Author Topic: I'm infected....my logs (Read 8585 times)

pepper · « **on:** March 08, 2009, 06:02:01 PM »

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/08/2009 at 07:48 PM

Application Version : 4.25.1014

Core Rules Database Version : 3788
Trace Rules Database Version: 1745

Scan type : Quick Scan
Total Scan Time : 01:07:00

Memory items scanned : 483
Memory threats detected : 1
Registry items scanned : 670
Registry threats detected : 649
File items scanned : 60638
File threats detected : 117

Adware.MyWebSearch
   C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
   C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
   [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
   [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
   HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
   HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
   HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32
   HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
   HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\Programmable
   C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
   HKU\S-1-5-21-1729239401-3319355391-4001098575-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
   HKU\S-1-5-21-1729239401-3319355391-4001098575-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
   HKU\S-1-5-21-1729239401-3319355391-4001098575-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
   HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
   HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
   HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32
   HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
   C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
   HKU\S-1-5-21-1729239401-3319355391-4001098575-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
   HKU\S-1-5-21-1729239401-3319355391-4001098575-1009\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
   C:\WINDOWS\Prefetch\MWSOEMON.EXE-194861D2.pf

Adware.MyWebSearch/FunWebProducts
   HKLM\SOFTWARE\Fun Web Products
   HKLM\SOFTWARE\Fun Web Products#JpegConversionLib
   HKLM\SOFTWARE\Fun Web Products#CacheDir
   HKLM\SOFTWARE\Fun Web Products\MSNMessenger
   HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLFile
   HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLDir
   HKLM\SOFTWARE\Fun Web Products\ScreenSaver
   HKLM\SOFTWARE\Fun Web Products\ScreenSaver#ImagesDir
   HKLM\SOFTWARE\Fun Web Products\Settings
   HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn
   HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#LastHTMLMenuURL
   HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#HTMLMenuRevision
   HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#ETag
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.numActive
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.0
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqNone
   HKLM\SOFTWARE\Fun Web

pepper · « **Reply #1 on:** March 08, 2009, 06:06:05 PM »

HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.0
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqUninstalled
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive2
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.1
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.2
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.3
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.4
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.5
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.6
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.7
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.8
   HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn
   HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuPosDeleted
   HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#LastHTMLMenuURL
   HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuRevision
   HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#ETag
   HKLM\SOFTWARE\Fun Web Products\Settings\WebfettiBtn
   HKLM\SOFTWARE\Fun Web Products\Settings\WebfettiBtn#LastHTMLMenuURL
   HKLM\SOFTWARE\Fun Web Products\Settings\WebfettiBtn#HTMLMenuRevision
   HKLM\SOFTWARE\Fun Web Products\Settings\WebfettiBtn#ETag
   HKLM\SOFTWARE\FunWebProducts
   HKLM\SOFTWARE\FunWebProducts\Installer
   HKLM\SOFTWARE\FunWebProducts\Installer#CurInstall
   HKLM\SOFTWARE\FunWebProducts\Installer#sr
   HKLM\SOFTWARE\FunWebProducts\Installer#pl
   HKLM\SOFTWARE\FunWebProducts\Installer#CheckForConnection
   HKU\S-1-5-21-1729239401-3319355391-4001098575-1009\SOFTWARE\MyWebSearch
   HKLM\SOFTWARE\MyWebSearch
   HKLM\SOFTWARE\MyWebSearch\bar
   HKLM\SOFTWARE\MyWebSearch\bar#Maximized
   HKLM\SOFTWARE\MyWebSearch\bar#Visible
   HKLM\SOFTWARE\MyWebSearch\bar#UseFWB
   HKLM\SOFTWARE\MyWebSearch\bar#pid
   HKLM\SOFTWARE\MyWebSearch\bar#fwp
   HKLM\SOFTWARE\MyWebSearch\bar#mwsask
   HKLM\SOFTWARE\MyWebSearch\bar#un
   HKLM\SOFTWARE\MyWebSearch\bar#tiec
   HKLM\SOFTWARE\MyWebSearch\bar#Dir
   HKLM\SOFTWARE\MyWebSearch\bar#PluginPath
   HKLM\SOFTWARE\MyWebSearch\bar#UninstallString
   HKLM\SOFTWARE\MyWebSearch\bar#Id
   HKLM\SOFTWARE\MyWebSearch\bar#CurInstall
   HKLM\SOFTWARE\MyWebSearch\bar#SettingsDir
   HKLM\SOFTWARE\MyWebSearch\bar#sr
   HKLM\SOFTWARE\MyWebSearch\bar#pl
   HKLM\SOFTWARE\MyWebSearch\bar#CacheDir
   HKLM\SOFTWARE\MyWebSearch\bar#ConfigRevision
   HKLM\SOFTWARE\MyWebSearch\bar#ConfigRevisionURL
   HKLM\SOFTWARE\MyWebSearch\bar#ConfigDateStamp
   HKLM\SOFTWARE\MyWebSearch\bar#HTMLMenuRevision
   HKLM\SOFTWARE\MyWebSearch\bar#sscSet
   HKLM\SOFTWARE\MyWebSearch\bar#sscLabel
   HKLM\SOFTWARE\MyWebSearch\bar#sscURL
   HKLM\SOFTWARE\MyWebSearch\bar#NextConfigRequest
   HKLM\SOFTWARE\MyWebSearch\bar#LastConfigRequest
   HKLM\SOFTWARE\MyWebSearch\bar#Flags
   HKLM\SOFTWARE\MyWebSearch\bar#HistoryDir
   HKLM\SOFTWARE\MyWebSearch\bar#AutocompleteURL
   HKLM\SOFTWARE\MyWebSearch\MWSOEMON
   HKLM\SOFTWARE\MyWebSearch\MWSOEMON#Version
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG#Version
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG#Path
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG#StandardSmileyDir.AIM
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.numActive2
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.0
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.1
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.2
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.3
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.4
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.5
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.6
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.7
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.8
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.9
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.numActive
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.numActive2
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.0.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.1.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.2.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.3.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.4.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.5.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.6.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.7.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.8.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.9.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.10.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.11.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.12.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.13.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.numActive
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.numActive2
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.0.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.1.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.2.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.3.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.4.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.5.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.6.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.7.old
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.8
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.numActive2
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.0
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.1
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.2
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.3
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.4
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.5
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.6
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.7
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.8
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.9
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.numActive2
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.0
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.1
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.2
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.3
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.4
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.5
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.6
   HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.7
   HKLM\SOFTWARE\MyWebSearch\OEHosts
   HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows8
   HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows2
   HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows3
   HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows4
   HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows5
   HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows6
   HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows7
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#UseFWB
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pid
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#fwp
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#mwsask
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#Dir
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#esh
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#lsp
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#Id
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#CurInstall
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#sr
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pl
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ConfigDateStamp
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ABS
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#DES
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#sscEnabled
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#eintl
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#NextRequest
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#LastRequest
   HKLM\SOFTWARE\MyWebSearch\SkinTools
   HKLM\SOFTWARE\MyWebSearch\SkinTools#PlayerPath
   HKCR\FunWebProducts.DataControl
   HKCR\FunWebProducts.DataControl\CLSID
   HKCR\FunWebProducts.DataControl\CurVer
   HKCR\FunWebProducts.DataControl.1
   HKCR\FunWebProducts.DataControl.1\CLSID
   HKCR\FunWebProducts.HistoryKillerScheduler
   HKCR\FunWebProducts.HistoryKillerScheduler\CLSID
   HKCR\FunWebProducts.HistoryKillerScheduler\CurVer
   HKCR\FunWebProducts.HistoryKillerScheduler.1
   HKCR\FunWebProducts.HistoryKillerScheduler.1\CLSID
   HKCR\FunWebProducts.HistorySwatterControlBar
   HKCR\FunWebProducts.HistorySwatterControlBar\CLSID
   HKCR\FunWebProducts.HistorySwatterControlBar\CurVer
   HKCR\FunWebProducts.HistorySwatterControlBar.1
   HKCR\FunWebProducts.HistorySwatterControlBar.1\CLSID
   HKCR\FunWebProducts.HTMLMenu
   HKCR\FunWebProducts.HTMLMenu\CLSID
   HKCR\FunWebProducts.HTMLMenu\CurVer
   HKCR\FunWebProducts.HTMLMenu.1
   HKCR\FunWebProducts.HTMLMenu.1\CLSID
   HKCR\FunWebProducts.HTMLMenu.2
   HKCR\FunWebProducts.HTMLMenu.2\CLSID
   HKCR\FunWebProducts.IECookiesManager
   HKCR\FunWebProducts.IECookiesManager\CLSID
   HKCR\FunWebProducts.IECookiesManager\CurVer
   HKCR\FunWebProducts.IECookiesManager.1
   HKCR\FunWebProducts.IECookiesManager.1\CLSID
   HKCR\FunWebProducts.KillerObjManager
   HKCR\FunWebProducts.KillerObjManager\CLSID
   HKCR\FunWebProducts.KillerObjManager\CurVer
   HKCR\FunWebProducts.KillerObjManager.1
   HKCR\FunWebProducts.KillerObjManager.1\CLSID
   HKCR\FunWebProducts.PopSwatterBarButton
   HKCR\FunWebProducts.PopSwatterBarButton\CLSID
   HKCR\FunWebProducts.PopSwatterBarButton\CurVer
   HKCR\FunWebProducts.PopSwatterBarButton.1
   HKCR\FunWebProducts.PopSwatterBarButton.1\CLSID
   HKCR\FunWebProducts.PopSwatterSettingsControl
   HKCR\FunWebProducts.PopSwatterSettingsControl\CLSID
   HKCR\FunWebProducts.PopSwatterSettingsControl\CurVer
   HKCR\FunWebProducts.PopSwatterSettingsControl.1
   HKCR\FunWebProducts.PopSwatterSettingsControl.1\CLSID
   HKCR\MyWebSearch.ChatSessionPlugin
   HKCR\MyWebSearch.ChatSessionPlugin\CLSID
   HKCR\MyWebSearch.ChatSessionPlugin\CurVer
   HKCR\MyWebSearch.ChatSessionPlugin.1
   HKCR\MyWebSearch.ChatSessionPlugin.1\CLSID
   HKCR\MyWebSearch.HTMLPanel
   HKCR\MyWebSearch.HTMLPanel\CLSID
   HKCR\MyWebSearch.HTMLPanel\CurVer
   HKCR\MyWebSearch.HTMLPanel.1
   HKCR\MyWebSearch.HTMLPanel.1\CLSID
   HKCR\MyWebSearch.OutlookAddin
   HKCR\MyWebSearch.OutlookAddin\CurVer
   HKCR\MyWebSearch.OutlookAddin.1
   HKCR\MyWebSearch.PseudoTransparentPlugin
   HKCR\MyWebSearch.PseudoTransparentPlugin\CurVer
   HKCR\MyWebSearch.PseudoTransparentPlugin.1
   HKCR\MyWebSearchToolBar.SettingsPlugin
   HKCR\MyWebSearchToolBar.SettingsPlugin\CurVer
   HKCR\MyWebSearchToolBar.SettingsPlugin.1
   HKCR\MyWebSearchToolBar.ToolbarPlugin
   HKCR\MyWebSearchToolBar.ToolbarPlugin\CurVer
   HKCR\MyWebSearchToolBar.ToolbarPlugin.1
   HKCR\ScreenSaverControl.ScreenSaverInstaller
   HKCR\ScreenSaverControl.ScreenSaverInstaller\CLSID
   HKCR\ScreenSaverControl.ScreenSaverInstaller\CurVer
   HKCR\ScreenSaverControl.ScreenSaverInstaller.1
   HKCR\ScreenSaverControl.ScreenSaverInstaller.1\CLSID
   HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
   HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\InprocServer32
   HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\InprocServer32#ThreadingModel
   HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\ProgID
   HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\Programmable
   HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\TypeLib
   HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\VersionIndependentProgID
   HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
   HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs
   HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}
   HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\Control
   HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\InprocServer32
   HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}

pepper · « **Reply #2 on:** March 08, 2009, 06:19:09 PM »

HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\InprocServer32#ThreadingModel
   HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\MiscStatus
   HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\MiscStatus\1
   HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\ProgID
   HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\Programmable
   HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\TypeLib
   HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\Version
   HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\VersionIndependentProgID
   HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
   HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\InprocServer32
   HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\InprocServer32#ThreadingModel
   HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\ProgID
   HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\VersionIndependentProgID
   HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
   HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\Control
   HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\InprocServer32
   HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\InprocServer32#ThreadingModel
   HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\MiscStatus
   HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\MiscStatus\1
   HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\ProgID
   HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\Programmable
   HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\TypeLib
   HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\Version
   HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\VersionIndependentProgID
   HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
   HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\InprocServer32
   HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\InprocServer32#ThreadingModel
   HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\ProgID
   HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\Programmable
   HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
   HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\VersionIndependentProgID
   HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}
   HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32
   HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32#ThreadingModel
   HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
   HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\InprocServer32
   HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\InprocServer32#ThreadingModel
   HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\ProgID
   HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\Programmable
   HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\TypeLib
   HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\VersionIndependentProgID
   HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
   HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}\InprocServer32
   HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}\InprocServer32#ThreadingModel
   HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
   HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\InprocServer32
   HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\InprocServer32#ThreadingModel
   HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\ProgID
   HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\VersionIndependentProgID
   HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
   HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\InprocServer32
   HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\InprocServer32#ThreadingModel
   HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\MiscStatus
   HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\MiscStatus\1
   HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\ProgID
   HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\Programmable
   HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\TypeLib
   HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\Version
   HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\VersionIndependentProgID
   HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}
   HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs
   HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}
   HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\InprocServer32
   HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\InprocServer32#ThreadingModel
   HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\Programmable
   HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\TypeLib
   HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
   HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\InprocServer32
   HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\InprocServer32#ThreadingModel
   HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\MiscStatus
   HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\MiscStatus\1
   HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\ProgID
   HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\Programmable
   HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\TypeLib
   HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\Version
   HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\VersionIndependentProgID
   HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
   HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\InprocServer32
   HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\InprocServer32#ThreadingModel
   HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\MiscStatus
   HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\MiscStatus\1
   HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\ProgID
   HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\Programmable
   HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\TypeLib
   HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\Version
   HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\VersionIndependentProgID
   HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
   HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\InprocServer32
   HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\InprocServer32#ThreadingModel
   HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\ProgID
   HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\Programmable
   HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\TypeLib
   HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\VersionIndependentProgID
   HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}
   HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\InprocServer32
   HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\InprocServer32#ThreadingModel
   HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\Programmable
   HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\TypeLib
   HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}
   HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\Control
   HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\InprocServer32
   HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\InprocServer32#ThreadingModel
   HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\MiscStatus
   HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\MiscStatus\1
   HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\ProgID
   HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\Programmable
   HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\TypeLib
   HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\Version
   HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\VersionIndependentProgID
   HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
   HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0
   HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\0
   HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\0\win32
   HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\FLAGS
   HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\HELPDIR
   HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}
   HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0
   HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\0
   HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\0\win32
   HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\FLAGS
   HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\HELPDIR
   HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}
   HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0
   HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\0
   HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\0\win32
   HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\FLAGS
   HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\HELPDIR
   HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}
   HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0
   HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\0
   HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\0\win32
   HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\FLAGS
   HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\HELPDIR
   HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
   HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0
   HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\0
   HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\0\win32
   HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\FLAGS
   HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\HELPDIR
   HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
   HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0
   HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\0
   HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\0\win32
   HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\FLAGS
   HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\HELPDIR
   HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}
   HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0
   HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\0
   HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\0\win32
   HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\FLAGS
   HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\HELPDIR
   HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}
   HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0
   HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\0
   HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\0\win32
   HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\FLAGS
   HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\HELPDIR
   HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
   HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0
   HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\0
   HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\0\win32
   HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\FLAGS
   HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\HELPDIR
   HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}
   HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0
   HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\0
   HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\0\win32
   HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\FLAGS
   HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\HELPDIR
   HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
   HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0
   HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\0
   HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\0\win32
   HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\FLAGS
   HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\HELPDIR
   HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
   HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid
   HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
   HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib
   HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
   HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
   HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid
   HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
   HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib
   HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
   HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
   HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid
   HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid32
   HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib
   HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib#Version
   HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
   HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid
   HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid32
   HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib
   HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib#Version
   HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
   HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid
   HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid32
   HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib
   HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib#Version
   HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
   HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid
   HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid32
   HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib
   HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib#Version
   HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
   HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid
   HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid32
   HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib
   HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib#Version
   HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
   HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
   HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
   HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
   HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
   HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
   HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
   HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
   HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
   HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
   HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
   HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid
   HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid32
   HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib
   HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib#Version
   HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
   HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid
   HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid32
   HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib
   HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib#Version
   HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
   HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid
   HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
   HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib
   HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib#Version
   HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
   HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid
   HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
   HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib
   HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib#Version
   HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
   HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid
   HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
   HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
   HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
   HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
   HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid
   HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
   HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
   HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
   HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
   HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid
   HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid32
   HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib
   HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\

pepper · « **Reply #3 on:** March 08, 2009, 06:25:58 PM »

HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid
   HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid32
   HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib
   HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib#Version
   HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
   HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid
   HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid32
   HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib
   HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib#Version
   HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
   HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
   HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
   HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
   HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version
   HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
   HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
   HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
   HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
   HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
   HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
   HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
   HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
   HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
   HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
   HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
   HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
   HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
   HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
   HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
   HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
   HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
   HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
   HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
   HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
   HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
   HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid
   HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid32
   HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib
   HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib#Version
   HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
   HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid
   HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid32
   HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib
   HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib#Version
   HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
   HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid
   HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid32
   HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib
   HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib#Version
   HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
   HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid
   HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid32
   HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib
   HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib#Version
   HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
   HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid
   HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid32
   HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib
   HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib#Version
   HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
   HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid
   HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid32
   HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib
   HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib#Version
   HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
   HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ProxyStubClsid
   HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ProxyStubClsid32
   HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib
   HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib#Version
   HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
   HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid
   HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid32
   HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib
   HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib#Version
   HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
   HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
   HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
   HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
   HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
   HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
   HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
   HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
   HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
   HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
   HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
   HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid
   HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid32
   HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib
   HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib#Version
   HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
   HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid
   HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid32
   HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib
   HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib#Version
   HKLM\Software\FocusInteractive
   HKLM\Software\FocusInteractive\bar
   HKLM\Software\FocusInteractive\bar\Switches
   HKLM\Software\FocusInteractive\bar\Switches#incmail.exe
   HKLM\Software\FocusInteractive\bar\Switches#msimn.exe
   HKLM\Software\FocusInteractive\bar\Switches#msn.exe
   HKLM\Software\FocusInteractive\bar\Switches#outlook.exe
   HKLM\Software\FocusInteractive\bar\Switches#waol.exe
   HKLM\Software\FocusInteractive\bar\Switches#aim.exe
   HKLM\Software\FocusInteractive\bar\Switches#icq.exe
   HKLM\Software\FocusInteractive\bar\Switches#icqlite.exe
   HKLM\Software\FocusInteractive\bar\Switches#msmsgs.exe
   HKLM\Software\FocusInteractive\bar\Switches#msnmsgr.exe
   HKLM\Software\FocusInteractive\bar\Switches#ypager.exe
   HKLM\Software\FocusInteractive\bar\Switches#au
   HKLM\Software\FocusInteractive\bar\Switches#mwsSrcAs.dll
   HKLM\Software\FocusInteractive\bar\Switches#ps
   HKLM\Software\FocusInteractive\bar\Switches#ok
   HKLM\Software\FocusInteractive\bar\Switches#od
   HKLM\Software\FocusInteractive\bar\Switches#nk
   HKLM\Software\FocusInteractive\bar\Switches#nd
   HKLM\Software\FocusInteractive\Email-IM
   HKLM\Software\FocusInteractive\Email-IM\0
   HKLM\Software\FocusInteractive\Email-IM\0#Toolbar
   HKLM\Software\FocusInteractive\Email-IM\0#AppName
   HKLM\Software\FocusInteractive\Email-IM\0#Path
   HKLM\Software\FocusInteractive\Outlook
   HKLM\Software\FocusInteractive\Outlook#MyWebSearch.OutlookAddin
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#DisplayName
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#HelpLink
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#Publisher
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#UninstallString
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#UrlInfoAbout
   C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
   C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
   C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
   C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
   C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
   C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
   C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
   C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
   C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
   C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
   C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
   C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
   C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
   C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
   C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
   C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
   C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
   C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
   C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
   C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
   C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
   C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
   C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
   C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
   C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
   C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
   C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
   C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
   C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
   C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
   C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
   C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
   C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
   C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
   C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
   C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
   C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
   C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
   C:\Program Files\MyWebSearch\bar\1.bin
   C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
   C:\Program Files\MyWebSearch\bar\Avatar
   C:\Program Files\MyWebSearch\bar\Cache\003F77BD.bin
   C:\Program Files\MyWebSearch\bar\Cache\003F7CFD.bin
   C:\Program Files\MyWebSearch\bar\Cache\003F7E74.bin
   C:\Program Files\MyWebSearch\bar\Cache\003F7FBC.bin
   C:\Program Files\MyWebSearch\bar\Cache\00F5E7A9
   C:\Program Files\MyWebSearch\bar\Cache\00F5ED85
   C:\Program Files\MyWebSearch\bar\Cache\00F5FA75.bin
   C:\Program Files\MyWebSearch\bar\Cache\00F60591.bin
   C:\Program Files\MyWebSearch\bar\Cache\00F607C3.bin
   C:\Program Files\MyWebSearch\bar\Cache\00F60A15.bin
   C:\Program Files\MyWebSearch\bar\Cache\files.ini
   C:\Program Files\MyWebSearch\bar\Cache
   C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
   C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
   C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
   C:\Program Files\MyWebSearch\bar\Game
   C:\Program Files\MyWebSearch\bar\History\search3
   C:\Program Files\MyWebSearch\bar\History
   C:\Program Files\MyWebSearch\bar\icons\CM.ICO
   C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
   C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
   C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
   C:\Program Files\MyWebSearch\bar\icons\WB.ICO
   C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
   C:\Program Files\MyWebSearch\bar\icons
   C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
   C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif
   C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm
   C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm
   C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm
   C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
   C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
   C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm
   C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif
   C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif
   C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm
   C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm
   C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
   C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif
   C:\Program Files\MyWebSearch\bar\Message\COMMON
   C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
   C:\Program Files\MyWebSearch\bar\Message
   C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
   C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
   C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
   C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
   C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
   C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
   C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
   C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
   C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
   C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
   C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
   C:\Program Files\MyWebSearch\bar\Notifier
   C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
   C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
   C:\Program Files\MyWebSearch\bar\Settings\settings.dat
   C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
   C:\Program Files\MyWebSearch\bar\Settings
   C:\Program Files\MyWebSearch\bar
   C:\Program Files\MyWebSearch\SrchAstt\1.bin
   C:\Program Files\MyWebSearch\SrchAstt
   C:\Program Files\MyWebSearch
   C:\Program Files\FunWebProducts\ScreenSaver\Images
   C:\Program Files\FunWebProducts\ScreenSaver
   C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
   C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
   C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html
   C:\Program Files\FunWebProducts\Shared\Cache
   C:\Program Files\FunWebProducts\Shared
   C:\Program Files\FunWebProducts
   C:\WINDOWS\Prefetch\M3SKPLAY.EXE-14907393.pf

pepper · « **Reply #4 on:** March 08, 2009, 07:02:57 PM »

Malwarebytes' Anti-Malware 1.34
Database version: 1827
Windows 5.1.2600 Service Pack 3

3/8/2009 8:43:08 PM
mbam-log-2009-03-08 (20-43-08).txt

Scan type: Quick Scan
Objects scanned: 72206
Time elapsed: 10 minute(s), 42 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 2
Registry Keys Infected: 133
Registry Values Infected: 8
Registry Data Items Infected: 0
Folders Infected: 19
Files Infected: 98

Memory Processes Infected:
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

pepper · « **Reply #5 on:** March 08, 2009, 07:04:50 PM »

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar search scope monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.

pepper · « **Reply #6 on:** March 08, 2009, 07:37:31 PM »

Broni I followed everything. I couldn't believe how many infections I had. I do scans all the time and I thought the maintenance I did kept my computer up to date but apparently I'm doing something wrong. I even got rid of all the Java updates I had. There were lot's of them.

What else should I do now?

pepper · « **Reply #7 on:** March 08, 2009, 08:17:13 PM »

One more log from HiJackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:15 PM, on 3/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6172\SiteAdv.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167343560406
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540800} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 11555 bytes

evilfantasy · « **Reply #8 on:** March 08, 2009, 08:54:32 PM »

How is the computer running now?

pepper · « **Reply #9 on:** March 08, 2009, 08:58:23 PM »

It's running okay but I still get that error message at start up.

Do I have to do anything to get rid of all the infections it found. Gosh I can't believe I had so many. I run scans all the time and never had so many infections. I would like to make sure they are all gone now.

You guys are the best!!! Thank you!!!!

evilfantasy · « **Reply #10 on:** March 08, 2009, 09:04:50 PM »

Quote

It's running okay but I still get that error message at start up.

What error?

evilfantasy · « **Reply #11 on:** March 08, 2009, 09:39:55 PM »

Do you use the Microsoft Intellipoint Mouse or Keyboard?

See HERE on instructions how to uninstall it and then install a new version. If you want to use that software.

pepper · « **Reply #12 on:** March 08, 2009, 10:26:08 PM »

Well after spending probably six hours doing scans and posting logs and unintsalling and reinstalling I am still getting the same error message at startup and now my computer is very, very slow.

evilfantasy · « **Reply #13 on:** March 09, 2009, 06:10:04 AM »

Do you use the Microsoft Intellipoint Mouse or Keyboard and did you try reinstalling it?

pepper · « **Reply #14 on:** March 09, 2009, 07:58:19 AM »

Microsoft wireless mouse. I followed the uninstall and install instructions you gave me.

Computer Hope Forum

News:

Author Topic: I'm infected....my logs (Read 8585 times)

pepper

I'm infected....my logs

pepper

Re: I'm infected....my logs

pepper

Re: I'm infected....my logs

pepper

Re: I'm infected....my logs

pepper

Re: I'm infected....my logs

pepper

Re: I'm infected....my logs

pepper

Re: I'm infected....my logs

pepper

Re: I'm infected....my logs

evilfantasy

Re: I'm infected....my logs

pepper

Re: I'm infected....my logs

evilfantasy

Re: I'm infected....my logs

evilfantasy

Re: I'm infected....my logs

pepper

Re: I'm infected....my logs

evilfantasy

Re: I'm infected....my logs

pepper

Re: I'm infected....my logs