PC Hell: Review of Spybot Search and Destroy 1.4

Review of Spybot Search and Destroy 1.4

SpyBot Search and Destroy 1.4
Date Reviewed: 1/10/2005
Download SpyBot Search and Destroy

My original review of Spybot Search and Destroy was based upon version 1.3. It was conducted in January 2005 and it did a very good job of removing the unwanted ware at that time. Now a little over two years later, it was time to update this review and see how the current version of Spybot Search and Destroy 1.4 handled many of the pests, unwanted toolbars, and other issues found on many of the machines I see now.

So, how did it do on my test computer loaded with the following files:

My Web Search (Fun Web Products)
Deluxe Communications (SurfSideKick)
New.Net
Web Rebates
StarWare
Zango

Running Spybot in Normal mode after downloading the latest updates, it found 328 objects and fixed 315 problems on the first scan. After a reboot, a second scan discovered 13 objects and was able to fix 10 of those. Further scans removed nothing more. Spybot Search and Destroy 1.4 did leave StarWare, WebRebates, MyWebSearch, and New.Net files intact.

After several scans, I ran Hijackthis and reviewed the following list:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rrkvvbnsrnajtoxgsjiq.com/X4Yu5Gv9/9QozV_uFpEOYfUJ7qkkklWYzpar3OxZJeM.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubc
D3RW7BXlKjveGF4AwCwT67fUJvQBwJBF9/FJag+fq5gxg59GwbiCWltBD1f2
EubmO5BkuV49LZMGTztGQSkez+xMfEcxQEne/wP1myARfG5FuDrdd7seR
Wf+u1BIHDoLwqs9QuaSsfGftkqUTnlTGSYRRjhjL45OQdgGu153zv80caVJfVZ
Tq6kAg7AMEvvZpHrSoFV+XFUl6SFBTlnkysPRaM4iNHCHCfMpObjhMNCR75z1PfP0/iw==

R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: (no name) - {1284D311-3740-7BFC-B951-227ABDDF0445} - C:\DOCUME~1\Owner\APPLIC~1\RECTTRAY\Time Sect.exe
O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - C:\Program Files\Starware305\bin\Starware305.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Starware305 - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware305\bin\Starware305.dll
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [toprm] "C:\Program Files\Web__Rebates\webrebatesv.exe"
O4 - HKLM\..\Run: [bowsthespamwarn] C:\Documents and Settings\All Users\Application Data\IsoProgramBowsThe\pokeslow.exe
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [coolthunkwaveinternet] C:\Documents and Settings\All Users\Application Data\Boreoptioncoolthunk\Name Road.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [deafbold] C:\DOCUME~1\Owner\APPLIC~1\SIZECI~1\grey trust.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [Axis Army] C:\DOCUME~1\Owner\APPLIC~1\SAFEST~1\SOFTWAREFLAPNOUN.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZWYYYYYYYYUS
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web__Rebates\toprt\toprC5.htm
O20 - AppInit_DLLs: dxclib303562752.dll

Spybot Search and Destroy did remove Zango Toolbar and Search Assistant fairly easily, which the older version of Spybot could not handle. It did however leave many of the programs intact.

Conclusions

Spybot Search and Destroy 1.4 is a solid removal program with constantly current updates. Even though many of the issues found were simple cookies, I would still recommend running it on a regular basis and using it to remove many programs that are not wanted, however you may need to use it in conjunction with other manual methods or other removal programs to get rid of everything.

Files found by Spybot Search and Destroy on test machine

Comload: Code storage database (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{AD7FA
FB0-16D6-40C3-AF27-585D6E6453FD}
Comload: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{AD7FA
FB0-16D6-40C3-AF27-585D6E6453FD}\DownloadInformation\CODEBASE
FunWebProducts: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
FunWebProducts: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
FunWebProducts: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
FunWebProducts: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
FunWebProducts: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
FunWebProducts: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.HistoryKillerScheduler
FunWebProducts: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.HistoryKillerScheduler.1
FunWebProducts: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
FunWebProducts: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.HistorySwatterControlBar
FunWebProducts: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.HistorySwatterControlBar.1
FunWebProducts: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
FunWebProducts: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.IECookiesManager
FunWebProducts: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.IECookiesManager.1
FunWebProducts: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
FunWebProducts: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.KillerObjManager
FunWebProducts: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.KillerObjManager.1
FunWebProducts: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
FunWebProducts: Program directory (Directory, nothing done)
C:\Program Files\FunWebProducts\
FunWebProducts: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1449655655-1482789601-4210259494-1003\Software\Fun Web Products
ShopNav: IE Search page (Registry change, nothing done)
HKEY_USERSS-1-5-21-1449655655-1482789601-4210259494-1003\Software\Microsoft\Interne
t Explorer\Main\Search Page=about:blank
ShopNav: IE Search page (Registry change, nothing done)
HKEY_USERSS-1-5-21-1449655655-1482789601-4210259494-1003\Software\Microsoft\Interne
t Explorer\Main\Search Bar=about:blank
ShopNav: IE Search page (Registry change, nothing done)
HKEY_USERSS-1-5-21-1449655655-1482789601-4210259494-1003\Software\Microsoft\Interne
t Explorer\SearchUrl\=about:blank
ShopNav: IE Search page (Registry change, nothing done)
HKEY_LOCAL_MACHINESoftware\Microsoft\Internet Explorer\Main\Search Page=about:blank
ShopNav: IE Search page (Registry change, nothing done)
HKEY_LOCAL_MACHINESoftware\Microsoft\Internet Explorer\Main\Search Bar=about:blank
ShopNav: IE Search page (Registry change, nothing done)
HKEY_LOCAL_MACHINESoftware\Microsoft\Internet Explorer\Search\CustomizeSearch=about
:blank
WebRebates.TopRebates: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1449655655-1482789601-4210259494-1003\Software\Microsoft\Intern
et Explorer\MenuExt\Web Rebates
FunWebProducts: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
FunWebProducts: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{A6573479-9075-4A65-98A6-19FD29CF7374}
FunWebProducts: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{D778513B-1C40-4819-B0C5-49E40B39AFD0}
FunWebProducts: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.BrowserOverlayBarButton
FunWebProducts: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.BrowserOverlayBarButton.1
FunWebProducts: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{D778513B-1C40-4819-B0C5-49E40B39AFD0}
FunWebProducts: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.BrowserOverlayEmbed
FunWebProducts: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.BrowserOverlayEmbed.1
FunWebProducts: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A6573479-9075-4A65-98A6-19FD29CF7374}
FunWebProducts: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
FunWebProducts: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A}
FunWebProducts: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.DataControl
FunWebProducts: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.DataControl.1
FunWebProducts: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A}
FunWebProducts: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
FunWebProducts: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
FunWebProducts: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
FunWebProducts: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}
FunWebProducts: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
FunWebProducts: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
FunWebProducts: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{2EFF3CF7-99C1-4c29-BC2B-68E057E22340}
FunWebProducts: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.ShellViewControl
FunWebProducts: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.ShellViewControl.1
FunWebProducts: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2EFF3CF7-99C1-4c29-BC2B-68E057E22340}
FunWebProducts: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{2763E333-B168-41A0-A112-D35F96F410C0}
FunWebProducts: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{621FEACD-8857-43A6-AE26-451D670D5370}
FunWebProducts: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}
FunWebProducts: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
FunWebProducts: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
FunWebProducts: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}
FunWebProducts: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
FunWebProducts: Program directory (Directory, nothing done)
C:\Program Files\FunWebProducts\ScreenSaver\
FunWebProducts: Program directory (Directory, nothing done)
C:\Program Files\FunWebProducts\ScreenSaver\Images\
FunWebProducts: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}
FunWebProducts: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{8D292EC0-6792-4A38-82ED-73A087E41BA6}
FunWebProducts: Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed
FunWebProducts: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{98635087-3F5D-418F-990C-B1EFE0797A3B}
FunWebProducts: Executable (File, nothing done)
C:\WINDOWS\SYSTEM32\f3PSSavr.scr
Swizzor: Executable (File, nothing done)
C:\Documents and Settings\Owner\Local Settings\Temp\sta2.exe
Swizzor: Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1449655655-1482789601-4210259494-1003\Software\Microsoft\Intern
et Explorer\New Windows\Allow\dns-look-up.com
Swizzor: Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1449655655-1482789601-4210259494-1003\Software\Microsoft\Intern
et Explorer\New Windows\Allow\search200.com
Swizzor: Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1449655655-1482789601-4210259494-1003\Software\Microsoft\Intern
et Explorer\New Windows\Allow\www.dns-look-up.com
Swizzor: Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1449655655-1482789601-4210259494-1003\Software\Microsoft\Intern
et Explorer\New Windows\Allow\www.search200.com
SurfSideKick: Temporary file (File, nothing done)
C:\Documents and Settings\Owner\Local Settings\Temp\i15.tmp
Hotbar: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{1E0004EC-5DF0-48C7-A8F0-FBB0488A3D94}
Hotbar: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\HbCoreSrv.DynamicProp
Hotbar: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\HbCoreSrv.DynamicProp.1
Hotbar: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1E0004EC-5DF0-48C7-A8F0-FBB0488A3D94}
Hotbar: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Wallpaper.WallpaperManager
Hotbar: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Wallpaper.WallpaperManager.1
Hotbar: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}
MyWay.MyWebSearch: Browser helper object (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1449655655-1482789601-4210259494-1003\Software\MyWebSearch
MyWay.MyWebSearch: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}
MyWay.MyWebSearch: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
MyWay.MyWebSearch: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{07B18EA3-A523-4961-B6BB-170DE4475CCA}
MyWay.MyWebSearch: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
MyWay.MyWebSearch: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}
MyWay.MyWebSearch: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}
MyWay.MyWebSearch: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
MyWay.MyWebSearch: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
MyWay.MyWebSearch: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}
MyWay.MyWebSearch: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
MyWay.MyWebSearch: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\MyWebSearch.OutlookAddin
MyWay.MyWebSearch: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\MyWebSearch.OutlookAddin.1
MyWay.MyWebSearch: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
MyWay.MyWebSearch: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\MyWebSearchToolBar.SettingsPlugin
MyWay.MyWebSearch: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\MyWebSearchToolBar.SettingsPlugin.1
MyWay.MyWebSearch: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
MyWay.MyWebSearch: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ScreenSaverControl.ScreenSaverInstaller
MyWay.MyWebSearch: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ScreenSaverControl.ScreenSaverInstaller.1
MyWay.MyWebSearch: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
MyWay.MyWebSearch: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}
MyWay.MyWebSearch: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
MyWay.MyWebSearch: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}
MyWay.MyWebSearch: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
MyWay.MyWebSearch: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
MyWay.MyWebSearch: Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\FocusInteractive
MyWay.MyWebSearch: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{1D4DB
7D2-6EC9-47A3-BD87-1E41684E07BB}
MyWay.MyWebSearch: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddi
n
MyWay.MyWebSearch: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin
MyWay.MyWebSearch: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helpe
r Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
MyWay.MyWebSearch: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch
bar Uninstall
MyWay.MyWebSearch: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\MyWebSearch
MyWay.MyWebSearch: IE toolbar (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1449655655-1482789601-4210259494-1003\Software\Microsoft\Intern
et Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
MyWay.MyWebSearch: IE toolbar (Registry value, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961
-B6BB-170DE4475CCA}
MyWay.MyWebSearch: Program directory (Directory, nothing done)
C:\Program Files\MyWebSearch\
MyWay.MyWebSearch: Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helpe
r Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
MyWay.MyWebSearch: Library (File, nothing done)
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
MyWay.MyWebSearch: Library (File, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
NewDotNet: Autorun settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\New.net Startup
NewDotNet: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net
NewDotNet: Program directory (Directory, nothing done)
C:\Program Files\NewDotNet\
NewDotNet: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Tldctl2.URLLink
NewDotNet: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Tldctl2.URLLink.1
NewDotNet: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
NewDotNet: Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helpe
r Objects\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
NewDotNet: Global settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\New.net
NewDotNet: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
NewDotNet: User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1449655655-1482789601-4210259494-1003\Software\new.net
WildTangent: Program directory (Directory, nothing done)
C:\WINDOWS\wt\
WildTangent: Program directory (Directory, nothing done)
C:\WINDOWS\wt\updater\
Zango: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}
Zango: User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1449655655-1482789601-4210259494-1003\Software\Microsoft\Window
s\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038}
Zango: Autorun settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zango
Zango: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}
Zango: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}
Zango: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\LMgr180.WMDRMAx
Zango: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\LMgr180.WMDRMAx.1
Zango: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}
Zango: User settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1449655655-1482789601-4210259494-1003\Software\Microsoft\Window
s\ShellNoRoam\MUICache\C:\Program Files\Zango\zango.exe
Zango: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}
Zango: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}
Zango: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ClientAX.ZangoClientAX
Zango: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ClientAX.ZangoClientAX.1
Zango: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}
Zango: Library (File, nothing done)
C:\WINDOWS\Downloaded Program Files\ClientAX.dll
Zango: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}
Zango: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}
Zango: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}
Zango: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
Zango: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ClientAX.ClientInstaller
Zango: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ClientAX.ClientInstaller.1
Zango: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}
Zango: Program directory (Directory, nothing done)
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\
Zango: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\zango
Zango: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1449655655-1482789601-4210259494-1003\Software\zango
Zango: Program directory (Directory, nothing done)
c:\Program Files\Zango\
MyWay.MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
MyWay.MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
MyWay.MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
MyWay.MyWebSearch: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\MyWebSearch.ChatSessionPlugin
MyWay.MyWebSearch: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\MyWebSearch.ChatSessionPlugin.1
MyWay.MyWebSearch: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}
MyWay.MyWebSearch: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}
MyWay.MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
MyWay.MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
MyWay.MyWebSearch: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\MyWebSearch.HTMLPanel
MyWay.MyWebSearch: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\MyWebSearch.HTMLPanel.1
MyWay.MyWebSearch: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
MyWay.MyWebSearch: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}
MyWay.MyWebSearch: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}
MyWay.MyWebSearch: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\MyWebSearch.PseudoTransparentPlugin
MyWay.MyWebSearch: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\MyWebSearch.PseudoTransparentPlugin.1
MyWay.MyWebSearch: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}
MyWay.MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
MyWay.MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
MyWay.MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
MyWay.MyWebSearch: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720
452-B472-4954-B7AA-33069EB53906}
MyWay.MyWebSearch: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D
294-B7BB-4f24-AE82-7E2CE94BB6A9}
MyWay.MyWebSearch: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DF
BCA-5697-4fbd-94E5-5B2A9C7C1612}
MyWay.MyWebSearch: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1449655655-1482789601-4210259494-1003\Software\Microsoft\Window
s\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
MyWay.MyWebSearch: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
MyWay.MyWebSearch: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
MyWay.MyWebSearch: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
MyWay.MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
MyWay.MyWebSearch: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\MyWebSearchToolBar.ToolbarPlugin
MyWay.MyWebSearch: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\MyWebSearchToolBar.ToolbarPlugin.1
MyWay.MyWebSearch: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
MyWay.MyWebSearch: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1449655655-1482789601-4210259494-1003\Software\Microsoft\Intern
et Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}
MyWay.MyWebSearch: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582
-467e-B8D4-7786EDA79AE0}
MyWay.MyWebSearch: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18
EAB-A523-4961-B6BB-170DE4475CCA}
NewDotNet: Library (File, nothing done)
C:\Program Files\NewDotNet\newdotnet7_48.dll
180Solutions.SearchAssistant: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}
180Solutions.SearchAssistant: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ClientAX.RequiredComponent
180Solutions.SearchAssistant: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ClientAX.RequiredComponent.1
180Solutions.SearchAssistant: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}
FunWeb: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.HTMLMenu
FunWeb: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.HTMLMenu.2
FunWeb: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
FunWeb: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.HTMLMenu.1
FunWeb: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
FunWeb: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.PopSwatterBarButton
FunWeb: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.PopSwatterBarButton.1
FunWeb: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
FunWeb: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.PopSwatterSettingsControl
FunWeb: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.PopSwatterSettingsControl.1
FunWeb: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
FunWeb: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
FunWeb: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
FunWeb: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Fun Web Products
FunWeb: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\FunWebProducts
FunWeb: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User
Agent\Post Platform\FunWebProducts
IE Plugin: Autorun settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Win Server Updt
IE Plugin: Program file (File, nothing done)
C:\WINDOWS\pxckdla.exe
IE Plugin: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\IMIToolbar.BottomFrame
IE Plugin: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\IMIToolbar.BottomFrame.1
IE Plugin: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}
IE Plugin: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\IMIToolbar.LeftFrame
IE Plugin: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\IMIToolbar.LeftFrame.1
IE Plugin: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}
IE Plugin: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\IMIToolbar.PopupBrowser
IE Plugin: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\IMIToolbar.PopupBrowser.1
IE Plugin: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}
IE Plugin: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\IMIToolbar.PopupWindow
IE Plugin: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\IMIToolbar.PopupWindow.1
IE Plugin: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}
IE Plugin: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}
IE Plugin: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}
IE Plugin: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}
IE Plugin: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}
IE Plugin: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{220959EA-B54C-4201-8DF2-1CFAC8B59FD7}
IE Plugin: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{6A288140-3E1C-4CD9-AAC5-E20FDD4F5D64}
IE Plugin: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{7371AD3F-C419-4DC0-8E8A-E21FAFAD53E0}
IE Plugin: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{98B2DDBA-6DA2-4421-AF2B-814E98F53649}
IE Plugin: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{E4458B4A-6149-4450-84F2-864ADB7E8C52}
IE Plugin: Data (File, nothing done)
C:\WINDOWS\lu.dat
IE Plugin: Data (File, nothing done)
C:\WINDOWS\sysinfo.dat
IE Plugin: Library (File, nothing done)
C:\WINDOWS\systb.dll
Zango: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{031CBF6A-C70E-4177-A0D4-C5268EE311FB}
Zango: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1449655655-1482789601-4210259494-1003\Software\Microsoft\Intern
et Explorer\Explorer Bars\{0EBACAF2-E0F9-47A9-98CF-0ECCE30B654C}
Zango: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1449655655-1482789601-4210259494-1003\Software\ZangoToolbar
Zango: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{049B9813-C417-4A47-A893-604FAD16B251}
Zango: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{4DBE6B29-59FC-400C-915B-FB57A5CD533E}
Zango: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34}
Zango: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{7586A473-7A57-4641-8155-E87135D0E2F4}
Zango: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{DC92EE2E-DF2D-4A80-A48B-17377C81CFC2}
Zango: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ZangoToolbar.ZbCommBand
Zango: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ZangoToolbar.ZbCommBand.1
Zango: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0EBACAF2-E0F9-47A9-98CF-0ECCE30B654C}
Zango: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ZbCoreSrv.LfgAx
Zango: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ZbCoreSrv.LfgAx.1
Zango: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7585AF6A-6D68-4896-A1A1-F23AA8FCF9F1}
Zango: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ZbCoreSrv.ZbCoreServices
Zango: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ZbCoreSrv.ZbCoreServices.1
Zango: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{37E5D130-E81C-43E5-A2AD-9C155467F334}
Zango: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ZbHostIE.Bho
Zango: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ZbHostIE.Bho.1
Zango: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{5CBE2611-C31B-401F-89BC-4CBB25E853D7}
Zango: Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helpe
r Objects\{5CBE2611-C31B-401F-89BC-4CBB25E853D7}
Zango: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ZbSrv.ZbCoreServices
Zango: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ZbSrv.ZbCoreServices.1
Zango: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{CF1A5756-F372-463E-BC20-1D3D58F4B9AF}
Zango: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ZbToolbar.ZbHtmlMenuUI
Zango: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ZbToolbar.ZbHtmlMenuUI.1
Zango: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{97CE9A1F-672E-4CF4-B483-9DE6BCB4CB1E}
Zango: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ZbToolbar.ZbToolbarCtl
Zango: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ZbToolbar.ZbToolbarCtl.1
Zango: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{D318484F-1800-441A-8661-A1DEA5F8800E}
Zango: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ZbTools.HbMain
Zango: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ZbTools.HbMain.1
Zango: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC17D2FB-6C7A-47B7-BB3D-EC879BC3C911}
Zango: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoToolbar
WebTools
Zango: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\ZangoToolbar
Zango: Application data folder (Directory, nothing done)
C:\Program Files\ZangoToolbar\
IE Plugin: User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1449655655-1482789601-4210259494-1003\Software\intexp
MyWebSearch: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}
MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
MyWebSearch: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
MyWebSearch: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
MyWebSearch: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\sources\f3PopularScreensavers
WarezP2P: User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1449655655-1482789601-4210259494-1003\Software\Warez
WarezP2P: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\warez
WarezP2P: Executable (File, nothing done)
C:\WINDOWS\NDNuninstall7_22.exe
Hotbar: Interface (IHbMapiAddrBook) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{30022029-2C17-4A99-87D2-A382C674A19D}
Hotbar: Interface (IHbStats) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{B24FF4F6-D327-4208-8840-68CCEF7D6125}
Advertising.com: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)
CurePCSolution: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)
Hotbar: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)
DirectTrack: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)
Hotbar: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)
Swizzor: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)
CoreMetrics: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)
Statcounter: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)
Clickbank: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)
Zedo: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)
HitBox: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)
Swizzor: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)
HitBox: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)
FastClick: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)
DirectTrack: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)
Avenue A, Inc.: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)
WarezP2P: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)
WebTrends live: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)
HitBox: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)
AdRevolver: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)
AdRevolver: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)
MediaPlex: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)
DoubleClick: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)
HitBox: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)
TagASaurus: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)
CasinoPopupStuff: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)
Unknown: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)

Hijackthis Log Before Running Spybot Search and Destroy 1.4

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.shopnav.com/sidesearch.cgi?uid=12248223&id=5.20013
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.shopnav.com/sidesearch.cgi?uid=12248223&id=5.20013
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.starware.com/dp/startpage?src_id=305
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.shopnav.com/sidesearch.cgi?uid=12248223&id=5.20013
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.shopnav.com/sidesearch.cgi?uid=12248223&id=5.20013
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZM
bubcD3RW7BXlKjveGF4AwCwT67fUJvQBwJBF9/FJag+fq5gxg59GwbiCWltBD
1f2EubmO5BkuV49LZMGTztGQSkez+xMfEcxQEne/wP1myARfG5FuDrdd7se
RWX6MKP4bYntHmtQd7xSJtlddCLivn5Yp96Ikw7jBBMMG7lrd9YeSY7z8zen+
IY+LGzvxjnQZ+dReRl5WP9SZ68w=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.shopnav.com/sidesearch.cgi?uid=12248223&id=5.20013
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.shopnav.com/q.cgi?q=
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - C:\Program Files\Starware305\bin\Starware305.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_48.dll
O2 - BHO: Zango Search Assistant Helper /fleok=1D8A83A5C5E011789CA975760EA83FA5EF80752B94E2DE76587D472A37C1 - {56F1D444-11BF-4879-A12B-79CF0177F038} - c:\program files\zango\zangohook.dll
O2 - BHO: Zango Toolbar - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - C:\Program Files\ZangoToolbar\Bin\4.8.3.0\ZbHostIE.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Starware305 - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware305\bin\Starware305.dll
O3 - Toolbar: Zango Toolbar - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - C:\Program Files\ZangoToolbar\Bin\4.8.3.0\ZbHostIE.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\pxckdla.exe
O4 - HKLM\..\Run: [toprm] "C:\Program Files\Web__Rebates\webrebatesv.exe"
O4 - HKLM\..\Run: [bowsthespamwarn] C:\Documents and Settings\All Users\Application Data\IsoProgramBowsThe\pokeslow.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe"
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [deafbold] C:\DOCUME~1\Owner\APPLIC~1\SIZECI~1\grey trust.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZWYYYYYYYYUS
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web__Rebates\toprt\toprC5.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyWebSearchInitialSetup1.0.0.15.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168836801921
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://217.73.66.1/minidialler/US.exe
O20 - AppInit_DLLs: dxclib303562752.dll
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Hijackthis Log After Running Spybot Search and Destroy 1.4

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.rrkvvbnsrnajtoxgsjiq.com/X4Yu5Gv9/9QozV_uFpEOYfUJ7qkkklWYzpar3OxZJeM.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: (no name) - {1284D311-3740-7BFC-B951-227ABDDF0445} - C:\DOCUME~1\Owner\APPLIC~1\RECTTRAY\Time Sect.exe
O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - C:\Program Files\Starware305\bin\Starware305.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Starware305 - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware305\bin\Starware305.dll
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [toprm] "C:\Program Files\Web__Rebates\webrebatesv.exe"
O4 - HKLM\..\Run: [bowsthespamwarn] C:\Documents and Settings\All Users\Application Data\IsoProgramBowsThe\pokeslow.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [coolthunkwaveinternet] C:\Documents and Settings\All Users\Application Data\Boreoptioncoolthunk\Name Road.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [deafbold] C:\DOCUME~1\Owner\APPLIC~1\SIZECI~1\grey trust.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [Axis Army] C:\DOCUME~1\Owner\APPLIC~1\SAFEST~1\SOFTWAREFLAPNOUN.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZWYYYYYYYYUS
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web__Rebates\toprt\toprC5.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168836801921
O20 - AppInit_DLLs: dxclib303562752.dll
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe