Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: adware/trojan help  (Read 4013 times)

0 Members and 1 Guest are viewing this topic.

csulane

    Topic Starter


    Greenhorn

    adware/trojan help
    « on: December 05, 2009, 03:51:21 PM »
    This is what I found

    This is what I found..Thanks to the housesitter...

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 12/05/2009 at 00:21 AM

    Application Version : 4.31.1000

    Core Rules Database Version : 4338
    Trace Rules Database Version: 2191

    Scan type       : Complete Scan
    Total Scan Time : 01:11:28

    Memory items scanned      : 714
    Memory threats detected   : 0
    Registry items scanned    : 6058
    Registry threats detected : 616
    File items scanned        : 71263
    File threats detected     : 109

    Adware.MyWebSearch
       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
       HKU\S-1-5-21-789336058-1580436667-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
       HKU\S-1-5-21-789336058-1580436667-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D}
       HKU\S-1-5-21-789336058-1580436667-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
       HKU\S-1-5-21-789336058-1580436667-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
       HKLM\Software\Microsoft\Internet Explorer\Toolbar#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
       HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
       HKU\S-1-5-21-789336058-1580436667-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
       HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
       HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
       HKU\S-1-5-21-789336058-1580436667-682003330-1003\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
       HKU\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}

    Adware.Gamevance
       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7370F91F-6994-4595-9949-601FA2261C8D}
       HKU\S-1-5-21-789336058-1580436667-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3}
       HKU\S-1-5-21-789336058-1580436667-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7370F91F-6994-4595-9949-601FA2261C8D}
       HKU\S-1-5-21-789336058-1580436667-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}
       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7370F91F-6994-4595-9949-601FA2261C8D}
       HKU\.DEFAULT\Software\gvtl
       HKU\S-1-5-18\Software\gvtl

    Adware.MyWebSearch/FunWebProducts
       HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\Fun Web Products
       HKLM\SOFTWARE\Fun Web Products
       HKLM\SOFTWARE\Fun Web Products#JpegConversionLib
       HKLM\SOFTWARE\Fun Web Products#CacheDir
       HKLM\SOFTWARE\Fun Web Products\MSNMessenger
       HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLFile
       HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLDir
       HKLM\SOFTWARE\Fun Web Products\ScreenSaver
       HKLM\SOFTWARE\Fun Web Products\ScreenSaver#ImagesDir
       HKLM\SOFTWARE\Fun Web Products\ScreenSaver#PM
       HKLM\SOFTWARE\Fun Web Products\Settings
       HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn
       HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#LastHTMLMenuURL
       HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#HTMLMenuRevision
       HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#ETag
       HKLM\SOFTWARE\Fun Web Products\Settings\MailStampBtn
       HKLM\SOFTWARE\Fun Web Products\Settings\MailStampBtn#LastHTMLMenuURL
       HKLM\SOFTWARE\Fun Web Products\Settings\MailStampBtn#HTMLMenuRevision
       HKLM\SOFTWARE\Fun Web Products\Settings\MailStampBtn#ETag
       HKLM\SOFTWARE\Fun Web Products\Settings\MyStationeryBtn
       HKLM\SOFTWARE\Fun Web Products\Settings\MyStationeryBtn#LastHTMLMenuURL
       HKLM\SOFTWARE\Fun Web Products\Settings\MyStationeryBtn#HTMLMenuRevision
       HKLM\SOFTWARE\Fun Web Products\Settings\MyStationeryBtn#ETag
       HKLM\SOFTWARE\Fun Web Products\Settings\Promos
       HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.numActive
       HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.0
       HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqNone
       HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.numActive
       HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.0
       HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqUninstalled
       HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive
       HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive2
       HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.1
       HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.2
       HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.3
       HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.4
       HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.5
       HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.6
       HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.7
       HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.8
       HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn
       HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuPosDeleted
       HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#LastHTMLMenuURL
       HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuRevision
       HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#ETag
       HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\FunWebProducts
       HKLM\SOFTWARE\FunWebProducts
       HKLM\SOFTWARE\FunWebProducts\Installer
       HKLM\SOFTWARE\FunWebProducts\Installer#Dir
       HKLM\SOFTWARE\FunWebProducts\Installer#CurInstall
       HKLM\SOFTWARE\FunWebProducts\Installer#sr
       HKLM\SOFTWARE\FunWebProducts\Installer#pl
       HKLM\SOFTWARE\FunWebProducts\Installer#CheckForConnection
       HKLM\SOFTWARE\FunWebProducts\Installer#CacheDir
       HKLM\SOFTWARE\FunWebProducts\Installer\downloaded
       HKU\.DEFAULT\SOFTWARE\MyWebSearch
       HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\MyWebSearch
       HKU\S-1-5-18\SOFTWARE\MyWebSearch
       HKLM\SOFTWARE\MyWebSearch
       HKLM\SOFTWARE\MyWebSearch\bar
       HKLM\SOFTWARE\MyWebSearch\bar#Maximized
       HKLM\SOFTWARE\MyWebSearch\bar#Visible
       HKLM\SOFTWARE\MyWebSearch\bar#pid
       HKLM\SOFTWARE\MyWebSearch\bar#fwp
       HKLM\SOFTWARE\MyWebSearch\bar#mwsask
       HKLM\SOFTWARE\MyWebSearch\bar#un
       HKLM\SOFTWARE\MyWebSearch\bar#tiec
       HKLM\SOFTWARE\MyWebSearch\bar#Dir
       HKLM\SOFTWARE\MyWebSearch\bar#PluginPath
       HKLM\SOFTWARE\MyWebSearch\bar#CurInstall
       HKLM\SOFTWARE\MyWebSearch\bar#SettingsDir
       HKLM\SOFTWARE\MyWebSearch\bar#sr
       HKLM\SOFTWARE\MyWebSearch\bar#pl
       HKLM\SOFTWARE\MyWebSearch\bar#Id
       HKLM\SOFTWARE\MyWebSearch\bar#CacheDir
       HKLM\SOFTWARE\MyWebSearch\bar#ConfigRevision
       HKLM\SOFTWARE\MyWebSearch\bar#ConfigRevisionURL
       HKLM\SOFTWARE\MyWebSearch\bar#ConfigDateStamp
       HKLM\SOFTWARE\MyWebSearch\bar#HTMLMenuRevision
       HKLM\SOFTWARE\MyWebSearch\bar#sscSet
       HKLM\SOFTWARE\MyWebSearch\bar#sscLabel
       HKLM\SOFTWARE\MyWebSearch\bar#sscURL
       HKLM\SOFTWARE\MyWebSearch\bar#SearchProvider
       HKLM\SOFTWARE\MyWebSearch\bar#NextConfigRequest
       HKLM\SOFTWARE\MyWebSearch\bar#LastConfigRequest
       HKLM\SOFTWARE\MyWebSearch\bar#Flags
       HKLM\SOFTWARE\MyWebSearch\bar#HistoryDir
       HKLM\SOFTWARE\MyWebSearch\MWSOEMON
       HKLM\SOFTWARE\MyWebSearch\MWSOEMON#Version
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG#Version
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG#Path
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG#StandardSmileyDir.AIM
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.numActive2
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.0
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.1
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.2
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.3
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.4
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.5
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.6
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.7
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.numActive
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.numActive2
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.0.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.1.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.2.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.3.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.4.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.5.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.6.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.7.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.8.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.9.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.10.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.11.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.12.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.numActive
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.numActive2
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.0.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.1.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.2.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.3.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.4.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.5.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.6.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.numActive2
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.0
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.1
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.2
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.3
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.4
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.5
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.6
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.7
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.numActive2
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.0
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.1
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.2
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.3
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.4
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.5
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.6
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.8
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.13.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.7.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.8
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.7
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.9
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.8
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.9
       HKLM\SOFTWARE\MyWebSearch\OEHosts
       HKLM\SOFTWARE\MyWebSearch\OEHosts#boscript
       HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows8
       HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows2
       HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows3
       HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows4
       HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows5
       HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows6
       HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows7
       HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows9
       HKLM\SOFTWARE\MyWebSearch\SearchAssistant
       HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pid
       HKLM\SOFTWARE\MyWebSearch\SearchAssistant#fwp
       HKLM\SOFTWARE\MyWebSearch\SearchAssistant#mwsask
       HKLM\SOFTWARE\MyWebSearch\SearchAssistant#Dir
       HKLM\SOFTWARE\MyWebSearch\SearchAssistant#esh
       HKLM\SOFTWARE\MyWebSearch\SearchAssistant#lsp
       HKLM\SOFTWARE\MyWebSearch\SearchAssistant#CurInstall
       HKLM\SOFTWARE\MyWebSearch\SearchAssistant#sr
       HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pl
       HKLM\SOFTWARE\MyWebSearch\SearchAssistant#Id
       HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ConfigDateStamp
       HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ABS
       HKLM\SOFTWARE\MyWebSearch\SearchAssistant#DES
       HKLM\SOFTWARE\MyWebSearch\SearchAssistant#sscEnabled
       HKLM\SOFTWARE\MyWebSearch\SearchAssistant#eintl
       HKLM\SOFTWARE\MyWebSearch\SearchAssistant#NextRequest
       HKLM\SOFTWARE\MyWebSearch\SearchAssistant#LastRequest
       HKLM\SOFTWARE\MyWebSearch\SkinTools
       HKLM\SOFTWARE\MyWebSearch\SkinTools#PlayerPath
       HKCR\FunWebProducts.PopSwatterBarButton
       HKCR\FunWebProducts.PopSwatterBarButton\CLSID
       HKCR\FunWebProducts.PopSwatterBarButton\CurVer
       HKCR\FunWebProducts.PopSwatterBarButton.1
       HKCR\FunWebProducts.PopSwatterBarButton.1\CLSID
       HKCR\FunWebProducts.PopSwatterSettingsControl
       HKCR\FunWebProducts.PopSwatterSettingsControl\CLSID
       HKCR\FunWebProducts.PopSwatterSettingsControl\CurVer
       HKCR\FunWebProducts.PopSwatterSettingsControl.1
       HKCR\FunWebProducts.PopSwatterSettingsControl.1\CLSID
       HKCR\MyWebSearch.OutlookAddin
       HKCR\MyWebSearch.OutlookAddin\CLSID
       HKCR\MyWebSearch.OutlookAddin\CurVer
       HKCR\MyWebSearch.OutlookAddin.1
       HKCR\MyWebSearch.OutlookAddin.1\CLSID
       HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
       HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs
       HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}
       HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Implemented Categories
       HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
       HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\InprocServer32
       HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\InprocServer32#ThreadingModel
       HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance
       HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance#CLSID
       HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance\InitPropertyBag
       HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance\InitPropertyBag#Url
       HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
       HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\InprocServer32
       HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\InprocServer32#ThreadingModel
       HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\ProgID
       HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\Programmable
       HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
       HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\VersionIndependentProgID
       HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}
       HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32
       HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32#ThreadingModel
       HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
       HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\InprocServer32
       HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\InprocServer32#ThreadingModel
       HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\ProgID
       HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\Programmable
       HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\TypeLib
       HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\VersionIndependentProgID
       HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}
       HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs
       HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}
       HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\InprocServer32
       HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\InprocServer32#ThreadingModel
       HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\Programmable
       HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\TypeLib
       HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
       HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32
       HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32#ThreadingModel
       HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\ProgID
       HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\Programmable
       HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\VersionIndependentProgID
       HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}
       HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\InprocServer32
       HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\InprocServer32#ThreadingModel
       HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\Programmable
       HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\TypeLib
       HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
       HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0
       HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\0
       HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\0\win32
       HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\FLAGS
       HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\HELPDIR
       HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}
       HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0
       HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\0
       HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\0\win32
       HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\FLAGS
       HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\HELPDIR
       HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}
       HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0
       HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\0
       HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\0\win32
       HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\FLAGS
       HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\HELPDIR
       HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}
       HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0
       HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\0
       HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\0\win32
       HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\FLAGS
       HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\HELPDIR
       HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
       HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0
       HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\0
       HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\0\win32
       HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\FLAGS
       HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\HELPDIR
       HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
       HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0
       HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\0
       HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\0\win32
       HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\FLAGS
       HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\HELPDIR
       HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}
       HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0
       HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\0
       HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\0\win32
       HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\FLAGS
       HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\HELPDIR
       HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}
       HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0
       HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\0
       HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\0\win32
       HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\FLAGS
       HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\HELPDIR
       HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
       HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0
       HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\0
       HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\0\win32
       HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\FLAGS
       HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\HELPDIR
       HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}
       HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0
       HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\0
       HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\0\win32
       HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\FLAGS
       HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\HELPDIR
       HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
       HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0
       HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\0
       HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\0\win32
       HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\FLAGS
       HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\HELPDIR
       HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
       HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid
       HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
       HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib
       HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
       HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
       HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid
       HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
       HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib
       HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
       HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
       HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid
       HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid32
       HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib
       HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib#Version
       HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
       HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid
       HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid32
       HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib
       HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib#Version
       HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
       HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid
       HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid32
       HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib
       HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib#Version
       HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
       HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid
       HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid32
       HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib
       HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib#Version
       HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
       HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid
       HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid32
       HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib
       HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib#Version
       HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
       HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
       HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
       HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
       HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
       HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
       HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
       HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
       HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
       HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
       HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
       HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid
       HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid32
       HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib
       HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib#Version
       HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
       HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid
       HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid32
       HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib
       HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib#Version
       HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
       HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid
       HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
       HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib
       HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib#Version
       HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
       HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid
       HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
       HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib
       HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib#Version
       HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
       HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid
       HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
       HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
       HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
       HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
       HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid
       HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
       HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
       HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
       HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
       HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid
       HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid32
       HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib
       HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib#Version
       HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
       HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid
       HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid32
       HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib
       HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib#Version
       HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
       HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
       HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
       HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
       HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version
       HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
       HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
       HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
       HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
       HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
       HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
       HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
       HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
       HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
       HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
       HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
       HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
       HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
       HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
       HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
       HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
       HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
       HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
       HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
       HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
       HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
       HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid
       HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid32
       HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib
       HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib#Version
       HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
       HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid
       HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid32
       HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib
       HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib#Version
       HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
       HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid
       HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid32
       HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib
       HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib#Version
       HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
       HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid
       HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid32
       HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib
       HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib#Version
       HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
       HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid
       HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid32
       HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib
       HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib#Version
       HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
       HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid
       HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid32
       HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib
       HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib#Version
       HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
       HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ProxyStubClsid
       HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ProxyStubClsid32
       HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib
       HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib#Version
       HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
       HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid
       HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid32
       HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib
       HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib#Version
       HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
       HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
       HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
       HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
       HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
       HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
       HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
       HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
       HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
       HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
       HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
       HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid
       HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid32
       HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib
       HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib#Version
       HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
       HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid
       HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid32
       HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib
       HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib#Version
       HKLM\Software\FocusInteractive
       HKLM\Software\FocusInteractive\bar
       HKLM\Software\FocusInteractive\bar\Switches
       HKLM\Software\FocusInteractive\bar\Switches#incmail.exe
       HKLM\Software\FocusInteractive\bar\Switches#msimn.exe
       HKLM\Software\FocusInteractive\bar\Switches#msn.exe
       HKLM\Software\FocusInteractive\bar\Switches#outlook.exe
       HKLM\Software\FocusInteractive\bar\Switches#waol.exe
       HKLM\Software\FocusInteractive\bar\Switches#aim.exe
       HKLM\Software\FocusInteractive\bar\Switches#icq.exe
       HKLM\Software\FocusInteractive\bar\Switches#icqlite.exe
       HKLM\Software\FocusInteractive\bar\Switches#msmsgs.exe
       HKLM\Software\FocusInteractive\bar\Switches#msnmsgr.exe
       HKLM\Software\FocusInteractive\bar\Switches#ypager.exe
       HKLM\Software\FocusInteractive\bar\Switches#au
       HKLM\Software\FocusInteractive\bar\Switches#mwsSrcAs.dll
       HKLM\Software\FocusInteractive\bar\Switches#ok
       HKLM\Software\FocusInteractive\bar\Switches#od
       HKLM\Software\FocusInteractive\bar\Switches#nk
       HKLM\Software\FocusInteractive\bar\Switches#nd
       HKLM\Software\FocusInteractive\Email-IM
       HKLM\Software\FocusInteractive\Email-IM\0
       HKLM\Software\FocusInteractive\Email-IM\0#Toolbar
       HKLM\Software\FocusInteractive\Email-IM\0#AppName
       HKLM\Software\FocusInteractive\Email-IM\0#Path
       HKLM\Software\FocusInteractive\Outlook
       HKLM\Software\FocusInteractive\Outlook#MyWebSearch.OutlookAddin
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#DisplayName
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#HelpLink
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#Publisher
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#UrlInfoAbout
       C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
       C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
       C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
       C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
       C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
       C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
       C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
       C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
       C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
       C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
       C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
       C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
       C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
       C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
       C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
       C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
       C:\Program Files\MyWebSearch\bar\1.bin
       C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
       C:\Program Files\MyWebSearch\bar\Avatar
       C:\Program Files\MyWebSearch\bar\Cache\000174BD
       C:\Program Files\MyWebSearch\bar\Cache\00017700.bin
       C:\Program Files\MyWebSearch\bar\Cache\00017A4B.bin
       C:\Program Files\MyWebSearch\bar\Cache\00017E33.bin
       C:\Program Files\MyWebSearch\bar\Cache\00018671.bin
       C:\Program Files\MyWebSearch\bar\Cache\00A66375.bin
       C:\Program Files\MyWebSearch\bar\Cache\00A67037.bin
       C:\Program Files\MyWebSearch\bar\Cache\00A67140.bin
       C:\Program Files\MyWebSearch\bar\Cache\00A67315.bin
       C:\Program Files\MyWebSearch\bar\Cache\032CD42A
       C:\Program Files\MyWebSearch\bar\Cache\files.ini
       C:\Program Files\MyWebSearch\bar\Cache
       C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
       C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
       C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
       C:\Program Files\MyWebSearch\bar\Game
       C:\Program Files\MyWebSearch\bar\History\search2
       C:\Program Files\MyWebSearch\bar\History
       C:\Program Files\MyWebSearch\bar\icons\CM.ICO
       C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
       C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
       C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
       C:\Program Files\MyWebSearch\bar\icons\WB.ICO
       C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
       C:\Program Files\MyWebSearch\bar\icons
       C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
       C:\Program Files\MyWebSearch\bar\Message
       C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
       C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
       C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
       C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
       C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
       C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
       C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
       C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
       C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
       C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
       C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
       C:\Program Files\MyWebSearch\bar\Notifier
       C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
       C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
       C:\Program Files\MyWebSearch\bar\Settings
       C:\Program Files\MyWebSearch\bar
       C:\Program Files\MyWebSearch\SrchAstt\1.bin
       C:\Program Files\MyWebSearch\SrchAstt
       C:\Program Files\MyWebSearch
       C:\Program Files\FunWebProducts\ScreenSaver\Images\01751FD6.urr
       C:\Program Files\FunWebProducts\ScreenSaver\Images
       C:\Program Files\FunWebProducts\ScreenSaver
       C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
       C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
       C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
       C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
       C:\Program Files\FunWebProducts\Shared\Cache
       C:\Program Files\FunWebProducts\Shared
       C:\Program Files\FunWebProducts

    Trojan.Unclassified/MSFox
       HKU\S-1-5-21-789336058-1580436667-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run#MSFox [ C:\DOCUME~1\Owner\LOCALS~1\Temp\a.exe ]
       HKLM\SOFTWARE\Mozilla\MSFox
       HKLM\SOFTWARE\Mozilla\MSFox#Str4
       HKLM\SOFTWARE\Mozilla\MSFox#Str5
       HKLM\SOFTWARE\Mozilla\MSFox#Str9
       HKLM\SOFTWARE\Mozilla\MSFox#Str6
       HKLM\SOFTWARE\Mozilla\MSFox#Str7
       HKLM\SOFTWARE\Mozilla\MSFox#Str8
       HKLM\SOFTWARE\Mozilla\MSFox#Str1
       HKLM\SOFTWARE\Mozilla\MSFox#Str0
       HKLM\SOFTWARE\Mozilla\MSFox#Int2
       HKLM\SOFTWARE\Mozilla\MSFox#Int3

    Trojan.Agent/Gen
       HKU\.DEFAULT\SOFTWARE\XML
       HKU\.DEFAULT\SOFTWARE\XML#dig13
       HKU\.DEFAULT\SOFTWARE\XML#dig15
       HKU\.DEFAULT\SOFTWARE\XML#dig4
       HKU\.DEFAULT\SOFTWARE\XML#dig5
       HKU\.DEFAULT\SOFTWARE\XML#dig10
       HKU\.DEFAULT\SOFTWARE\XML#str6
       HKU\.DEFAULT\SOFTWARE\XML#str8
       HKU\.DEFAULT\SOFTWARE\XML#str9
       HKU\.DEFAULT\SOFTWARE\XML#str13
       HKU\.DEFAULT\SOFTWARE\XML#str1
       HKU\.DEFAULT\SOFTWARE\XML#str5
       HKU\.DEFAULT\SOFTWARE\XML#dig7
       HKU\.DEFAULT\SOFTWARE\XML#dig8
       HKU\.DEFAULT\SOFTWARE\XML#dig6
       HKU\.DEFAULT\SOFTWARE\XML#dig17
       HKU\.DEFAULT\SOFTWARE\XML#str15
       HKU\.DEFAULT\SOFTWARE\XML#str128
       HKU\.DEFAULT\SOFTWARE\XML#str129
       HKU\.DEFAULT\SOFTWARE\XML#dig3
       HKU\.DEFAULT\SOFTWARE\XML#str0
       HKU\.DEFAULT\SOFTWARE\XML#str14
       HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML
       HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#dig15
       HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#dig4
       HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#dig5
       HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#str14
       HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#dig10
       HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#str6
       HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#str8
       HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#str9
       HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#str13
       HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#str1
       HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#str5
       HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#dig7
       HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#dig8
       HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#dig6
       HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#dig17
       HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#str15
       HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#str128
       HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#str129
       HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#dig3
       HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#str0
       HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#dig9
       HKU\S-1-5-21-789336058-1580436667-682003330-1003\SOFTWARE\XML#dig13
       HKU\S-1-5-18\SOFTWARE\XML
       HKU\S-1-5-18\SOFTWARE\XML#dig13
       HKU\S-1-5-18\SOFTWARE\XML#dig15
       HKU\S-1-5-18\SOFTWARE\XML#dig4
       HKU\S-1-5-18\SOFTWARE\XML#dig5
       HKU\S-1-5-18\SOFTWARE\XML#dig10
       HKU\S-1-5-18\SOFTWARE\XML#str6
       HKU\S-1-5-18\SOFTWARE\XML#str8
       HKU\S-1-5-18\SOFTWARE\XML#str9
       HKU\S-1-5-18\SOFTWARE\XML#str13
       HKU\S-1-5-18\SOFTWARE\XML#str1
       HKU\S-1-5-18\SOFTWARE\XML#str5
       HKU\S-1-5-18\SOFTWARE\XML#dig7
       HKU\S-1-5-18\SOFTWARE\XML#dig8
       HKU\S-1-5-18\SOFTWARE\XML#dig6
       HKU\S-1-5-18\SOFTWARE\XML#dig17
       HKU\S-1-5-18\SOFTWARE\XML#str15
       HKU\S-1-5-18\SOFTWARE\XML#str128
       HKU\S-1-5-18\SOFTWARE\XML#str129
       HKU\S-1-5-18\SOFTWARE\XML#dig3
       HKU\S-1-5-18\SOFTWARE\XML#str0
       HKU\S-1-5-18\SOFTWARE\XML#str14

    Adware.Tracking Cookie
       C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
       C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
       C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
       C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
       C:\Documents and Settings\Guest\Cookies\guest@adultadworld[2].txt
       C:\Documents and Settings\Guest\Cookies\guest@advertising[1].txt
       C:\Documents and Settings\Guest\Cookies\guest@apmebf[1].txt
       C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt
       C:\Documents and Settings\Guest\Cookies\guest@atwola[2].txt
       C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
       C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
       C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
       C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt
       C:\Documents and Settings\Guest\Cookies\guest@famouspornstars[1].txt
       C:\Documents and Settings\Guest\Cookies\guest@fastclick[2].txt
       C:\Documents and Settings\Guest\Cookies\guest@fuckingfreemovies[1].txt
       C:\Documents and Settings\Guest\Cookies\guest@hdpornpass[1].txt
       C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
       C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
       C:\Documents and Settings\Guest\Cookies\guest@mywebsearch[2].txt
       C:\Documents and Settings\Guest\Cookies\guest@overture[2].txt
       C:\Documents and Settings\Guest\Cookies\guest@*censored*[2].txt
       C:\Documents and Settings\Guest\Cookies\guest@sexlist[1].txt
       C:\Documents and Settings\Guest\Cookies\guest@sextracker[2].txt
       C:\Documents and Settings\Guest\Cookies\guest@specificclick[2].txt
       C:\Documents and Settings\Guest\Cookies\guest@specificmedia[1].txt
       C:\Documents and Settings\Guest\Cookies\guest@tacoda[1].txt
       C:\Documents and Settings\Guest\Cookies\guest@teenmpegs[1].txt
       C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
       C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
       C:\Documents and Settings\Guest\Cookies\guest@www.*censored*[1].txt
       C:\Documents and Settings\Guest\Cookies\guest@www.*censored*[1].txt
       C:\Documents and Settings\Guest\Cookies\guest@xxxcounter[1].txt
       C:\Documents and Settings\Guest\Cookies\guest@youporn[1].txt
     

    csulane

      Topic Starter


      Greenhorn

      Re: adware/trojan help-mbam-log
      « Reply #1 on: December 05, 2009, 03:53:41 PM »
      Malwarebytes' Anti-Malware 1.42
      Database version: 3298
      Windows 5.1.2600 Service Pack 3
      Internet Explorer 8.0.6001.18702

      12/5/2009 12:54:39 AM
      mbam-log-2009-12-05 (00-54-39).txt

      Scan type: Quick Scan
      Objects scanned: 115141
      Time elapsed: 7 minute(s), 14 second(s)

      The Hijackthis.exe had to be run in safemode--how can I get the results posted?  Thank you for ANY help!!

      Memory Processes Infected: 0
      Memory Modules Infected: 0
      Registry Keys Infected: 38
      Registry Values Infected: 4
      Registry Data Items Infected: 0
      Folders Infected: 3
      Files Infected: 0

      Memory Processes Infected:
      (No malicious items detected)

      Memory Modules Infected:
      (No malicious items detected)

      Registry Keys Infected:
      HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{85e0b171-04fa-11d1-b7da-00a0c90348d7} (Adware.SmartShopper) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b4a78d29-52b1-4a7b-bac0-1471bedf9836} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      Registry Values Infected:
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      Registry Data Items Infected:
      (No malicious items detected)

      Folders Infected:
      C:\Documents and Settings\Owner\Application Data\FunWebProducts (Adware.MyWebSearch) -> Delete on reboot.
      C:\Documents and Settings\Owner\Application Data\FunWebProducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Owner\Application Data\FunWebProducts\Data\Owner (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      Files Infected:
      (No malicious items detected)

      csulane

        Topic Starter


        Greenhorn

        Re: adware/trojan help-from safemode hijackthis
        « Reply #2 on: December 05, 2009, 03:57:23 PM »
        Thanked: 0
        OS: Windows XP
        Experience: Beginner


         Re: f3dtactl.dll in quarantine, should I delete it?
        « Reply #4 on: Today at 12:53:08 PM » 

        --------------------------------------------------------------------------------

        Heres the log file from SafeMode.  Thank you again..

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 11:32:38 AM, on 12/4/2009
        Platform: Windows XP SP3 (WinNT 5.01.2600)
        MSIE: Internet Explorer v8.00 (8.00.6001.18702)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\LEXBCES.EXE
        C:\WINDOWS\system32\LEXPPS.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\Program Files\iYogi SupportDock\Recovery\CBP\DCSchdler.exe
        C:\Program Files\iYogi SupportDock\Recovery\EFB\efbfs.exe
        C:\WINDOWS\eHome\ehRecvr.exe
        C:\Program Files\iYogi SupportDock\Recovery\EFB\EfbSchedule.exe
        C:\WINDOWS\eHome\ehSched.exe
        C:\Program Files\SingleClick Systems\HomeNet Manager\hnm_svc.exe
        C:\Program Files\iYogi SupportDock\Recovery\Fsloader.exe
        C:\Program Files\iYogi SupportDock\Recovery\VBPTask.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Viewpoint\Common\ViewpointService.exe
        C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Canon\CAL\CALMAIN.exe
        C:\Program Files\iYogi SupportDock\Recovery\VerChk.exe
        C:\WINDOWS\ehome\ehtray.exe
        C:\WINDOWS\system32\igfxtray.exe
        C:\WINDOWS\system32\hkcmd.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\WINDOWS\ALCWZRD.EXE
        C:\WINDOWS\system32\dllhost.exe
        C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
        C:\WINDOWS\eHome\ehmsas.exe
        C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
        C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
        C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
        C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
        C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
        C:\Program Files\iYogi SupportDock\iYogiSupportDock.exe
        C:\Program Files\ClamWin\bin\ClamTray.exe
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
        C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
        C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
        C:\Program Files\iPod\bin\iPodService.exe
        C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
        R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
        R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
        R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
        F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
        O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
        O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
        O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
        O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
        O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
        O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
        O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
        O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
        O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
        O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
        O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
        O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
        O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
        O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
        O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
        O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
        O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
        O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
        O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
        O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
        O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
        O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
        O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
        O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
        O4 - HKLM\..\Run: [iYogiToolbar] C:\Program Files\iYogi SupportDock\iYogiSupportDock.exe
        O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
        O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~2\bar\1.bin\mwsoemon.exe
        O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\Owner\LOCALS~1\Temp\a.exe
        O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
        O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
        O4 - HKCU\..\Run: [Startup Manager] "C:\Program Files\iYogi SupportDock\Optimize\startupmanager.exe"
        O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
        O4 - HKUS\S-1-5-21-789336058-1580436667-682003330-501\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Guest')
        O4 - HKUS\S-1-5-21-789336058-1580436667-682003330-501\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Guest')
        O4 - HKUS\S-1-5-21-789336058-1580436667-682003330-501\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Guest')
        O4 - HKUS\S-1-5-21-789336058-1580436667-682003330-501\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Guest')
        O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
        O4 - Global Startup: HomeNet Manager.lnk = ?
        O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
        O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
        O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm869MTUS
        O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
        O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
        O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
        O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
        O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
        O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
        O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155318736640
        O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/default/mjolauncher.cab
        O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
        O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
        O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
        O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
        O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
        O23 - Service: Backup Scheduler - Unknown owner - C:\Program Files\iYogi SupportDock\Recovery\CBP\DCSchdlerSRVC.exe
        O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
        O23 - Service: Backup File Event Manager (efbfs) - iYogi Technology, Inc. - C:\Program Files\iYogi SupportDock\Recovery\EFB\efbfs.exe
        O23 - Service: General Network Service - Unknown owner - c:\windows\winsocks32.exe (file missing)
        O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\SingleClick Systems\HomeNet Manager\hnm_svc.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
        O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
        O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
        O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
        O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        O23 - Service: Real time Backup Loader - Unknown owner - C:\Program Files\iYogi SupportDock\Recovery\Fsloader.exe
        O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
        O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
        O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

        --
        End of file - 15389 bytes
         

        csulane

          Topic Starter


          Greenhorn

          Re: adware/trojan help
          « Reply #3 on: December 09, 2009, 11:11:32 AM »
          I ran the programs, which was a great help in finding stuff I didn't even know I had, as suggested and have posted my logs. By my logs, is it safe to assume that my problems are cleared?  I appreciate the time and effort you have taken!!

          harry 48



            Egghead

          • lay back , relax and chill out
          • Thanked: 129
            • Yes
            • Yes
            • Yes
            • Dribbling Pensioner
          • Certifications: List
          • Experience: Familiar
          • OS: Windows 7
          Re: adware/trojan help
          « Reply #4 on: December 09, 2009, 02:41:27 PM »
          you are not safe you have lots to came out hold on for help from the experts , harry