It can also block spyware/tracking cookies in IE, Mozilla Firefox, Netscape, and many other browsers, and restrict the actions of spyware/ad/tracking sites."

Download it from here:
http://download.cnet.com/SpywareBlaster/3000-8022_4-10196637.html

Install it, update it and then Enable All protection and close the program. This is one reason it is so good, it doesn't run in the background so it cannot interfere with any other programs, but it offers superb protection. Manually check for updates every couple weeks. If there are updates then install them, enable all protection and close the program. Simple as that.

The second one is WOT...Web Of Trust. This is a browser addon which gives you advanced warnings on whether a website is trustworthy or not. If the site is good you will see a little green circle on the browser, if it is questionable the circle will be yellow/orange and if it is totally NOT trustworth the circle will be red.
It is available for both Firefox and Internet Explorer.
http://www.mywot.com/

Keep Malwarebytes' Anti-Malware (MBA-M). Update it at least once a week and do a Quick Scan with it, if something is found then have it Remove all. Reboot, Update it again and do a Full Scan following the same procedures. If the Quick Scan comes out clean then no need to do the full scan. Remember, MBA-M has updates multiple times a day so this is why you always should update it BEFORE each scan.

Other than that, unless you have other questions, I would say you are "good to go". You did a super job. Yes, as you said, it is very important to follow steps as given and exactly. They are written in the order they are in for very specific reasons, as you have found.
Again, you did a great job and glad we got things cleaned up. If you feel everything is fixed then you can mark this thread as solved.
Judy

Edited by jholland1964: n/a

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.