Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Malware removal logs  (Read 5878 times)

0 Members and 1 Guest are viewing this topic.

magicmindfreak99

    Topic Starter


    Greenhorn

    Malware removal logs
    « on: September 12, 2010, 12:57:13 PM »
    here is the SuperAntispyware logSUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 09/11/2010 at 02:36 AM

    Application Version : 4.42.1000

    Core Rules Database Version : 5488
    Trace Rules Database Version: 3300

    Scan type       : Complete Scan
    Total Scan Time : 06:57:49

    Memory items scanned      : 839
    Memory threats detected   : 6
    Registry items scanned    : 7825
    Registry threats detected : 1239
    File items scanned        : 163914
    File threats detected     : 189

    Adware.MyWebSearch
       C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\F3HKSTUB.DLL
       C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\F3HKSTUB.DLL
       C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSOESTB.DLL
       C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSOESTB.DLL
       C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSSRCAS.DLL
       C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSSRCAS.DLL
       C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSOEMON.EXE
       C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSOEMON.EXE
       C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\M3SRCHMN.EXE
       C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\M3SRCHMN.EXE
       [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\2.BIN\MWSOEMON.EXE
       C:\PROGRA~1\MYWEBS~1\BAR\2.BIN\MWSOEMON.EXE
       [My Web Search Bar Search Scope Monitor] C:\PROGRA~1\MYWEBS~1\BAR\2.BIN\M3SRCHMN.EXE
       C:\PROGRA~1\MYWEBS~1\BAR\2.BIN\M3SRCHMN.EXE
       HKLM\Software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}
       HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
       HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
       HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32
       HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
       HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\Programmable
       HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
       HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
       HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
       HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32
       HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
       HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable
       HKLM\Software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
       HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
       HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
       HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32
       HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
       C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSBAR.DLL
       HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
       HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
       HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
       HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32
       HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
       HKU\S-1-5-21-184600409-1448506259-940340173-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
       HKU\S-1-5-21-184600409-1448506259-940340173-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D}
       HKU\S-1-5-21-184600409-1448506259-940340173-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
       HKU\S-1-5-21-184600409-1448506259-940340173-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
       HKU\S-1-5-21-184600409-1448506259-940340173-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
       HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
       HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
       HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Control
       HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32
       HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
       HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus
       HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus\1
       HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\ProgID
       HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Programmable
       HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\TypeLib
       HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Version
       HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\VersionIndependentProgID
       HKCR\MyWebSearchToolBar.SettingsPlugin.1
       HKCR\MyWebSearchToolBar.SettingsPlugin.1\CLSID
       HKCR\MyWebSearchToolBar.SettingsPlugin
       HKCR\MyWebSearchToolBar.SettingsPlugin\CLSID
       HKCR\MyWebSearchToolBar.SettingsPlugin\CurVer
       HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
       HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0
       HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\0
       HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\0\win32
       HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\FLAGS
       HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\HELPDIR
       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
       HKLM\Software\Microsoft\Internet Explorer\Toolbar#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
       HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
       HKU\S-1-5-21-184600409-1448506259-940340173-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
       HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
       HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
       HKU\S-1-5-21-184600409-1448506259-940340173-1000\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
       HKU\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}

    Adware.ShopAtHome/SelectRebates
       C:\PROGRAM FILES\SELECTREBATES\SELECTREBATES.EXE
       C:\PROGRAM FILES\SELECTREBATES\SELECTREBATES.EXE
       [SelectRebates] C:\PROGRAM FILES\SELECTREBATES\SELECTREBATES.EXE

    Adware.HotBar/SpamBlockerUtility (Low Risk)
       HKLM\Software\Classes\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}
       HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}
       HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}
       HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\Control
       HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\Implemented Categories
       HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\Implemented Categories\{00021494-0000-0000-C000-000000000046}
       HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\InprocServer32
       HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\InprocServer32#ThreadingModel
       HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\Instance
       HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\Instance#CLSID
       HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\Instance\InitPropertyBag
       HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\Instance\InitPropertyBag#Url
       HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\MiscStatus
       HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\MiscStatus\1
       HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\ProgID
       HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\Programmable
       HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\ToolboxBitmap32
       HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\TypeLib
       HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\Version
       HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\VersionIndependentProgID
       HKCR\HBMain.CommBand.1
       HKCR\HBMain.CommBand.1\CLSID
       HKCR\HBMain.CommBand
       HKCR\HBMain.CommBand\CLSID
       HKCR\HBMain.CommBand\CurVer
       HKCR\TypeLib\{A57470DE-14C7-4FCD-9D4C-E5711F24F0ED}
       HKCR\TypeLib\{A57470DE-14C7-4FCD-9D4C-E5711F24F0ED}\1.0
       HKCR\TypeLib\{A57470DE-14C7-4FCD-9D4C-E5711F24F0ED}\1.0\0
       HKCR\TypeLib\{A57470DE-14C7-4FCD-9D4C-E5711F24F0ED}\1.0\0\win32
       HKCR\TypeLib\{A57470DE-14C7-4FCD-9D4C-E5711F24F0ED}\1.0\FLAGS
       HKCR\TypeLib\{A57470DE-14C7-4FCD-9D4C-E5711F24F0ED}\1.0\HELPDIR
       C:\PROGRAM FILES\HOTBAR\BIN\11.0.117.0\HOSTIE.DLL
       HKU\S-1-5-21-184600409-1448506259-940340173-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}
       HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}
       HKU\S-1-5-21-184600409-1448506259-940340173-1000\Software\Microsoft\Internet Explorer\Explorer Bars\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}

    Adware.MyWebSearch/FunWebProducts
       HKLM\Software\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
       HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
       HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
       HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\InprocServer32
       HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\InprocServer32#ThreadingModel
       HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\ProgID
       HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\VersionIndependentProgID
       HKCR\FunWebProducts.HTMLMenu.2
       HKCR\FunWebProducts.HTMLMenu.2\CLSID
       HKCR\FunWebProducts.HTMLMenu
       HKCR\FunWebProducts.HTMLMenu\CLSID
       HKCR\FunWebProducts.HTMLMenu\CurVer
       C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\F3HTMLMU.DLL
       HKLM\Software\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
       HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
       HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
       HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\InprocServer32
       HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\InprocServer32#ThreadingModel
       HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\ProgID
       HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\VersionIndependentProgID
       HKCR\FunWebProducts.HTMLMenu.1
       HKCR\FunWebProducts.HTMLMenu.1\CLSID
       HKU\S-1-5-21-184600409-1448506259-940340173-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A}
       HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}
       HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}
       HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\Control
       HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\InprocServer32
       HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\InprocServer32#ThreadingModel
       HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\MiscStatus
       HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\MiscStatus\1
       HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\ProgID
       HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\Programmable
       HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\TypeLib
       HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\Version
       HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\VersionIndependentProgID
       HKCR\FunWebProducts.DataControl.1
       HKCR\FunWebProducts.DataControl.1\CLSID
       HKCR\FunWebProducts.DataControl
       HKCR\FunWebProducts.DataControl\CLSID
       HKCR\FunWebProducts.DataControl\CurVer
       HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}
       HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0
       HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\0
       HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\0\win32
       HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\FLAGS
       HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\HELPDIR
       C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\F3DTACTL.DLL
       HKLM\SOFTWARE\Fun Web Products
       HKLM\SOFTWARE\Fun Web Products#JpegConversionLib
       HKLM\SOFTWARE\Fun Web Products#CacheDir
       HKLM\SOFTWARE\Fun Web Products\MSNMessenger
       HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLFile
       HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLDir
       HKLM\SOFTWARE\Fun Web Products\ScreenSaver
       HKLM\SOFTWARE\Fun Web Products\ScreenSaver#ImagesDir
       HKLM\SOFTWARE\Fun Web Products\Settings
       HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn
       HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#LastHTMLMenuURL
       HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#HTMLMenuRevision
       HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#ETag
       HKLM\SOFTWARE\Fun Web Products\Settings\Promos
       HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.numActive
       HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.0
       HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqNone
       HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.numActive
       HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.0
       HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqUninstalled
       HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive2
       HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.2
       HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive
       HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.1
       HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.4
       HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.6
       HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.3
       HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.5
       HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.8
       HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.7
       HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn
       HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#LastHTMLMenuURL
       HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuRevision
       HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#ETag
       HKU\S-1-5-21-184600409-1448506259-940340173-1000\SOFTWARE\FunWebProducts
       HKLM\SOFTWARE\FunWebProducts
       HKLM\SOFTWARE\FunWebProducts\Installer
       HKLM\SOFTWARE\FunWebProducts\Installer#Dir
       HKLM\SOFTWARE\FunWebProducts\Installer#CurInstall
       HKLM\SOFTWARE\FunWebProducts\Installer#sr
       HKLM\SOFTWARE\FunWebProducts\Installer#pl
       HKU\S-1-5-21-184600409-1448506259-940340173-1000\SOFTWARE\MyWebSearch
       HKLM\SOFTWARE\MyWebSearch
       HKLM\SOFTWARE\MyWebSearch\bar
       HKLM\SOFTWARE\MyWebSearch\bar#Maximized
       HKLM\SOFTWARE\MyWebSearch\bar#Visible
       HKLM\SOFTWARE\MyWebSearch\bar#pid
       HKLM\SOFTWARE\MyWebSearch\bar#fwp
       HKLM\SOFTWARE\MyWebSearch\bar#mwsask
       HKLM\SOFTWARE\MyWebSearch\bar#tiec
       HKLM\SOFTWARE\MyWebSearch\bar#Dir
       HKLM\SOFTWARE\MyWebSearch\bar#PluginPath
       HKLM\SOFTWARE\MyWebSearch\bar#UninstallString
       HKLM\SOFTWARE\MyWebSearch\bar#RegHookPath
       HKLM\SOFTWARE\MyWebSearch\bar#Id
       HKLM\SOFTWARE\MyWebSearch\bar#CurInstall
       HKLM\SOFTWARE\MyWebSearch\bar#SettingsDir
       HKLM\SOFTWARE\MyWebSearch\bar#sr
       HKLM\SOFTWARE\MyWebSearch\bar#pl
       HKLM\SOFTWARE\MyWebSearch\bar#HistoryDir
       HKLM\SOFTWARE\MyWebSearch\bar#un
       HKLM\SOFTWARE\MyWebSearch\bar#CacheDir
       HKLM\SOFTWARE\MyWebSearch\bar#ConfigRevision
       HKLM\SOFTWARE\MyWebSearch\bar#ConfigRevisionURL
       HKLM\SOFTWARE\MyWebSearch\bar#ConfigDateStamp
       HKLM\SOFTWARE\MyWebSearch\bar#HTMLMenuRevision
       HKLM\SOFTWARE\MyWebSearch\bar#sscSet
       HKLM\SOFTWARE\MyWebSearch\bar#sscLabel
       HKLM\SOFTWARE\MyWebSearch\bar#sscURL
       HKLM\SOFTWARE\MyWebSearch\bar#AlertCount
       HKLM\SOFTWARE\MyWebSearch\bar#AlertPeriod
       HKLM\SOFTWARE\MyWebSearch\bar#AlertPausePeriod
       HKLM\SOFTWARE\MyWebSearch\bar#NoThrottleAlert
       HKLM\SOFTWARE\MyWebSearch\bar#NextConfigRequest
       HKLM\SOFTWARE\MyWebSearch\bar#LastConfigRequest
       HKLM\SOFTWARE\MyWebSearch\bar#Flags
       HKLM\SOFTWARE\MyWebSearch\bar#AutocompleteURL
       HKLM\SOFTWARE\MyWebSearch\MWSOEMON
       HKLM\SOFTWARE\MyWebSearch\MWSOEMON#Version
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG#Version
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG#Path
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG#StandardSmileyDir.AIM
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.numActive2
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.1
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.3
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.5
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.0
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.2
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.7
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.9
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.4
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.6
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.8
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.numActive2
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.1.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.numActive
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.0.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.2.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.5.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.3.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.4.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.6.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.7.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.9.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.8.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.10.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.11.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.12.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.13.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.numActive
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.numActive2
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.0.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.1.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.2.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.3.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.4.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.5.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.6.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.7.old
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.8
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.numActive2
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.0
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.1
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.2
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.3
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.4
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.5
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.6
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.7
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.8
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.9
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.numActive2
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.0
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.1
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.2
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.3
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.4
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.5
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.6
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.7
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.9
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.10
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.10
       HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.11
       HKLM\SOFTWARE\MyWebSearch\OEHosts
       HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows10
       HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows2
       HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows3
       HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows4
       HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows5
       HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows6
       HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows7
       HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows8
       HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows9
       HKLM\SOFTWARE\MyWebSearch\SearchAssistant
       HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pid
       HKLM\SOFTWARE\MyWebSearch\SearchAssistant#fwp
       HKLM\SOFTWARE\MyWebSearch\SearchAssistant#mwsask
       HKLM\SOFTWARE\MyWebSearch\SearchAssistant#esh
       HKLM\SOFTWARE\MyWebSearch\SearchAssistant#lsp
       HKLM\SOFTWARE\MyWebSearch\SearchAssistant#LastRequest
       HKLM\SOFTWARE\MyWebSearch\SearchAssistant#NextRequest
       HKLM\SOFTWARE\MyWebSearch\SearchAssistant#Id
       HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ABS
       HKLM\SOFTWARE\MyWebSearch\SearchAssistant#DES
       HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ie8h
       HKLM\SOFTWARE\MyWebSearch\SkinTools
       HKLM\SOFTWARE\MyWebSearch\SkinTools#PlayerPath
       HKCR\FunWebProducts.HistoryKillerScheduler
       HKCR\FunWebProducts.HistoryKillerScheduler\CLSID
       HKCR\FunWebProducts.HistoryKillerScheduler\CurVer
       HKCR\FunWebProducts.HistoryKillerScheduler.1
       HKCR\FunWebProducts.HistoryKillerScheduler.1\CLSID
       HKCR\FunWebProducts.HistorySwatterControlBar
       HKCR\FunWebProducts.HistorySwatterControlBar\CLSID
       HKCR\FunWebProducts.HistorySwatterControlBar\CurVer
       HKCR\FunWebProducts.HistorySwatterControlBar.1
       HKCR\FunWebProducts.HistorySwatterControlBar.1\CLSID
       HKCR\FunWebProducts.IECookiesManager
       HKCR\FunWebProducts.IECookiesManager\CLSID
       HKCR\FunWebProducts.IECookiesManager\CurVer
       HKCR\FunWebProducts.IECookiesManager.1
       HKCR\FunWebProducts.IECookiesManager.1\CLSID
       HKCR\FunWebProducts.KillerObjManager
       HKCR\FunWebProducts.KillerObjManager\CLSID
       HKCR\FunWebProducts.KillerObjManager\CurVer
       HKCR\FunWebProducts.KillerObjManager.1
       HKCR\FunWebProducts.KillerObjManager.1\CLSID
       HKCR\FunWebProducts.PopSwatterBarButton
       HKCR\FunWebProducts.PopSwatterBarButton\CLSID
       HKCR\FunWebProducts.PopSwatterBarButton\CurVer
       HKCR\FunWebProducts.PopSwatterBarButton.1
       HKCR\FunWebProducts.PopSwatterBarButton.1\CLSID
       HKCR\FunWebProducts.PopSwatterSettingsControl
       HKCR\FunWebProducts.PopSwatterSettingsControl\CLSID
       HKCR\FunWebProducts.PopSwatterSettingsControl\CurVer
       HKCR\FunWebProducts.PopSwatterSettingsControl.1
       HKCR\FunWebProducts.PopSwatterSettingsControl.1\CLSID
       HKCR\MyWebSearch.ChatSessionPlugin
       HKCR\MyWebSearch.ChatSessionPlugin\CLSID
       HKCR\MyWebSearch.ChatSessionPlugin\CurVer
       HKCR\MyWebSearch.ChatSessionPlugin.1
       HKCR\MyWebSearch.ChatSessionPlugin.1\CLSID
       HKCR\MyWebSearch.HTMLPanel
       HKCR\MyWebSearch.HTMLPanel\CLSID
       HKCR\MyWebSearch.HTMLPanel\CurVer
       HKCR\MyWebSearch.HTMLPanel.1
       HKCR\MyWebSearch.HTMLPanel.1\CLSID
       HKCR\MyWebSearch.OutlookAddin
       HKCR\MyWebSearch.OutlookAddin\CLSID
       HKCR\MyWebSearch.OutlookAddin\CurVer
       HKCR\MyWebSearch.OutlookAddin.1
       HKCR\MyWebSearch.OutlookAddin.1\CLSID
       HKCR\MyWebSearch.PseudoTransparentPlugin
       HKCR\MyWebSearch.PseudoTransparentPlugin\CLSID
       HKCR\MyWebSearch.PseudoTransparentPlugin\CurVer
       HKCR\MyWebSearch.PseudoTransparentPlugin.1
       HKCR\MyWebSearch.PseudoTransparentPlugin.1\CLSID
       HKCR\MyWebSearchToolBar.ToolbarPlugin
       HKCR\MyWebSearchToolBar.ToolbarPlugin\CLSID
       HKCR\MyWebSearchToolBar.ToolbarPlugin\CurVer
       HKCR\MyWebSearchToolBar.ToolbarPlugin.1
       HKCR\MyWebSearchToolBar.ToolbarPlugin.1\CLSID
       HKCR\ScreenSaverControl.ScreenSaverInstaller
       HKCR\ScreenSaverControl.ScreenSaverInstaller\CLSID
       HKCR\ScreenSaverControl.ScreenSaverInstaller\CurVer
       HKCR\ScreenSaverControl.ScreenSaverInstaller.1
       HKCR\ScreenSaverControl.ScreenSaverInstaller.1\CLSID
       HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
       HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\InprocServer32
       HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\InprocServer32#ThreadingModel
       HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\ProgID
       HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\Programmable
       HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\TypeLib
       HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\VersionIndependentProgID
       HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
       HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs
       HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}
       HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Implemented Categories
       HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
       HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\InprocServer32
       HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\InprocServer32#ThreadingModel
       HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance
       HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance#CLSID
       HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance\InitPropertyBag
       HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance\InitPropertyBag#Url
       HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
       HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\Control
       HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\InprocServer32
       HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\InprocServer32#ThreadingModel
       HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\MiscStatus
       HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\MiscStatus\1
       HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\ProgID
       HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\Programmable
       HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\TypeLib
       HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\Version
       HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\VersionIndependentProgID
       HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
       HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32
       HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32#ThreadingModel
       HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\ProgID
       HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\Programmable
       HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\TypeLib
       HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\VersionIndependentProgID
       HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
       HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\InprocServer32
       HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\InprocServer32#ThreadingModel
       HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\ProgID
       HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\Programmable
       HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
       HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\VersionIndependentProgID
       HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}
       HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Control
       HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32
       HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel
       HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus
       HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1
       HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable
       HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib
       HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Version
       HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}
       HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Control
       HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32
       HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel
       HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus
       HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1
       HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\ProgID
       HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable
       HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib
       HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Version
       HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\VersionIndependentProgID
       HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}
       HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Control
       HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32
       HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel
       HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus
       HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1
       HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable
       HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib
       HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Version
       HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}
       HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32
       HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32#ThreadingModel
       HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
       HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\InprocServer32
       HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\InprocServer32#ThreadingModel
       HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\ProgID
       HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\Programmable
       HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\TypeLib
       HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\VersionIndependentProgID
       HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
       HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}\InprocServer32
       HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}\InprocServer32#ThreadingModel
       HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
       HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\InprocServer32
       HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\InprocServer32#ThreadingModel
       HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\MiscStatus
       HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\MiscStatus\1
       HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\ProgID
       HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\Programmable
       HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\TypeLib
       HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\Version
       HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\VersionIndependentProgID
       HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}
       HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs
       HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}
       HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\InprocServer32
       HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\InprocServer32#ThreadingModel
       HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\Programmable
       HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\TypeLib
       HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
       HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32
       HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32#ThreadingModel
       HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\ProgID
       HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\Programmable
       HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\VersionIndependentProgID
       HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
       HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\InprocServer32
       HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\InprocServer32#ThreadingModel
       HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\MiscStatus
       HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\MiscStatus\1
       HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\ProgID
       HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\Programmable
       HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\TypeLib
       HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\Version
       HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\VersionIndependentProgID
       HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
       HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\InprocServer32
       HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\InprocServer32#ThreadingModel
       HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\MiscStatus
       HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\MiscStatus\1
       HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\ProgID
       HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\Programmable
       HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\TypeLib
       HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\Version
       HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\VersionIndependentProgID
       HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
       HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\InprocServer32
       HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\InprocServer32#ThreadingModel
       HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\ProgID
       HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\Programmable
       HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\TypeLib
       HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\VersionIndependentProgID
       HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}
       HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\InprocServer32
       HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\InprocServer32#ThreadingModel
       HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\Programmable
       HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\TypeLib
       HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}
       HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\Control
       HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\InprocServer32
       HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\InprocServer32#ThreadingModel
       HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\MiscStatus
       HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\MiscStatus\1
       HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\ProgID
       HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\Programmable
       HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\TypeLib
       HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\Version
       HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\VersionIndependentProgID
       HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}
       HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0
       HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\0
       HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\0\win32
       HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\FLAGS
       HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\HELPDIR
       HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}
       HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0
       HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\0
       HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\0\win32
       HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\FLAGS
       HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\HELPDIR
       HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}
       HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0
       HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\0
       HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\0\win32
       HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\FLAGS
       HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\HELPDIR
       HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
       HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0
       HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\0
       HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\0\win32
       HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\FLAGS
       HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\HELPDIR
       HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
       HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0
       HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\0
       HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\0\win32
       HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\FLAGS
       HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\HELPDIR
       HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}
       HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0
       HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\0
       HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\0\win32
       HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\FLAGS
       HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\HELPDIR
       HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
       HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0
       HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0
       HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32
       HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\FLAGS
       HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\HELPDIR
       HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
       HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0
       HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\0
       HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\0\win32
       HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\FLAGS
       HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\HELPDIR
       HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}
       HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0
       HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\0
       HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\0\win32
       HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\FLAGS
       HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\HELPDIR
       HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
       HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0
       HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\0
       HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\0\win32
       HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\FLAGS
       HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\HELPDIR
       HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
       HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid
       HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
       HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib
       HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
       HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
       HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid
       HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
       HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib
       HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
       HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
       HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid
       HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid32
       HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib
       HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib#Version
       HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
       HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid
       HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid32
       HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib
       HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib#Version
       HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
       HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid
       HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid32
       HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib
       HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib#Version
       HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
       HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid
       HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid32
       HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib
       HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib#Version
       HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
       HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid
       HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid32
       HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib
       HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib#Version
       HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
       HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
       HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
       HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
       HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
       HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
       HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
       HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
       HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
       HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
       HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
       HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid
       HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid32
       HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib
       HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib#Version
       HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
       HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid
       HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid32
       HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib
       HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib#Version
       HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
       HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid
       HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
       HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib
       HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib#Version
       HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
       HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid
       HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
       HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib
       HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib#Version
       HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
       HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid
       HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
       HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
       HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
       HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
       HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid
       HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
       HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
       HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
       HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
       HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid
       HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid32
       HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib
       HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib#Version
       HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
       HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid
       HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid32
       HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib
       HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib#Version
       HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
       HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
       HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
       HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
       HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version
       HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
       HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
       HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
       HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
       HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
       HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
       HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
       HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
       HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
       HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
       HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
       HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
       HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
       HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
       HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
       HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
       HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
       HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
       HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
       HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
       HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
       HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid
       HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid32
       HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib
       HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib#Version
       HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
       HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid
       HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid32
       HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib
       HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib#Version
       HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
       HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid
       HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid32
       HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib
       HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib#Version
       HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
       HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid
       HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid32
       HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib
       HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib#Version
       HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
       HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid
       HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32
       HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib
       HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib#Version
       HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
       HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid
       HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid32
       HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib
       HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib#Version
       HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
       HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid
       HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid32
       HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib
       HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib#Version
       HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
       HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ProxyStubClsid
       HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ProxyStubClsid32
       HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib
       HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib#Version
       HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
       HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid
       HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid32
       HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib
       HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib#Version
       HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
       HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
       HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
       HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
       HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
       HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
       HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
       HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
       HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
       HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
       HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
       HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid
       HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid32
       HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib
       HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib#Version
       HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
       HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid
       HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid32
       HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib
       HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib#Version
       HKLM\Software\FocusInteractive
       HKLM\Software\FocusInteractive\bar
       HKLM\Software\FocusInteractive\bar\Switches
       HKLM\Software\FocusInteractive\bar\Switches#incmail.exe
       HKLM\Software\FocusInteractive\bar\Switches#msimn.exe
       HKLM\Software\FocusInteractive\bar\Switches#msn.exe
       HKLM\Software\FocusInteractive\bar\Switches#outlook.exe
       HKLM\Software\FocusInteractive\bar\Switches#waol.exe
       HKLM\Software\FocusInteractive\bar\Switches#aim.exe
       HKLM\Software\FocusInteractive\bar\Switches#icq.exe
       HKLM\Software\FocusInteractive\bar\Switches#icqlite.exe
       HKLM\Software\FocusInteractive\bar\Switches#msmsgs.exe
       HKLM\Software\FocusInteractive\bar\Switches#msnmsgr.exe
       HKLM\Software\FocusInteractive\bar\Switches#ypager.exe
       HKLM\Software\FocusInteractive\bar\Switches#au
       HKLM\Software\FocusInteractive\bar\Switches#mwsSrcAs.dll
       HKLM\Software\FocusInteractive\bar\Switches#ok
       HKLM\Software\FocusInteractive\bar\Switches#od
       HKLM\Software\FocusInteractive\bar\Switches#nk
       HKLM\Software\FocusInteractive\bar\Switches#nd
       HKLM\Software\FocusInteractive\bar\Switches#ps
       HKLM\Software\FocusInteractive\bar\Switches#b2.exe
       HKLM\Software\FocusInteractive\bar\Switches#aolsoftware.exe
       HKLM\Software\FocusInteractive\bar\Switches#googletalk.exe
       HKLM\Software\FocusInteractive\bar\Switches#ypagerj.exe
       HKLM\Software\FocusInteractive\bar\Switches#yahoomessenger.exe
       HKLM\Software\FocusInteractive\bar\Switches#winmail.exe.mui
       HKLM\Software\FocusInteractive\bar\Switches#winmail.exe
       HKLM\Software\FocusInteractive\Email-IM
       HKLM\Software\FocusInteractive\Email-IM\0
       HKLM\Software\FocusInteractive\Email-IM\0#Toolbar
       HKLM\Software\FocusInteractive\Email-IM\0#AppName
       HKLM\Software\FocusInteractive\Email-IM\0#Path
       HKLM\Software\FocusInteractive\Outlook
       HKLM\Software\FocusInteractive\Outlook#MyWebSearch.OutlookAddin
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#DisplayName
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#HelpLink
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#Publisher
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#UninstallString
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#UrlInfoAbout
       C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
       C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
       C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
       C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
       C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
       C:\Program Files\MyWebSearch\bar\1.bin
       C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
       C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
       C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
       C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
       C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
       C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
       C:\Program Files\MyWebSearch\bar\2.bin\F3REGHK.DLL
       C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL
       C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
       C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
       C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
       C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV
       C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
       C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
       C:\Program Files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
       C:\Program Files\MyWebSearch\bar\2.bin\M3AUXSTB.DLL
       C:\Program Files\MyWebSearch\bar\2.bin\M3DLGHK.DLL
       C:\Program Files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
       C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL
       C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL
       C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
       C:\Program Files\MyWebSearch\bar\2.bin\M3MEDINT.EXE
       C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL
       C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
       C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
       C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL
       C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
       C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
       C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
       C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE
       C:\Program Files\MyWebSearch\bar\2.bin
       C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
       C:\Program Files\MyWebSearch\bar\Avatar
       C:\Program Files\MyWebSearch\bar\Cache\00F55120
       C:\Program Files\MyWebSearch\bar\Cache\00F58347
       C:\Program Files\MyWebSearch\bar\Cache\00F596D7.bin
       C:\Program Files\MyWebSearch\bar\Cache\00F5ADD0.bin
       C:\Program Files\MyWebSearch\bar\Cache\00F5B34C.bin
       C:\Program Files\MyWebSearch\bar\Cache\00F5BA00.bin
       C:\Program Files\MyWebSearch\bar\Cache\00F5E62E.bin
       C:\Program Files\MyWebSearch\bar\Cache\files.ini
       C:\Program Files\MyWebSearch\bar\Cache
       C:\Program Files\MyWebSearch\bar\firefox\chrome\M3FFXTBR.JAR
       C:\Program Files\MyWebSearch\bar\firefox\chrome
       C:\Program Files\MyWebSearch\bar\firefox\CHROME.MANIFEST
       C:\Program Files\MyWebSearch\bar\firefox\INSTALL.RDF
       C:\Program Files\MyWebSearch\bar\firefox\NPMYWEBS.DLL
       C:\Program Files\MyWebSearch\bar\firefox
       C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
       C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
       C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
       C:\Program Files\MyWebSearch\bar\Game
       C:\Program Files\MyWebSearch\bar\History\search3
       C:\Program Files\MyWebSearch\bar\History
       C:\Program Files\MyWebSearch\bar\icons\CM.ICO
       C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
       C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
       C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
       C:\Program Files\MyWebSearch\bar\icons\WB.ICO
       C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
       C:\Program Files\MyWebSearch\bar\icons
       C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
       C:\Program Files\MyWebSearch\bar\Message
       C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
       C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
       C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
       C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
       C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
       C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
       C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
       C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
       C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
       C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
       C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
       C:\Program Files\MyWebSearch\bar\Notifier
       C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
       C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
       C:\Program Files\MyWebSearch\bar\Settings
       C:\Program Files\MyWebSearch\bar
       C:\Program Files\MyWebSearch
       C:\Program Files\FunWebProducts\ScreenSaver\Images
       C:\Program Files\FunWebProducts\ScreenSaver
       C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
       C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
       C:\Program Files\FunWebProducts\Shared\Cache
       C:\Program Files\FunWebProducts\Shared
       C:\Program Files\FunWebProducts
       C:\Windows\SYSTEM32\F3PSSAVR.SCR

    Adware.Zango Toolbar/Hb
       HKLM\Software\Classes\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}
       HKCR\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}
       HKCR\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}
       HKCR\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}\InprocServer32
       HKCR\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}\InprocServer32#ThreadingModel
       HKCR\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}\ProgID
       HKCR\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}\Programmable
       HKCR\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}\TypeLib
       HKCR\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}\VersionIndependentProgID
       HKCR\HostIE.Bho.1
       HKCR\HostIE.Bho.1\CLSID
       HKCR\HostIE.Bho
       HKCR\HostIE.Bho\CLSID
       HKCR\HostIE.Bho\CurVer
       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}
       HKU\S-1-5-21-184600409-1448506259-940340173-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}
       HKLM\Software\Microsoft\Internet Explorer\Toolbar#{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}
       HKU\S-1-5-21-184600409-1448506259-940340173-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}
       HKCR\HbCoreSrv.DynamicProp
       HKCR\HbCoreSrv.DynamicProp\CLSID
       HKCR\HbCoreSrv.DynamicProp\CurVer
       HKCR\HbCoreSrv.DynamicProp.1
       HKCR\HbCoreSrv.DynamicProp.1\CLSID
       HKCR\CoreSrv.CoreServices
       HKCR\CoreSrv.CoreServices\CLSID
       HKCR\CoreSrv.CoreServices\CurVer
       HKCR\CoreSrv.CoreServices.1
       HKCR\CoreSrv.CoreServices.1\CLSID
       HKCR\CoreSrv.LfgAx
       HKCR\CoreSrv.LfgAx\CLSID
       HKCR\CoreSrv.LfgAx\CurVer
       HKCR\CoreSrv.LfgAx.1
       HKCR\CoreSrv.LfgAx.1\CLSID
       HKCR\hbr.HbMain
       HKCR\hbr.HbMain\CLSID
       HKCR\hbr.HbMain\CurVer
       HKCR\hbr.HbMain.1
       HKCR\hbr.HbMain.1\CLSID
       HKCR\HostOL.MailAnim
       HKCR\HostOL.MailAnim\CLSID
       HKCR\HostOL.MailAnim\CurVer
       HKCR\HostOL.MailAnim.1
       HKCR\HostOL.MailAnim.1\CLSID
       HKCR\HostOL.WebmailSend
       HKCR\HostOL.WebmailSend\CLSID
       HKCR\HostOL.WebmailSend\CurVer
       HKCR\HostOL.WebmailSend.1
       HKCR\HostOL.WebmailSend.1\CLSID
       HKCR\Srv.CoreServices
       HKCR\Srv.CoreServices\CLSID
       HKCR\Srv.CoreServices\CurVer
       HKCR\Srv.CoreServices.1
       HKCR\Srv.CoreServices.1\CLSID
       HKCR\Toolbar.HtmlMenuUI
       HKCR\Toolbar.HtmlMenuUI\CLSID
       HKCR\Toolbar.HtmlMenuUI\CurVer
       HKCR\Toolbar.HtmlMenuUI.1
       HKCR\Toolbar.HtmlMenuUI.1\CLSID
       HKCR\Toolbar.ToolbarCtl
       HKCR\Toolbar.ToolbarCtl\CLSID
       HKCR\Toolbar.ToolbarCtl\CurVer
       HKCR\Toolbar.ToolbarCtl.1
       HKCR\Toolbar.ToolbarCtl.1\CLSID
       HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}
       HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}#AppID
       HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\Control
       HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\Implemented Categories
       HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
       HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\InprocServer32
       HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\InprocServer32#ThreadingModel
       HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\MiscStatus
       HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\MiscStatus\1
       HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\ProgID
       HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\Programmable
       HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\ToolboxBitmap32
       HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\TypeLib
       HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\Version
       HKCR\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}\VersionIndependentProgID

    Adware.HBHelper
       HKLM\Software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
       HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
       HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
       HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32
       HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32#ThreadingModel
       HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID
       HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib
       HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID
       HKCR\URLSearchHook.ToolbarURLSearchHook.1
       HKCR\URLSearchHook.ToolbarURLSearchHook.1\CLSID
       HKCR\URLSearchHook.ToolbarURLSearchHook
       HKCR\URLSearchHook.ToolbarURLSearchHook\CLSID
       HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
       HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0
       HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0
       HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0\win32
       HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\FLAGS
       HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\HELPDIR
       C:\WINDOWS\DOWNLOADED PROGRAM FILES\TBHELPER.DLL
       HKU\S-1-5-21-184600409-1448506259-940340173-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
       HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks#{CA3EB689-8F09-4026-AA10-B9534C691CE0}
       HKU\S-1-5-21-184600409-1448506259-940340173-1000\Software\Microsoft\Internet Explorer\URLSearchHooks#{CA3EB689-8F09-4026-AA10-B9534C691CE0}
       HKU\S-1-5-21-184600409-1448506259-940340173-1000_Classes\Software\Microsoft\Internet Explorer\URLSearchHooks#{CA3EB689-8F09-4026-AA10-B9534C691CE0}
       HKU\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks#{CA3EB689-8F09-4026-AA10-B9534C691CE0}

    Adware.ShopAtHomeSelect
       HKLM\Software\Classes\CLSID\{E8DAAA30-6CAA-4b58-9603-8E54238

    SuperDave

    • Malware Removal Specialist


    • Genius
    • Thanked: 988
    • Certifications: List
    • Experience: Expert
    • OS: Windows 8
    Re: Malware removal logs
    « Reply #1 on: September 14, 2010, 07:10:56 PM »
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    What kind of problems are you having with your computer?

    Please download Malwarebytes Anti-Malware from here.

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Full Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
    **************************************
    Please download: HiJackThis to your Desktop.
    • Double Click the HijackThis icon, located on your Desktop.
    • By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
    • Accept the license agreement.
    • Click the Open the Misc Tools section button.
    • Place a checkmark beside Calculate MD5 of files if possible. Then, click Back.
    • Click Do a System Scan and Save a Logfile. Or, if you see a white screen, click Scan.
    • Please post the log in your next reply.
    ************************************
    Download Security Check by screen317 from one of the following links and save it to your desktop.

    Link 1
    Link 2

    * Unzip SecurityCheck.zip and a folder named Security Check should appear.
    * Open the Security Check folder and double-click Security Check.bat
    * Follow the on-screen instructions inside of the black box.
    * A Notepad document should open automatically called checkup.txt
    * Post the contents of that document in your next reply.

    Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
    Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

    magicmindfreak99

      Topic Starter


      Greenhorn

      Re: Malware removal logs
      « Reply #2 on: September 17, 2010, 05:17:18 PM »
      i am having problems scanning

      SuperDave

      • Malware Removal Specialist


      • Genius
      • Thanked: 988
      • Certifications: List
      • Experience: Expert
      • OS: Windows 8
      Re: Malware removal logs
      « Reply #3 on: September 20, 2010, 05:32:18 PM »
      What sort of problems?
      Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

      magicmindfreak99

        Topic Starter


        Greenhorn

        Re: Malware removal logs
        « Reply #4 on: September 20, 2010, 10:40:23 PM »
        It keeps on freezing

        SuperDave

        • Malware Removal Specialist


        • Genius
        • Thanked: 988
        • Certifications: List
        • Experience: Expert
        • OS: Windows 8
        Re: Malware removal logs
        « Reply #5 on: September 21, 2010, 06:29:28 PM »
        Download OTL to your desktop.

        * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
        * When the window appears, underneath Output at the top change it to Minimal Output.
        * Check the boxes beside LOP Check and Purity Check.
        * Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

        When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

        Please copy and pate the contents of these files, one at a time, into your next reply.

        Note: You may need two or more posts to fit them all in.
        Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

        magicmindfreak99

          Topic Starter


          Greenhorn

          Re: Malware removal logs
          « Reply #6 on: September 23, 2010, 08:37:37 PM »
          OTL logfile created on: 9/22/2010 7:50:13 PM - Run 1
          OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\Macey\Downloads
          Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
          Internet Explorer (Version = 8.0.6001.18943)
          Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
           
          3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
          6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
          Paging file location(s): ?:\pagefile.sys [binary data]
           
          %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
          Drive C: | 149.01 Gb Total Space | 87.93 Gb Free Space | 59.01% Space Free | Partition Type: NTFS
          D: Drive not present or media not loaded
          E: Drive not present or media not loaded
          F: Drive not present or media not loaded
          G: Drive not present or media not loaded
          H: Drive not present or media not loaded
          I: Drive not present or media not loaded
           
          Computer Name: MACEY-PC
          Current User Name: Macey
          Logged in as Administrator.
           
          Current Boot Mode: Normal
          Scan Mode: Current user
          Company Name Whitelist: Off
          Skip Microsoft Files: Off
          File Age = 30 Days
          Output = Minimal
           
          ========== Processes (SafeList) ==========
           
          PRC - C:\Users\Macey\Downloads\OTL.exe (OldTimer Tools)
          PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
          PRC - C:\Program Files\HBLite\bin\11.0.258.0\HBLiteSA.exe (Pinball Corporation.)
          PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
          PRC - C:\Program Files\QuizulousBar\toolbar\1.bin\q2barsvc.exe (Quizulous)
          PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
          PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
          PRC - C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
          PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
          PRC - C:\Program Files\Common Files\McAfee\MSC\McUICnt.exe (McAfee, Inc.)
          PRC - C:\Program Files\McAfee\MSM\McSmtFwk.exe (McAfee, Inc.)
          PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
          PRC - C:\Users\Macey\AppData\Roaming\Jenkat\Jenkat Games Arcade\NotifyApp.exe ( )
          PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
          PRC - C:\Program Files\Java\jre6\launch4j-tmp\wowd.exe (Sun Microsystems, Inc.)
          PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
          PRC - C:\Program Files\ParetoLogic\FileCure\FileCure.exe (ParetoLogic)
          PRC - C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
          PRC - C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
          PRC - C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
          PRC - C:\Program Files\SGPSA\ie3sh.exe ()
          PRC - C:\Program Files\Dealio Toolbar\SearchSettings.exe (Spigot, Inc.)
          PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
          PRC - C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
          PRC - C:\Windows\explorer.exe (Microsoft Corporation)
          PRC - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
          PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
          PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe (IDT, Inc.)
          PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe (Andrea Electronics Corporation)
          PRC - C:\Program Files\AOL 9.1\shellmon.exe (AOL, LLC.)
          PRC - C:\Program Files\AOL 9.1\waol.exe (AOL, LLC.)
          PRC - C:\Program Files\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)
          PRC - C:\Program Files\Common Files\AOL\1255219001\ee\aolsoftware.exe (AOL LLC)
          PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
          PRC - C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe ()
          PRC - C:\Windows\wanmpsvc.exe (America Online, Inc.)
           
           
          ========== Modules (SafeList) ==========
           
          MOD - C:\Users\Macey\Downloads\OTL.exe (OldTimer Tools)
          MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
          MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
          MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
           
           
          ========== Win32 Services (SafeList) ==========
           
          SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
          SRV - (QuizulousBarService) -- C:\Program Files\QuizulousBar\toolbar\1.bin\q2barsvc.exe (Quizulous)
          SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
          SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
          SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
          SRV - (MOBKbackup) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
          SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
          SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
          SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
          SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
          SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
          SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
          SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
          SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
          SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
          SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
          SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
          SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
          SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe (IDT, Inc.)
          SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe (Andrea Electronics Corporation)
          SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
          SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
          SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\Windows\wanmpsvc.exe (America Online, Inc.)
           
           
          ========== Driver Services (SafeList) ==========
           
          DRV - (XDva344) -- C:\Windows\System32\XDva344.sys File not found
          DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
          DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
          DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
          DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found
          DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
          DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
          DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
          DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
          DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
          DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
          DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
          DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
          DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
          DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
          DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
          DRV - (MOBKFilter) -- C:\Windows\System32\drivers\MOBK.sys (Mozy, Inc.)
          DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
          DRV - (nnfwdk) -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\nnfwdk.sys (The Nielsen Company)
          DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation)
          DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation)
          DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation)
          DRV - (X4HS32Ex) -- C:\Program Files\Free Ride Games\X4HS32Ex.sys (Exent Technologies Ltd.)
          DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
          DRV - (OA009Vid) -- C:\Windows\System32\drivers\OA009Vid.sys (Creative Technology Ltd.)
          DRV - (OA009Ufd) -- C:\Windows\System32\drivers\OA009Ufd.sys (Creative Technology Ltd.)
          DRV - (CtClsFlt) -- C:\Windows\System32\drivers\CtClsFlt.sys (Creative Technology Ltd.)
          DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
          DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
          DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
          DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
          DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
          DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
          DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
          DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
          DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
          DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
          DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
          DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
          DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
          DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
          DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
          DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
          DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
          DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
          DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
          DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
          DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
          DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
          DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
          DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
          DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
          DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
          DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
          DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
          DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
          DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
          DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
          DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
          DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
          DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
          DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
          DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
          DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
          DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
          DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
          DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
          DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
          DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
          DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
          DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
          DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
          DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
          DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)
           
           
          ========== Standard Registry (SafeList) ==========
           
           
          ========== Internet Explorer ==========
           
          IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
          IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
          IE - HKLM\..\URLSearchHook: {9dbb9aeb-5a16-4989-a66f-c0f1c909d647} - C:\Program Files\Free_Radio_TV\tbFre1.dll (Conduit Ltd.)
          IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
           
          IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2354614
          IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
          IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
          IE - HKCU\..\URLSearchHook: {5E72625C-99E3-4644-BFF0-315AA91294FA} - C:\Program Files\QuizulousBar\toolbar\1.bin\q2SrcAs.dll (Quizulous)
          IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
          IE - HKCU\..\URLSearchHook: {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - Reg Error: Key error. File not found
          IE - HKCU\..\URLSearchHook: {9dbb9aeb-5a16-4989-a66f-c0f1c909d647} - C:\Program Files\Free_Radio_TV\tbFre1.dll (Conduit Ltd.)
          IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll (Spigot, Inc.)
          IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\My.Freeze.com Toolbar\NetAssistant.dll (W3i, LLC)
          IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
          IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
          IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
           
          FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/07/12 15:08:40 | 000,000,000 | ---D | M]
          FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\firefox\
          FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hotbar\bin\11.0.117.0\firefox\extensions [2010/02/28 21:32:11 | 000,000,000 | ---D | M]
          FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HBLite\bin\11.0.258.0\firefox\extensions [2010/08/06 14:33:53 | 000,000,000 | ---D | M]
           
          [2009/10/12 21:45:02 | 000,000,000 | ---D | M] -- C:\Users\Macey\AppData\Roaming\Mozilla\Extensions
          [2009/10/12 21:45:02 | 000,000,000 | ---D | M] -- C:\Users\Macey\AppData\Roaming\Mozilla\Extensions\[email protected]
          [2009/10/10 16:40:16 | 000,000,000 | ---D | M] -- C:\Users\Macey\AppData\Roaming\Mozilla\Firefox\extensions
          [2009/10/10 16:40:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Macey\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
           
          O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
          O1 - Hosts: 127.0.0.1       localhost
          O1 - Hosts: ::1             localhost
          O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.)
          O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
          O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
          O2 - BHO: (Shop to Win 2) - {20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA} - C:\Program Files\Shop to Win 2\ShoppingBHO.dll (Freecause Inc.)
          O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
          O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
          O2 - BHO: (Search Assistant BHO) - {5E72625B-99E3-4644-BFF0-315AA91294FA} - C:\Program Files\QuizulousBar\toolbar\1.bin\q2SrcAs.dll (Quizulous)
          O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.8.1\bh\facemoods.dll (facemoods.com BHO)
          O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
          O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
          O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
          O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100517223812.dll (McAfee, Inc.)
          O2 - BHO: (Wowd Page Grabber) - {99756919-C498-4D97-9E20-2076DE0E42B9} - C:\Program Files\Wowd\ext\eiexxpw.dll (Edgios Company)
          O2 - BHO: (Free Radio TV Toolbar) - {9dbb9aeb-5a16-4989-a66f-c0f1c909d647} - C:\Program Files\Free_Radio_TV\tbFre1.dll (Conduit Ltd.)
          O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
          O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
          O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
          O2 - BHO: (Toolbar BHO) - {BBD14491-A5A0-4809-9C5A-C9FC6DF0ACB0} - C:\Program Files\QuizulousBar\toolbar\1.bin\q2bar.dll (Quizulous)
          O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
          O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll (Spigot, Inc.)
          O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\My.Freeze.com Toolbar\NetAssistant.dll (W3i, LLC)
          O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll (MTWB)
          O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Windows\Downloaded Program Files\tbcore3.dll ()
          O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
          O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
          O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.)
          O3 - HKLM\..\Toolbar: (FaceFun) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Windows\Downloaded Program Files\tbcore3.dll ()
          O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
          O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
          O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
          O3 - HKLM\..\Toolbar: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
          O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
          O3 - HKLM\..\Toolbar: (ShopAtHome Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll File not found
          O3 - HKLM\..\Toolbar: (Free Radio TV Toolbar) - {9dbb9aeb-5a16-4989-a66f-c0f1c909d647} - C:\Program Files\Free_Radio_TV\tbFre1.dll (Conduit Ltd.)
          O3 - HKLM\..\Toolbar: (Quizulous Toolbar) - {BBD14499-A5A0-4809-9C5A-C9FC6DF0ACB0} - C:\Program Files\QuizulousBar\toolbar\1.bin\q2bar.dll (Quizulous)
          O3 - HKLM\..\Toolbar: (My.Freeze.com Toolbar) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - C:\Program Files\My.Freeze.com Toolbar\freeze_ie_na_us.dll ()
          O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.8.1\facemoodsTlbr.dll (facemoods.com)
          O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
          O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
          O3 - HKCU\..\Toolbar\WebBrowser: (FaceFun) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Windows\Downloaded Program Files\tbcore3.dll ()
          O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
          O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
          O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
          O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
          O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll File not found
          O3 - HKCU\..\Toolbar\WebBrowser: (Free Radio TV Toolbar) - {9DBB9AEB-5A16-4989-A66F-C0F1C909D647} - C:\Program Files\Free_Radio_TV\tbFre1.dll (Conduit Ltd.)
          O3 - HKCU\..\Toolbar\WebBrowser: (Quizulous Toolbar) - {BBD14499-A5A0-4809-9C5A-C9FC6DF0ACB0} - C:\Program Files\QuizulousBar\toolbar\1.bin\q2bar.dll (Quizulous)
          O3 - HKCU\..\Toolbar\WebBrowser: (My.Freeze.com Toolbar) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - C:\Program Files\My.Freeze.com Toolbar\freeze_ie_na_us.dll ()
          O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
          O4 - HKLM..\Run: [AOL Spyware Protection] C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe ()
          O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
          O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
          O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.8.1\facemoodssrv.exe (facemoods.com)
          O4 - HKLM..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe ()
          O4 - HKLM..\Run: [HBLiteSA] C:\Program Files\HBLite\bin\11.0.258.0\HBLiteSA.exe (Pinball Corporation.)
          O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1255219001\ee\aolsoftware.exe (AOL LLC)
          O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
          O4 - HKLM..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
          O4 - HKLM..\Run: [Quizulous Plugin] C:\Program Files\QuizulousBar\toolbar\1.bin\q2Plugin.dll (Viveli, Inc)
          O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
          O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Dealio Toolbar\SearchSettings.exe (Spigot, Inc.)
          O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
          O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
          O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.1\AOL.EXE (AOL, LLC.)
          O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
          O4 - HKCU..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
          O4 - HKCU..\Run: [fajkmgwe] C:\Users\Macey\AppData\Local\pdjgryxrc\eswpalotssd.exe File not found
          O4 - HKCU..\Run: [Jenkat Arcade] C:\Users\Macey\AppData\Roaming\Jenkat\Jenkat Games Arcade\NotifyApp.exe ( )
          O4 - HKCU..\Run: [M5T8QL3YW3] C:\Users\Macey\AppData\Local\Temp\Zlk.exe File not found
          O4 - HKCU..\Run: [QZAIB7KITK] C:\Users\Macey\AppData\Local\Temp\Zlj.exe File not found
          O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
          O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe File not found
          O4 - HKCU..\Run: [WowdStartup] C:\Program Files\Wowd\wowd.exe (Wowd, Inc.)
          O4 - HKCU..\Run: [xvysnstx] C:\Users\Macey\AppData\Local\msxpxxyml\vhmovrntssd.exe File not found
          O4 - Startup: C:\Users\Macey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)
          O8 - Extra context menu item: &AOL Toolbar search - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
          O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
          O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
          O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
          O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
          O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
          O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
          O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
          O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
          O13 - gopher Prefix: missing
          O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
          O16 - DPF: {0CE0F418-1010-442D-871C-3454827DD539} http://www.facefun.com/FaceFun_webinstall/FaceFun_product.cab (Reg Error: Key error.)
          O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
          O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Groove Control)
          O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
          O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
          O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
          O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
          O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
          O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
          O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
          O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
          O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
          O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
          O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
          O24 - Desktop WallPaper: C:\Users\Macey\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
          O24 - Desktop BackupWallPaper: C:\Users\Macey\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
          O32 - HKLM CDRom: AutoRun - 1
          O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
          O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
          O35 - HKLM\..comfile [open] -- "%1" %*
          O35 - HKLM\..exefile [open] -- "%1" %*
          O37 - HKLM\...com [@ = comfile] -- "%1" %*
          O37 - HKLM\...exe [@ = exefile] -- "%1" %*
           
          ========== Files/Folders - Created Within 30 Days ==========
           
          [2010/09/15 15:57:34 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
          [2010/09/12 12:16:09 | 000,000,000 | ---D | C] -- C:\Users\Macey\AppData\Roaming\Malwarebytes
          [2010/09/12 12:14:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
          [2010/09/12 12:14:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
          [2010/09/12 12:14:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
          [2010/09/12 12:14:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
          [2010/09/10 19:27:45 | 000,000,000 | ---D | C] -- C:\Users\Macey\AppData\Roaming\SUPERAntiSpyware.com
          [2010/09/10 19:27:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
          [2010/09/10 19:26:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
          [2010/09/03 19:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
          [2010/09/03 19:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
          [2010/09/03 19:30:41 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
          [2010/08/12 16:23:28 | 002,734,688 | ---- | C] (Conduit Ltd.) -- C:\Program Files\tbZyng.dll
           
          ========== Files - Modified Within 30 Days ==========
           
          [2010/09/22 19:56:12 | 002,097,152 | -HS- | M] () -- C:\Users\Macey\NTUSER.DAT
          [2010/09/22 19:55:44 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{62EFA7FC-2581-4EF3-B59E-12B89B4AFB45}.job
          [2010/09/22 19:52:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-184600409-1448506259-940340173-1000UA.job
          [2010/09/22 19:07:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
          [2010/09/22 18:52:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-184600409-1448506259-940340173-1000Core.job
          [2010/09/22 18:37:25 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
          [2010/09/22 18:37:25 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
          [2010/09/22 18:37:25 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\FileCure Startup.job
          [2010/09/22 18:36:39 | 000,001,735 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
          [2010/09/22 18:34:14 | 000,524,288 | -HS- | M] () -- C:\Users\Macey\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
          [2010/09/22 18:34:14 | 000,065,536 | -HS- | M] () -- C:\Users\Macey\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
          [2010/09/22 18:33:58 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
          [2010/09/22 18:33:58 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
          [2010/09/22 18:33:54 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
          [2010/09/22 18:33:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
          [2010/09/22 18:33:46 | 3181,760,512 | -HS- | M] () -- C:\hiberfil.sys
          [2010/09/21 08:00:06 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\FileCure.job
          [2010/09/20 20:54:21 | 000,002,004 | ---- | M] () -- C:\Users\Macey\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
          [2010/09/20 18:25:46 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
          [2010/09/15 19:59:17 | 353,510,923 | ---- | M] () -- C:\Windows\MEMORY.DMP
          [2010/09/15 17:42:23 | 000,002,024 | ---- | M] () -- C:\Windows\MOBK.blk
          [2010/09/15 17:42:23 | 000,001,602 | ---- | M] () -- C:\Windows\MOBK.flt
          [2010/09/12 12:14:45 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
          [2010/09/11 08:01:50 | 002,422,087 | -H-- | M] () -- C:\Users\Macey\AppData\Local\IconCache.db
          [2010/09/11 02:18:52 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
          [2010/09/10 19:26:37 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
          [2010/09/09 18:53:18 | 000,013,312 | ---- | M] () -- C:\Users\Macey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
          [2010/09/03 19:48:28 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
          [2010/09/03 19:39:34 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
          [2010/09/02 14:03:25 | 000,002,292 | ---- | M] () -- C:\Users\Macey\AppData\Roaming\wklnhst.dat
           
          ========== Files Created - No Company Name ==========
           
          [2010/09/20 19:37:23 | 000,001,735 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
          [2010/09/15 15:46:44 | 353,510,923 | ---- | C] () -- C:\Windows\MEMORY.DMP
          [2010/09/12 12:14:45 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
          [2010/09/10 19:26:37 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
          [2010/09/03 19:48:28 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
          [2010/09/03 19:39:34 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
          [2010/08/12 16:23:30 | 000,008,101 | ---- | C] () -- C:\Program Files\INSTALL.LOG
          [2010/08/12 16:23:28 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
          [2010/07/26 21:17:13 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
          [2010/07/26 21:17:13 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
          [2010/01/02 17:04:20 | 000,000,336 | ---- | C] () -- C:\Users\Macey\AppData\Roaming\settings.dat
          [2009/12/11 18:57:00 | 000,013,312 | ---- | C] () -- C:\Users\Macey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
          [2009/11/11 16:15:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
          [2009/09/23 16:07:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
          [2009/09/22 10:09:53 | 000,002,292 | ---- | C] () -- C:\Users\Macey\AppData\Roaming\wklnhst.dat
          [2009/09/22 09:25:07 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
          [2009/09/22 09:13:10 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1576.dll
          [2009/09/21 21:04:27 | 000,001,356 | ---- | C] () -- C:\Users\Macey\AppData\Local\d3d9caps.dat
          [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
          [2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
          [2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
           
          ========== LOP Check ==========
           
          [2009/09/22 20:04:24 | 000,000,000 | ---D | M] -- C:\Users\Macey\AppData\Roaming\Aim
          [2009/10/15 21:05:09 | 000,000,000 | ---D | M] -- C:\Users\Macey\AppData\Roaming\Exent Technologies
          [2010/08/12 16:23:38 | 000,000,000 | ---D | M] -- C:\Users\Macey\AppData\Roaming\FCSB000062035
          [2009/11/23 13:23:35 | 000,000,000 | ---D | M] -- C:\Users\Macey\AppData\Roaming\gamehouse
          [2010/08/06 14:33:53 | 000,000,000 | ---D | M] -- C:\Users\Macey\AppData\Roaming\HBLite
          [2010/02/28 21:32:13 | 000,000,000 | ---D | M] -- C:\Users\Macey\AppData\Roaming\Hotbar
          [2009/12/24 15:10:12 | 000,000,000 | ---D | M] -- C:\Users\Macey\AppData\Roaming\IMVU
          [2009/11/20 08:46:35 | 000,000,000 | ---D | M] -- C:\Users\Macey\AppData\Roaming\IMVUClient
          [2009/12/07 15:38:48 | 000,000,000 | ---D | M] -- C:\Users\Macey\AppData\Roaming\iWin
          [2009/10/10 14:30:25 | 000,000,000 | ---D | M] -- C:\Users\Macey\AppData\Roaming\Jenkat
          [2010/01/19 18:48:50 | 000,000,000 | ---D | M] -- C:\Users\Macey\AppData\Roaming\PIM
          [2010/03/03 18:13:53 | 000,000,000 | ---D | M] -- C:\Users\Macey\AppData\Roaming\PlayFirst
          [2010/07/12 17:04:54 | 000,000,000 | ---D | M] -- C:\Users\Macey\AppData\Roaming\SecondLife
          [2009/10/02 16:31:06 | 000,000,000 | ---D | M] -- C:\Users\Macey\AppData\Roaming\Template
          [2009/10/10 14:25:33 | 000,000,000 | ---D | M] -- C:\Users\Macey\AppData\Roaming\WeatherBug
          [2010/09/22 18:48:15 | 000,000,000 | ---D | M] -- C:\Users\Macey\AppData\Roaming\Wowd
          [2010/09/22 18:37:25 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\FileCure Startup.job
          [2010/09/21 08:00:06 | 000,000,364 | ---- | M] () -- C:\Windows\Tasks\FileCure.job
          [2010/09/20 18:25:46 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
          [2010/09/11 02:18:52 | 000,000,418 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
          [2010/09/22 18:37:25 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\PCConfidential.job
          [2010/09/16 03:33:01 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
          [2010/09/22 19:55:44 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{62EFA7FC-2581-4EF3-B59E-12B89B4AFB45}.job
           
          ========== Purity Check ==========
           
           
          < End of report >

          magicmindfreak99

            Topic Starter


            Greenhorn

            Re: Malware removal logs
            « Reply #7 on: September 23, 2010, 08:38:40 PM »
            OTL Extras logfile created on: 9/22/2010 7:50:13 PM - Run 1
            OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\Macey\Downloads
            Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
            Internet Explorer (Version = 8.0.6001.18943)
            Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
             
            3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
            6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
            Paging file location(s): ?:\pagefile.sys [binary data]
             
            %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
            Drive C: | 149.01 Gb Total Space | 87.93 Gb Free Space | 59.01% Space Free | Partition Type: NTFS
            D: Drive not present or media not loaded
            E: Drive not present or media not loaded
            F: Drive not present or media not loaded
            G: Drive not present or media not loaded
            H: Drive not present or media not loaded
            I: Drive not present or media not loaded
             
            Computer Name: MACEY-PC
            Current User Name: Macey
            Logged in as Administrator.
             
            Current Boot Mode: Normal
            Scan Mode: Current user
            Company Name Whitelist: Off
            Skip Microsoft Files: Off
            File Age = 30 Days
            Output = Minimal
             
            ========== Extra Registry (SafeList) ==========
             
             
            ========== File Associations ==========
             
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
            .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
            .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
             
            [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
            .html [@ = ChromeHTML] -- C:\Users\Macey\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
             
            ========== Shell Spawning ==========
             
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
            batfile [open] -- "%1" %*
            cmdfile [open] -- "%1" %*
            comfile [open] -- "%1" %*
            cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
            exefile [open] -- "%1" %*
            helpfile [open] -- Reg Error: Key error.
            hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
            htmlfile [edit] -- Reg Error: Key error.
            htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
            inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
            piffile [open] -- "%1" %*
            regfile [merge] -- Reg Error: Key error.
            scrfile [config] -- "%1"
            scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
            scrfile [open] -- "%1" /S
            txtfile [edit] -- Reg Error: Key error.
            Unknown [openas] -- C:\Program Files\ParetoLogic\FileCure\FileCure_noapp.exe %1 (ParetoLogic)
            Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
            Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
            Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
            Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
            Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
             
            ========== Security Center Settings ==========
             
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
            "cval" = 1
             
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
             
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
            "AntiVirusOverride" = 0
            "AntiSpywareOverride" = 0
            "FirewallOverride" = 0
            "VistaSp1" = Reg Error: Unknown registry data type -- File not found
            "VistaSp2" = Reg Error: Unknown registry data type -- File not found
             
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
             
            ========== Firewall Settings ==========
             
            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
            "EnableFirewall" = 0
            "DisableNotifications" = 0
             
            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
            "EnableFirewall" = 0
            "DisableNotifications" = 0
             
            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
            "EnableFirewall" = 1
            "DisableNotifications" = 0
             
            ========== Authorized Applications List ==========
             
             
            ========== Vista Active Open Ports Exception List ==========
             
            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
             
            ========== Vista Active Application Exception List ==========
             
            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
            "{042339BD-5855-48D8-BB77-E3BBCABBDBE2}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
            "{0D95468C-9A45-4FB9-A57D-89F4592F1F0E}" = protocol=17 | dir=in | app=c:\program files\aol 9.1\waol.exe |
            "{17B99F76-5F08-48D1-AFE2-965FFDCBDE6D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\aol spyware protection\aolsp scheduler.exe |
            "{1CF740BE-9DA9-43DE-AC7E-3548ACBDD1EB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
            "{1DE668D6-9B76-4598-B7CA-9632B497A16D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
            "{200E8858-7784-44B0-8C92-05D06CB63C5B}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
            "{207442B2-10A7-476E-8266-4963AFB0CBAD}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
            "{2A6FFD5E-C265-4648-B177-9C3F017E230F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
            "{2ECCC1D0-FF43-45C7-B806-24AC1F35274E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
            "{30F10862-7AD4-4BE8-A2AE-D722E632C03C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
            "{3BB4C85C-542F-4D96-A9B0-512BB439B2E1}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
            "{434B27CC-299D-4F46-85E2-0D396936074E}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
            "{446B142B-31D8-46DB-A83A-994E9AE181E6}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
            "{446DF45C-386D-4045-8154-6DD0810AC2BA}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
            "{453C7030-D3E4-4B6B-B1C0-E47BFADF4849}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
            "{4826D997-0D75-4015-82DB-81A1E4CFAA01}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
            "{4B960B19-1DB8-4BED-850D-86468B4B986B}" = dir=in | app=c:\program files\itunes\itunes.exe |
            "{4E1226EC-6E0C-4798-A423-E067640AB6A0}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1255219001\ee\aolsoftware.exe |
            "{5D8CCAE8-BC14-47E1-BDC3-1C99E44B8E7F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
            "{637AB648-BE20-4FCD-B871-BC38B7ADE27F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
            "{6B607F12-17EC-4BCC-953D-4288C66E4EE6}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
            "{72B5F96C-9155-4CCC-A4E4-A93117968D94}" = protocol=17 | dir=in | app=c:\program files\common files\aol\aol spyware protection\asp.exe |
            "{7BE8BB0E-C237-418F-AA9D-2D163FB207E6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
            "{8C2CCCDA-8207-494A-BF41-15A7296D0933}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
            "{960B92CC-996B-4736-8DDD-542C1038036E}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
            "{A7CFC7EB-B7D9-4598-9113-B6060FEA76AD}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
            "{BD920D68-E9B0-4AF7-8F3B-95A45B712567}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
            "{C29AF222-8AE4-4809-92CA-87A879888659}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
            "{CB1D197D-5F22-4AF3-A85F-3F360CF41966}" = protocol=6 | dir=in | app=c:\program files\aol 9.1\waol.exe |
            "{CD5AA5A1-3764-4703-86BA-B2709A265728}" = protocol=6 | dir=in | app=c:\program files\common files\aol\aol spyware protection\asp.exe |
            "{D1395E17-255C-4FA2-8B27-F7014F45EE92}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
            "{D55D3B80-1EB2-486F-A4EF-50188A23CE66}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
            "{D5CBBD88-DABB-4B1A-B75D-35666B9D63F1}" = protocol=17 | dir=in | app=c:\program files\common files\aol\aol spyware protection\aolsp scheduler.exe |
            "{D6667496-55E1-4009-B398-C6CDBFD69248}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
            "{DD3D43AB-A633-48CF-8F16-3D8974967069}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
            "{F572CC48-E457-4F9E-90CB-BA4DB0A0FF1C}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
            "{F90B76E5-85E7-41F4-94AB-2278F62C096B}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1255219001\ee\aolsoftware.exe |
            "TCP Query User{298D3C45-E05D-4A36-A224-534B2443EE80}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
            "TCP Query User{3E9D2640-9A4F-4FF3-AC64-D3EA1CEED627}C:\program files\java\jre6\launch4j-tmp\wowd.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\wowd.exe |
            "TCP Query User{EFC09EDA-39A9-4C00-8E3C-A49A1DF2E231}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
            "UDP Query User{D3E284C2-5B9E-42DC-B721-5ECA6DCDCE13}C:\program files\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlifeviewer2\slvoice.exe |
            "UDP Query User{D7B2919E-EB86-4852-AB5D-96DF6AA175A5}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
            "UDP Query User{DDD991CB-3931-4E10-932D-3FD01FAD398A}C:\program files\java\jre6\launch4j-tmp\wowd.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\wowd.exe |
             
            ========== HKEY_LOCAL_MACHINE Uninstall List ==========
             
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
            "{1081024D-45A4-4C23-9CE2-B7E1A13EF85F}" = Joydesk Games Setup - Arcade
            "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
            "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
            "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
            "{1A4E71A5-643D-4536-B624-995F7E212272}" = WonderKing
            "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
            "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
            "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
            "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
            "{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
            "{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
            "{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
            "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
            "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
            "{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
            "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
            "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
            "{51E4FE53-D6B0-43A0-B98C-7DE233D53EAB}" = Farming Extreme Manager
            "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
            "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
            "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
            "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
            "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
            "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
            "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
            "{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}" = Dealio Toolbar v4.0.1
            "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
            "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
            "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
            "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
            "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
            "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
            "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
            "{C1C441C4-57FA-4950-BDBA-BABFBAA2AA39}" = ParetoLogic FileCure
            "{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
            "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
            "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
            "{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
            "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
            "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
            "{E127B28D-1A2A-45C4-A74E-C817E0A74E3E}" = Fiesta
            "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
            "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
            "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
            "{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}" = AOL Mail and AIM Gadget
            "{FBA1239D-189F-4855-88B6-4DBE606D30A5}" = Fiesta
            "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
            "300B27DF-97E5-4219-AB2B-03AA67D5D557" = Wowd
            "8aac10c4a0261fb7459e9ea05ba9edfe" = Paradise Beach
            "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
            "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
            "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
            "Advanced Audio FX Engine" = Advanced Audio FX Engine
            "AOL Communicator" = AOL Communicator (remove only)
            "AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
            "AOL Instant Messenger" = AOL Instant Messenger
            "AOL Spyware Protection" = AOL Spyware Protection
            "AOL Toolbar" = AOL Toolbar
            "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
            "AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
            "AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
            "Ask Toolbar_is1" = Ask Toolbar
            "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
            "CCleaner" = CCleaner
            "Creative OA009" = Integrated Webcam Driver (1.02.01.0320) 
            "Dell Webcam Central" = Dell Webcam Central
            "e9cf750b4c09f6d0f569578192ee0511" = Kelly Green - Garden Queen
            "facemoods" = facemoods
            "Free_Radio_TV Toolbar" = Free_Radio_TV Toolbar
            "HBLiteSA" = Hotbar
            "HDMI" = Intel(R) Graphics Media Accelerator Driver
            "HotbarSA" = Hotbar
            "Jenkat Games Arcade" = Jenkat Games Arcade
            "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
            "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
            "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
            "MSC" = McAfee Total Protection
            "My.Freeze.com Toolbar" = My.Freeze.com Toolbar
            "MysticEmporium" = Mystic Emporium (remove only)
            "NetSight" = Nielsen
            "Port Magic" = Pure Networks Port Magic
            "QuizulousBartoolbar Uninstall" = Quizulous Toolbar
            "RealPlayer 6.0" = RealPlayer Basic
            "SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
            "Search Guard Plus" = Search Guard Plus (My Web Tattoo)
            "Search Guard Plus Updater" = Search Guard Plus Updater (My Web Tattoo)
            "SecondLifeViewer2" = SecondLifeViewer2 (remove only)
            "SelectRebatesUninstall" = ShopAtHome SelectRebates
            "Shop to Win 2" = Shop to Win 2
            "Smilies" = Smilies
            "SoftwareUpdUtility" = Download Updater (AOL LLC)
            "StreetPlugin" = Learn2 Player (Uninstall Only)
            "TBSB00001.TBSB00001Toolbar" = FaceFun
            "TBSB07183.TBSB07183Toolbar" = Fast Browser Search (My Web Tattoo)
            "The Weather Channel Desktop 6" = The Weather Channel Desktop 6
            "UnityWebPlayer" = Unity Web Player
            "ViewpointMediaPlayer" = Viewpoint Media Player
            "WinLiveSuite_Wave3" = Windows Live Essentials
            "Yahoo! Companion" = Yahoo! Toolbar
            "Zynga Toolbar" = Zynga Toolbar
             
            ========== HKEY_CURRENT_USER Uninstall List ==========
             
            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
            "Google Chrome" = Google Chrome
            "IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
            "SOE-Free Realms" = Free Realms
             
            ========== Last 10 Event Log Errors ==========
             
            Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
             
            < End of report >

            SuperDave

            • Malware Removal Specialist


            • Genius
            • Thanked: 988
            • Certifications: List
            • Experience: Expert
            • OS: Windows 8
            Re: Malware removal logs
            « Reply #8 on: September 24, 2010, 05:27:38 PM »
            Dealio Toolbar is malware. Please uninstall it. Also, SGPSA should be removed for the same reasons.

            I strongly recommend that you remove Ask from your computer because it;

            •Promotes its toolbars on sites targeted to kids.

            •Promotes its toolbars through ads that appear to be part of other companies' sites.

            •Promotes its toolbars through other companies' spyware.

            •Installs without any disclosure whatsoever and without any consent whatsoever.

            •Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

            •Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

            See Here for more info.

            If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

            AskBarDis or anything related to Ask

            Then please find and delete this folder in bold (if present):
            C:\Program Files\AskBarDis. or anything related to Ask.
            *************************************
            My.Freeze.com Toolbar: a Softomate Toolbar variant - Softomate customizes toolbars to customers needs. The dll files for their toolbars contain some spyware/adware functionality, although not all of the toolbars use this. Some of the toolbars are fine to have, so every case is different. Your choice to keep it or not.
            Also, MyWebSearch:  A Conduit "Community Toolbar" - modifies the default IE URL search hook. Conduit toolbars are reputed to have a certain trackware functionality.
            And Zynga: A Conduit "Community Toolbar" - modifies the default IE URL search hook. Conduit toolbars are reputed to have a certain trackware functionality.
            And Free_Radio_TV for the same reasons as above.
            And Downloaded Program Files: Pugi/Softomate toolbar variant. Occasionally a Softomate toolbar will be installed by a legitimate application, but most often they're installed by various non-legitimate means and in such a case they're obviously parasites. If in any doubt, remove!
            **********************************************
            You have Viewpoint installed.

            Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

            More information:

            * ViewMgr.exe - Useless
            * Viewpoint to Plunge Into Adware

            It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

            * Viewpoint
            * Viewpoint Manager
            * Viewpoint Media Player
            * Viewpoint Toolbar
            * Viewpoint Experience Technology

            **************************************

            * Open OTL
            * Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

            Code: [Select]
            :OTL
            IE - HKCU\..\URLSearchHook: {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - Reg Error: Key error. File not found
            IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll (Spigot, Inc.)
            FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\firefox\
            O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.)
            O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll (Spigot, Inc.)
            O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
            O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.)
            O3 - HKLM\..\Toolbar: (ShopAtHome Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll File not found
            O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll File not found
            O4 - HKLM..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe ()
            O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Dealio Toolbar\SearchSettings.exe (Spigot, Inc.)
            O4 - HKCU..\Run: [fajkmgwe] C:\Users\Macey\AppData\Local\pdjgryxrc\eswpalotssd.exe File not found
            O4 - HKCU..\Run: [M5T8QL3YW3] C:\Users\Macey\AppData\Local\Temp\Zlk.exe File not found
            O4 - HKCU..\Run: [QZAIB7KITK] C:\Users\Macey\AppData\Local\Temp\Zlj.exe File not found
            O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe File not found
            O4 - HKCU..\Run: [xvysnstx] C:\Users\Macey\AppData\Local\msxpxxyml\vhmovrntssd.exe File not found
            O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)

            :Files
            C:\Windows\MEMORY.DMP

            :COMMANDS
            [resethosts]
            [purity]
            [clearrestorepoints]
            [emptytemp]
            [start explorer]

            * Click Run Fix
            * OTLI2 may ask to reboot the machine. Please do so if asked.
            * Click OK
            * A report will open. Copy and Paste that report in your next reply.
            ******************************************
            Download WhoCrashed from here
            This program checks for any drivers which may have been causing your computer to crash....

            Click on the file you just downloaded and run it.
            Put a tick in Accept then click on Next
            Put a tick in the Don't create a start menu folder then click Next
            Put a tick in Create a Desktop Icon then click on Install and make sure there is a tick in Launch Whocrashed before clicking Finish
            Click Analyze
            It will want to download the Debugger and install it  say Yes

            WhoCrashed will create report but you have to scroll down to see it
            Copy and paste it into your next reply
            Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender