Hi, I hope you can help me. I have this annoying WIN AV virus that wants me to activate a scanner for viruses and things and it wont go away. There are three different apps trying to get me to purchase thier scanners. I downloaded HijackThis and copied and pasted the list below. I also downloaded and ran combofix. I am still recieving these pop ups even after the combofix was ran. Can you help me please? Thanks! -Bryn P.S. Can you give me a walk through on how to find the log for combofix in C:? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:42, on 2008-10-28 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Applications\iebtm.exe C:\WINDOWS\system32\hkcmd.exe C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Applications\iebtmm.exe C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Lexmark 1200 Series\lxczbmon.exe C:\Program Files\WAV\wav.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\WINDOWS\system32\algg.exe C:\Program Files\VResLab\VResLab.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCMTR.EXE C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\AGRSMMSG.exe c:\windows\system\hpsysdrv.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defa...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing) O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing) O2 - BHO: (no name) - {3B7AAEB1-9F3D-4491-9C06-C7165CA8D058} - C:\Program Files\Applications\iebt.dll O2 - BHO: 512686 helper - {51B15F5A-E98B-4658-B9CB-9307B74773A7} - C:\WINDOWS\system32\512686\512686.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Accelerator Plugin - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRA~1\PEOPLE~1\PRPL_I~1.DLL (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: (no name) - {944864A5-3916-46E2-96A9-A2E84F3F1208} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: VResLabWarningBHO Class - {B494E7BB-1E33-4922-A947-F74EFF4E714F} - C:\Program Files\VResLab\VResLabWarning.dll (file missing) O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing) O3 - Toolbar: Internet Service - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - C:\Program Files\Applications\iebr.dll (file missing) O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0 O4 - HKLM\..\Run: [EIbminsprt310] E:\Ibmins\prtStart.exe 11 27 1 19 2007 "E:\Ibmins\prt3140.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Eibminsprt311] E:\ibmins\prtStart.exe 15 50 2 07 2007 "E:\ibmins\prt3140.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\WAV\wav.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [VResLab] "C:\Program Files\VResLab\VResLab.exe" O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\system32\algg.exe O4 - HKLM\..\Policies\Explorer\Run: [smile] C:\Program Files\Applications\wcs.exe O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Applications\iebtm.exe O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Startup: HP Organize.lnk = ? O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredit...04YYUS_ZZzer000 O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.onlyiesettings.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.onlyiesettings.com/redirect.php (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008...toUploader5.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache...tup1.0.0.15.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/...l_v1-0-3-48.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by143fd.bay143.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resourc...lscbase8300.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1178130602453 O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUnivers...eck_1_0_0_4.cab O22 - SharedTaskScheduler: gey - {ba934431-76af-4c99-93c2-c3d21944a72e} - C:\WINDOWS\system32\gcqltg.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing) O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PsExec (PSEXESVC) - Sysinternals - C:\WINDOWS\PSEXESVC.EXE O23 - Service: Windows Live OneCare (winss) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (file missing) -- End of file - 18766 bytes
Hey brinnybug Before we do anything with Combofix, let's try a scanner. Please download Superantispyware Free and install it. Follow the prompts and reboot if required. Launch Superantispyware Free either by running C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.exe or right-click on the SuperAntispyware icon in your task bar (it looks like a bug) and click on Scan for Spyware, Adware, Malware... Configuring SuperAntispyware • Click on Preferences. • In the tab General and Startup, make sure the box Start SuperAntispyware when Windows starts is unchecked. This will prevent SuperAntispyware from starting everytime, because it may interfere with other fixes that may be run. • Navigate to the tab Scanning Control. • Make sure only these boxes are checked: Code: Close browsers before scanning Scan for tracking cookies Terminate memory threats before quarantining Scan Alternate Data Streams Use Kernel Direct File Access (recommended) Use Kernel Direct Registry Access (recommended) Use Direct Disk Access (recommended) • Click on Close. Updating SuperAntispyware • At the main window, click on Check for Updates.... • Wait for SuperAntispyware to be fully updated. Scanning Time • Boot into safe mode by repeatedly pressing the F8 key after you press the power button. If safe mode does not work, tell me and do the scan in normal mode. • Launch SuperAntispyware. • At the main window, click on Scan your Computer.... • Make sure all drives (excluding CD drives) are checked, select Perform Complete Scan, and then click on Next. • Wait for the scan to complete, and then click on Next>. This will quarantine and remove all detected items. • Reboot your computer. Post A Log • Launch SuperAntispyware • Click on Preferences • Navigate to the tab Statistics/Logs. • Choose the latest scan log, and the click on View Log.... • Copy and paste the contents of the log here in your next post. Best Regards PS: The log should be located at C:\Combofix.txt
Here is the log from superantispyware. I tried safe mode more than once, It didn' work or I did it wrong. Sorry. Thanks so much for your help! Is there anything else I need to do? Thanks, Bryn SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 10/29/2008 at 00:57 AM Application Version : 4.21.1004 Core Rules Database Version : 3613 Trace Rules Database Version: 1599 Scan type : Complete Scan Total Scan Time : 01:11:44 Memory items scanned : 435 Memory threats detected : 5 Registry items scanned : 7811 Registry threats detected : 794 File items scanned : 142017 File threats detected : 386 Trojan.Dropper/Gen C:\WINDOWS\SYSTEM32\GCQLTG.DLL C:\WINDOWS\SYSTEM32\GCQLTG.DLL HKLM\Software\Classes\CLSID\{ba934431-76af-4c99-93c2-c3d21944a72e} HKCR\CLSID\{BA934431-76AF-4C99-93C2-C3D21944A72E} HKCR\CLSID\{BA934431-76AF-4C99-93C2-C3D21944A72E}\InProcServer32 HKCR\CLSID\{BA934431-76AF-4C99-93C2-C3D21944A72E}\InProcServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{ba934431-76af-4c99-93c2-c3d21944a72e} Adware.Media-Codec/ZLob C:\PROGRAM FILES\APPLICATIONS\IEBTM.EXE C:\PROGRAM FILES\APPLICATIONS\IEBTM.EXE C:\PROGRAM FILES\APPLICATIONS\IEBTMM.EXE C:\PROGRAM FILES\APPLICATIONS\IEBTMM.EXE [start] C:\PROGRAM FILES\APPLICATIONS\IEBTM.EXE Trojan.Unclassified/ALGG C:\WINDOWS\SYSTEM32\ALGG.EXE C:\WINDOWS\SYSTEM32\ALGG.EXE [wblogon] C:\WINDOWS\SYSTEM32\ALGG.EXE C:\WINDOWS\Prefetch\ALGG.EXE-2A7A7D28.pf Rogue.VirusResponseLab2009 C:\PROGRAM FILES\VRESLAB\VRESLAB.EXE C:\PROGRAM FILES\VRESLAB\VRESLAB.EXE [VResLab] C:\PROGRAM FILES\VRESLAB\VRESLAB.EXE HKLM\Software\Classes\CLSID\{B494E7BB-1E33-4922-A947-F74EFF4E714F} HKCR\CLSID\{B494E7BB-1E33-4922-A947-F74EFF4E714F} HKCR\CLSID\{B494E7BB-1E33-4922-A947-F74EFF4E714F} HKCR\CLSID\{B494E7BB-1E33-4922-A947-F74EFF4E714F}\InprocServer32 HKCR\CLSID\{B494E7BB-1E33-4922-A947-F74EFF4E714F}\InprocServer32#ThreadingModel HKCR\CLSID\{B494E7BB-1E33-4922-A947-F74EFF4E714F}\ProgID HKCR\CLSID\{B494E7BB-1E33-4922-A947-F74EFF4E714F}\Programmable HKCR\CLSID\{B494E7BB-1E33-4922-A947-F74EFF4E714F}\TypeLib HKCR\CLSID\{B494E7BB-1E33-4922-A947-F74EFF4E714F}\VersionIndependentProgID HKCR\VResLabWarning.WarningBHO.1 HKCR\VResLabWarning.WarningBHO.1\CLSID HKCR\VResLabWarning.WarningBHO HKCR\VResLabWarning.WarningBHO\CLSID HKCR\VResLabWarning.WarningBHO\CurVer HKCR\TypeLib\{3ED86073-2FA7-4cf4-810B-28B030671678} C:\PROGRAM FILES\VRESLAB\VRESLABWARNING.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B494E7BB-1E33-4922-A947-F74EFF4E714F} C:\Program Files\VRESLAB C:\SYSTEM VOLUME INFORMATION\_RESTORE{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1049\A0159987.EXE C:\WINDOWS\Prefetch\VRESLAB.EXE-199B56B7.pf Adware.MyWebSearch HKLM\Software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D} HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D} HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32 HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\Programmable C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D} HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D} HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32 HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable HKLM\Software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32 HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\Programmable HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\TypeLib HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0 HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\0 HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\0\win32 HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\FLAGS HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\HELPDIR C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32 HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\Programmable HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\TypeLib HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} HKLM\Software\Microsoft\Internet Explorer\Toolbar#{07B18EA9-A523-4961-B6BB-170DE4475CCA} Adware.MyWay HKLM\Software\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10} HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10} HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}\InprocServer32 C:\PROGRAM FILES\MYGLOBALSEARCH\BAR\1.BIN\MGSBAR.DLL Trojan.FakeAlert-IEBT HKLM\Software\Classes\CLSID\{144A6B24-0EBC-4D89-BF09-A06A718E57B5} HKCR\CLSID\{144A6B24-0EBC-4D89-BF09-A06A718E57B5} HKCR\CLSID\{144A6B24-0EBC-4D89-BF09-A06A718E57B5} HKCR\CLSID\{144A6B24-0EBC-4D89-BF09-A06A718E57B5}\Implemented Categories HKCR\CLSID\{144A6B24-0EBC-4D89-BF09-A06A718E57B5}\Implemented Categories\{00021493-0000-0000-C000-000000000046} HKCR\CLSID\{144A6B24-0EBC-4D89-BF09-A06A718E57B5}\InprocServer32 HKCR\CLSID\{144A6B24-0EBC-4D89-BF09-A06A718E57B5}\InprocServer32#ThreadingModel C:\PROGRAM FILES\APPLICATIONS\IEBR.DLL HKLM\Software\Classes\CLSID\{3B7AAEB1-9F3D-4491-9C06-C7165CA8D058} HKCR\CLSID\{3B7AAEB1-9F3D-4491-9C06-C7165CA8D058} HKCR\CLSID\{3B7AAEB1-9F3D-4491-9C06-C7165CA8D058}#www HKCR\CLSID\{3B7AAEB1-9F3D-4491-9C06-C7165CA8D058}\InprocServer32 HKCR\CLSID\{3B7AAEB1-9F3D-4491-9C06-C7165CA8D058}\InprocServer32#ThreadingModel C:\PROGRAM FILES\APPLICATIONS\IEBT.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3B7AAEB1-9F3D-4491-9C06-C7165CA8D058} HKLM\Software\Microsoft\Internet Explorer\Toolbar#{144A6B24-0EBC-4D89-BF09-A06A718E57B5} HKCR\CLSID\{3B7AAEB1-9F3D-4491-9C06-C7165CA8D058} C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\APPLICATIONS\IEBR.DLL.VIR Adware.E404 Helper/Variant-AM HKLM\Software\Classes\CLSID\{51B15F5A-E98B-4658-B9CB-9307B74773A7} HKCR\CLSID\{51B15F5A-E98B-4658-B9CB-9307B74773A7} HKCR\CLSID\{51B15F5A-E98B-4658-B9CB-9307B74773A7} HKCR\CLSID\{51B15F5A-E98B-4658-B9CB-9307B74773A7}\InprocServer32 HKCR\CLSID\{51B15F5A-E98B-4658-B9CB-9307B74773A7}\InprocServer32#ThreadingModel HKCR\CLSID\{51B15F5A-E98B-4658-B9CB-9307B74773A7}\ProgID HKCR\CLSID\{51B15F5A-E98B-4658-B9CB-9307B74773A7}\Programmable HKCR\CLSID\{51B15F5A-E98B-4658-B9CB-9307B74773A7}\TypeLib HKCR\CLSID\{51B15F5A-E98B-4658-B9CB-9307B74773A7}\VersionIndependentProgID HKCR\z444.z444mgr.1 HKCR\z444.z444mgr.1\CLSID HKCR\z444.z444mgr HKCR\z444.z444mgr\CLSID HKCR\z444.z444mgr\CurVer HKCR\TypeLib\{E63648F7-3933-440E-AAAA-A8584DD7B7EB} C:\WINDOWS\SYSTEM32\512686\512686.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51B15F5A-E98B-4658-B9CB-9307B74773A7} C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\512686\512686.DLL.VIR C:\SYSTEM VOLUME INFORMATION\_RESTORE{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1051\A0163461.DLL Adware.Accoona HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944864A5-3916-46E2-96A9-A2E84F3F1208} C:\PROGRAM FILES\FILESUBMIT\EYES OF TERROR800\ATOOLBAR400005.EXE Trojan.Smitfraud Variant/IE Anti-Spyware HKLM\Software\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E} Adware.Tracking Cookie C:\Documents and Settings\HP_Owner\Cookies\hp_owner@imrworldwide[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@test.coremetrics[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@counter.hitslink[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@media.adrevolver[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@insightexpressai[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@mediaplex[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@collective-media[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@counter.auctionworks[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@realmedia[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@sales.liveperson[8].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@sales.liveperson[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.burstnet[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@statcounter[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@questionmarket[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.realtechnetwork[3].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@stats.sellmosoft[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@partner2profit[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@paypal.112.2o7[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@casalemedia[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@server.iad.liveperson[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@eyewonder[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@perf.overture[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@iad.liveperson[3].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@fastclick[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.gametoplist[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@discount-trailers[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@specificclick[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@msnportal.112.2o7[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@stats.adbrite[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@xiti[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wgkycnajkfo.stats.esomniture[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@hitbox[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@statse.webtrendslive[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wjlygoazsap.stats.esomniture[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@sales.liveperson[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tribalfusion[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@kontera[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.realtechnetwork[5].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adopt.specificclick[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@apmebf[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@citi.bridgetrack[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@2o7[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@revsci[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@serving-sys[3].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@cc.bridgetrack[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.burstbeacon[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@richmedia.yahoo[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wjny-1odzac.stats.esomniture[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@data.coremetrics[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adrevolver[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tremor.adbureau[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@optimize.indieclick[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@socialmedia[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@advertising[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@videoegg.adbureau[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@server.iad.liveperson[3].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@burstnet[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@webmd.122.2o7[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.realtechnetwork[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.lookery[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@clickshift[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@discountramps[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.pointroll[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@bluestreak[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@dimemag.advertserve[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@zedo[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.lookery[3].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adserver.easyad[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@revenue[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.cnn[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-foxsports.hitbox[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-dig.hitbox[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@dallasnews.dotconnectmedia[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@valueclick[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adlegend[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@247realmedia[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@sales.liveperson[7].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@hearstmagazines.112.2o7[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-equifax.hitbox[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@trafficmp[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@media.adrevolver[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@bs.serving-sys[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tacoda[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adinterax[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adbrite[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@brightcove.112.2o7[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@blockbuster.112.2o7[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@view.atdmt[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adserving.autotrader[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@media6degrees[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@reduxads.valuead[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@4.adbrite[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@rocku.adbureau[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.adbrite[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@partners.tattomedia[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@exitexchange[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wcmyshdzadp.stats.esomniture[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@doubleclick[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-techtarget.hitbox[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@5.go.globaladsales[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@rotator.adjuggler[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atdmt[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.gmodules[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@icc.intellisrv[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-myspaceinc.hitbox[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@anad.tacoda[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adopt.euroclick[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@msnbc.112.2o7[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@stats.jamon[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-fxcm.hitbox[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@provolabs.112.2o7[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tradedoubler[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wfmiakajggq.stats.esomniture[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@equifax.adbureau[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@myaccount.peoplepc[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@riverdeep.112.2o7[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@track.bestbuy[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@media.hotels[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@iacas.adbureau[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@s.clickability[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@azjmp[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-akronbeacon.hitbox[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@gostats[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@nextag[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@libertymutual.112.2o7[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-paxinternet.hitbox[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.fatpenguinmedia[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adnetserver[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atwola[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@americafirstcreditunion.122.2o7[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@wpni.112.2o7[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@xmedia.live.advance[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@indexstats[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@cbsdigitalmedia.112.2o7[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@network.realmedia[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@clicksor[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-verizon.hitbox[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.as4x.tmcs[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@mywebsearch[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@fpmads.diabloadult[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.clickmanage[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.addynamix[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@app.insightgrit[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adecn[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@overture[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@edge.ru4[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@myaccount.verizonwireless[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.bridgetrack[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@sportingnews.122.2o7[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@anat.tacoda[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@goclick[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@fortunecity[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-foundation.hitbox[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@maxim.122.2o7[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@bet.burstnet[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@msnaccountservices.112.2o7[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@sparknetworks.112.2o7[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@media.mtvnservices[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@interclick[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@eas.apm.emediate[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@bfast[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@nebuad.adjuggler[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@publishers.clickbooth[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@counter.inkfrog[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adserver.adreactor[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.vlaze[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@iad.liveperson[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@newaccounts.freewebs[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@viamtvcom.112.2o7[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@te.kontera[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@cf-db02.clickfacts[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adfi.adbureau[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@media.brandreachsys[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@dominionenterprises.112.2o7[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@roiservice[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.3dstats[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.doubleclick[3].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@landing.trafficz[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.as4x.tmcs.ticketmaster[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wfmikpc5efp.stats.esomniture[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@nike.112.2o7[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.bigcatcountry[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@scot.valueclick[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.us.e-planning[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@CA4S7VUF.txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@006.free-counters.co[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@enhance[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@sales.liveperson[5].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.mediashaperonline[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.traderonline[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@thunderbolt.adjuggler[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adserving.contextualmarketplace[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@viacom.adbureau[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@viacomedycentralrl.112.2o7[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@hulu.112.2o7[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@roi.clicklab[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.flux[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@qnsr[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@cardfinder.capitalone[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adultfriendfinder[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@server.iad.liveperson[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@afe.specificclick[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@thechronicleofhighereducation.122.2o7[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@csi.valueclick[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@cbs.112.2o7[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@glb.adtechus[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@bigcatcountry[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@clickbank[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@moroch.112.2o7[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.movieweb[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.ookla[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@lynxtrack[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.monster[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@keywordmax[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@112.2o7[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@dynamic.media.adrevolver[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-traderpublishing.hitbox[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-space.hitbox[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@antispywaremaster[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@c1.zedo[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@affiliate.eadvtracker[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@trvlnet.adbureau[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@CA3XCGR5.txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.doubleclick[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.easy-forex[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@usatoday1.112.2o7[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adtech[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@sales.liveperson[4].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@myroitracking[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@stat.youku[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adcowebmedia[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@dotconnectmedia[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@virusresponse2009[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@counter.marketplaceadvisor.channeladvisor[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@earthlink.122.2o7[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@stats.fresho[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@bizrate[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@bnkicom.112.2o7[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-cardomain.hitbox[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@account.live[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tripod[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@leeenterprises.112.2o7[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@web4.realtracker[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@viavh1com.112.2o7[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wjlokhc5mlp.stats.esomniture[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wfl4ckdzmbp.stats.esomniture[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@a.websponsors[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@at.atwola[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-comcast.hitbox[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad1.clickhype[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad2.pl.mediainter[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@advertising.goldseek[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adserver.adtechus[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@yadro[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.deliveringtma[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@directtrack[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adinsert.buddymedia[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.usenext[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@specificmedia[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@rotator.dex.adjuggler[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.costumediscounters[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@viamtvnvideo.112.2o7[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@server.iad.liveperson[6].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@track.ihispano[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wjkyskd5wdq.stats.esomniture[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@rambler[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@lstat.youku[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.nba[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@counter.surfcounters[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-autodesk.hitbox[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@dmtracker[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.artsopolis[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.sup[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@rm.yieldmanager[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@hypertracker[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tagiq.clickforensics[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ontarget.122.2o7[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@nitropayouts.directtrack[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@server.iad.liveperson[4].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@CA4WWIH7.txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@snagajob.122.2o7[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads3.blastro[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@zionsbank.112.2o7[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@crackberry[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wjnygkdzmkp.stats.esomniture[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@CARIHCJ1.txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@sales.liveperson[9].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@centralmediaserver[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wjk4enc5mkp.stats.esomniture[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-rodale.hitbox[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@l1.qsstats[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wgmysndpkdo.stats.esomniture[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@newyorkandcompany.112.2o7[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@clicket[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@CA8D4KN6.txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@chitika[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@backcountry[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-fxsolutions.hitbox[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@media.photobucket[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.ireport[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wdk4oldpehp.stats.esomniture[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@fasttrackwatcher[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@list[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.belstat[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.googleadservices[7].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tns-counter[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wjnyqoazcap.stats.esomniture[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.cellfish[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wflikpdjseo.stats.esomniture[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wgkoolc5wgq.stats.esomniture[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ehg-rivals.hitbox[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@s5.shinystat[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@northwestairlines.112.2o7[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wgkoulajmco.stats.esomniture[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.googleadservices[11].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@mobileentertainment.directtrack[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@precisionclick[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wjlougazgko.stats.esomniture[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@server.iad.liveperson[7].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@cgm.adbureau[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wfkiegazodo.stats.esomniture[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wgkiuhdzakp.stats.esomniture[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wjkokodzodo.stats.esomniture[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@spylog[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@stat.onestat[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@playonclick[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adknowledge[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@link.mercent[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@CAP5YVS6.txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tracking.foundry42[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@yieldmanager[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@pcvirusremover2008[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@media.cardomain[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@sales.liveperson[6].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@adtrafficstats[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@stats.trafficpayouts[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@CAINT4C0.txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.widgetbucks[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@stats2.clicktracks[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wjliwndpwbp.stats.esomniture[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@affiliates.commissionaccount[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wdk4qhcpcgq.stats.esomniture[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.googleadservices[6].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wdkyunajsho.stats.esomniture[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.funadvice[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@costumediscounters[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.discountstarwarscostumes[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wjliwiczohq.stats.esomniture[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.socialtrack[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wjlieidpiep.stats.esomniture[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@e-2dj6wjnygidpmeq.stats.esomniture[2].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.costumediscounters[3].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@celebrateexpress.122.2o7[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@us.adserver.yahoo[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.peer39[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tracking.foundry42[3].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.fed.msn[1].txt C:\Documents and Settings\HP_Owner\Cookies\hp_owner@www.googleadservices[1].txt Adware.MyWebSearch/FunWebProducts HKU\S-1-5-21-1516019560-2937420181-2054999257-1009\SOFTWARE\Fun Web Products HKLM\SOFTWARE\Fun Web Products HKLM\SOFTWARE\Fun Web Products#JpegConversionLib HKLM\SOFTWARE\Fun Web Products#CacheDir HKLM\SOFTWARE\Fun Web Products\MSNMessenger HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLFile HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLDir HKLM\SOFTWARE\Fun Web Products\ScreenSaver HKLM\SOFTWARE\Fun Web Products\ScreenSaver#ImagesDir HKLM\SOFTWARE\Fun Web Products\ScreenSaver#PM HKLM\SOFTWARE\Fun Web Products\Settings HKLM\SOFTWARE\Fun Web Products\Settings\AvatarSmallBtn HKLM\SOFTWARE\Fun Web Products\Settings\AvatarSmallBtn#LastHTMLMenuURL HKLM\SOFTWARE\Fun Web Products\Settings\AvatarSmallBtn#HTMLMenuRevision HKLM\SOFTWARE\Fun Web Products\Settings\AvatarSmallBtn#ETag HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#LastHTMLMenuURL HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#HTMLMenuRevision HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#ETag HKLM\SOFTWARE\Fun Web Products\Settings\FunBuddyIconBtn HKLM\SOFTWARE\Fun Web Products\Settings\FunBuddyIconBtn#LastHTMLMenuURL HKLM\SOFTWARE\Fun Web Products\Settings\FunBuddyIconBtn#HTMLMenuRevision HKLM\SOFTWARE\Fun Web Products\Settings\FunBuddyIconBtn#ETag HKLM\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn HKLM\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn#LastHTMLMenuURL HKLM\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn#HTMLMenuRevision HKLM\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn#ETag HKLM\SOFTWARE\Fun Web Products\Settings\Promos HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.numActive HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.0 HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqNone HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.numActive HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuPosDeleted HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#LastHTMLMenuURL HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuRevision HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#ETag HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#iexplore.exe.pos HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#yahoomessenger.exe.pos HKU\S-1-5-21-1516019560-2937420181-2054999257-1009\SOFTWARE\FunWebProducts HKLM\SOFTWARE\FunWebProducts HKLM\SOFTWARE\FunWebProducts\Installer HKLM\SOFTWARE\FunWebProducts\Installer#Dir HKLM\SOFTWARE\FunWebProducts\Installer#CurInstall HKLM\SOFTWARE\FunWebProducts\Installer#sr HKLM\SOFTWARE\FunWebProducts\Installer#pl HKLM\SOFTWARE\FunWebProducts\Installer#CheckForConnection HKLM\SOFTWARE\FunWebProducts\Installer#CacheDir HKLM\SOFTWARE\FunWebProducts\Installer\downloaded HKU\S-1-5-21-1516019560-2937420181-2054999257-1009\SOFTWARE\MyWebSearch HKLM\SOFTWARE\MyWebSearch HKLM\SOFTWARE\MyWebSearch\bar HKLM\SOFTWARE\MyWebSearch\bar#Maximized HKLM\SOFTWARE\MyWebSearch\bar#Visible HKLM\SOFTWARE\MyWebSearch\bar#pid HKLM\SOFTWARE\MyWebSearch\bar#un HKLM\SOFTWARE\MyWebSearch\bar#tiec HKLM\SOFTWARE\MyWebSearch\bar#Dir HKLM\SOFTWARE\MyWebSearch\bar#PluginPath HKLM\SOFTWARE\MyWebSearch\bar#CurInstall HKLM\SOFTWARE\MyWebSearch\bar#SettingsDir HKLM\SOFTWARE\MyWebSearch\bar#sr HKLM\SOFTWARE\MyWebSearch\bar#pl HKLM\SOFTWARE\MyWebSearch\bar#Id HKLM\SOFTWARE\MyWebSearch\bar#CacheDir HKLM\SOFTWARE\MyWebSearch\bar#ConfigRevision HKLM\SOFTWARE\MyWebSearch\bar#ConfigRevisionURL HKLM\SOFTWARE\MyWebSearch\bar#ConfigDateStamp HKLM\SOFTWARE\MyWebSearch\bar#HTMLMenuRevision HKLM\SOFTWARE\MyWebSearch\bar#sscSet HKLM\SOFTWARE\MyWebSearch\bar#sscLabel HKLM\SOFTWARE\MyWebSearch\MWSOEMON HKLM\SOFTWARE\MyWebSearch\MWSOEMON#Version HKLM\SOFTWARE\MyWebSearch\MWSOEPLG HKLM\SOFTWARE\MyWebSearch\MWSOEPLG#Version HKLM\SOFTWARE\MyWebSearch\MWSOEPLG#Path HKLM\SOFTWARE\MyWebSearch\MWSOEPLG#StandardSmileyDir.AIM HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.numActive HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.numActive2 HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.0.old HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.1.old HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.2.old HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.3.old HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.4.old HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.5.old HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.6.old HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.7.old HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.8.old HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.9.old HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.10.old HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.11.old HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.12.old HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.numActive HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.numActive2 HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.0.old HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.1.old HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.2.old HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.3.old HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.4.old HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.5.old HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.numActive2 HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.0 HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.1 HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.2 HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.3 HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.4 HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.5 HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.numActive2 HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.0 HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.1 HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.2 HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.3 HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.4 HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.5 HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.6 HKLM\SOFTWARE\MyWebSearch\OEHosts HKLM\SOFTWARE\MyWebSearch\OEHosts#boscript HKLM\SOFTWARE\MyWebSearch\SearchAssistant HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pid HKLM\SOFTWARE\MyWebSearch\SearchAssistant#Dir HKLM\SOFTWARE\MyWebSearch\SearchAssistant#esh HKLM\SOFTWARE\MyWebSearch\SearchAssistant#lsp HKLM\SOFTWARE\MyWebSearch\SearchAssistant#CurInstall HKLM\SOFTWARE\MyWebSearch\SearchAssistant#sr HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pl HKLM\SOFTWARE\MyWebSearch\SearchAssistant#Id HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ConfigDateStamp HKLM\SOFTWARE\MyWebSearch\SkinTools HKLM\SOFTWARE\MyWebSearch\SkinTools#PlayerPath HKCR\FunWebProducts.DataControl HKCR\FunWebProducts.DataControl\CLSID HKCR\FunWebProducts.DataControl\CurVer HKCR\FunWebProducts.DataControl.1 HKCR\FunWebProducts.DataControl.1\CLSID HKCR\FunWebProducts.HistoryKillerScheduler HKCR\FunWebProducts.HistoryKillerScheduler\CLSID HKCR\FunWebProducts.HistoryKillerScheduler\CurVer HKCR\FunWebProducts.HistoryKillerScheduler.1 HKCR\FunWebProducts.HistoryKillerScheduler.1\CLSID HKCR\FunWebProducts.HistorySwatterControlBar HKCR\FunWebProducts.HistorySwatterControlBar\CLSID HKCR\FunWebProducts.HistorySwatterControlBar\CurVer HKCR\FunWebProducts.HistorySwatterControlBar.1 HKCR\FunWebProducts.HistorySwatterControlBar.1\CLSID HKCR\FunWebProducts.HTMLMenu HKCR\FunWebProducts.HTMLMenu\CLSID HKCR\FunWebProducts.HTMLMenu\CurVer HKCR\FunWebProducts.HTMLMenu.1 HKCR\FunWebProducts.HTMLMenu.1\CLSID HKCR\FunWebProducts.HTMLMenu.2 HKCR\FunWebProducts.HTMLMenu.2\CLSID HKCR\FunWebProducts.IECookiesManager HKCR\FunWebProducts.IECookiesManager\CLSID HKCR\FunWebProducts.IECookiesManager\CurVer HKCR\FunWebProducts.IECookiesManager.1 HKCR\FunWebProducts.IECookiesManager.1\CLSID HKCR\FunWebProducts.KillerObjManager HKCR\FunWebProducts.KillerObjManager\CLSID HKCR\FunWebProducts.KillerObjManager\CurVer HKCR\FunWebProducts.KillerObjManager.1 HKCR\FunWebProducts.KillerObjManager.1\CLSID HKCR\FunWebProducts.PopSwatterBarButton HKCR\FunWebProducts.PopSwatterBarButton\CLSID HKCR\FunWebProducts.PopSwatterBarButton\CurVer HKCR\FunWebProducts.PopSwatterBarButton.1 HKCR\FunWebProducts.PopSwatterBarButton.1\CLSID HKCR\FunWebProducts.PopSwatterSettingsControl HKCR\FunWebProducts.PopSwatterSettingsControl\CLSID HKCR\FunWebProducts.PopSwatterSettingsControl\CurVer HKCR\FunWebProducts.PopSwatterSettingsControl.1 HKCR\FunWebProducts.PopSwatterSettingsControl.1\CLSID HKCR\MyWebSearch.ChatSessionPlugin HKCR\MyWebSearch.ChatSessionPlugin\CLSID HKCR\MyWebSearch.ChatSessionPlugin\CurVer HKCR\MyWebSearch.ChatSessionPlugin.1 HKCR\MyWebSearch.ChatSessionPlugin.1\CLSID HKCR\MyWebSearch.HTMLPanel HKCR\MyWebSearch.HTMLPanel\CLSID HKCR\MyWebSearch.HTMLPanel\CurVer HKCR\MyWebSearch.HTMLPanel.1 HKCR\MyWebSearch.HTMLPanel.1\CLSID HKCR\MyWebSearch.OutlookAddin HKCR\MyWebSearch.OutlookAddin\CLSID HKCR\MyWebSearch.OutlookAddin\CurVer HKCR\MyWebSearch.OutlookAddin.1 HKCR\MyWebSearch.OutlookAddin.1\CLSID HKCR\MyWebSearch.PseudoTransparentPlugin HKCR\MyWebSearch.PseudoTransparentPlugin\CLSID HKCR\MyWebSearch.PseudoTransparentPlugin\CurVer HKCR\MyWebSearch.PseudoTransparentPlugin.1 HKCR\MyWebSearch.PseudoTransparentPlugin.1\CLSID HKCR\MyWebSearchToolBar.SettingsPlugin HKCR\MyWebSearchToolBar.SettingsPlugin\CLSID HKCR\MyWebSearchToolBar.SettingsPlugin\CurVer HKCR\MyWebSearchToolBar.SettingsPlugin.1 HKCR\MyWebSearchToolBar.SettingsPlugin.1\CLSID HKCR\MyWebSearchToolBar.ToolbarPlugin HKCR\MyWebSearchToolBar.ToolbarPlugin\CLSID HKCR\MyWebSearchToolBar.ToolbarPlugin\CurVer HKCR\MyWebSearchToolBar.ToolbarPlugin.1 HKCR\MyWebSearchToolBar.ToolbarPlugin.1\CLSID HKCR\ScreenSaverControl.ScreenSaverInstaller HKCR\ScreenSaverControl.ScreenSaverInstaller\CLSID HKCR\ScreenSaverControl.ScreenSaverInstaller\CurVer HKCR\ScreenSaverControl.ScreenSaverInstaller.1 HKCR\ScreenSaverControl.ScreenSaverInstaller.1\CLSID HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Control HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32 HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus\1 HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\ProgID HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Programmable HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\TypeLib HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Version HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\VersionIndependentProgID HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\InprocServer32 HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\InprocServer32#ThreadingModel HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\ProgID HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\Programmable HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\TypeLib HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\VersionIndependentProgID HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Implemented Categories HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Implemented Categories\{00021493-0000-0000-C000-000000000046} HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\InprocServer32 HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\InprocServer32#ThreadingModel HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance#CLSID HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance\InitPropertyBag HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance\InitPropertyBag#Url HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A} HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\Control HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\InprocServer32 HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\InprocServer32#ThreadingModel HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\MiscStatus HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\MiscStatus\1 HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\ProgID HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\Programmable HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\TypeLib HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\Version HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\VersionIndependentProgID HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\InprocServer32 HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\InprocServer32#ThreadingModel HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\ProgID HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\VersionIndependentProgID HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\Control HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\InprocServer32 HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\InprocServer32#ThreadingModel HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\MiscStatus HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\MiscStatus\1 HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\ProgID HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\Programmable HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\TypeLib HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\Version HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\VersionIndependentProgID HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32 HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32#ThreadingModel HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\ProgID HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\Programmable HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\TypeLib HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\VersionIndependentProgID HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\InprocServer32 HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\InprocServer32#ThreadingModel HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\ProgID HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\Programmable HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\TypeLib HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\VersionIndependentProgID HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Control HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32 HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1 HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Version HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Control HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32 HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1 HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\ProgID HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Version HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\VersionIndependentProgID HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Control HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32 HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1 HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Version HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32 HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32#ThreadingModel HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\InprocServer32 HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\InprocServer32#ThreadingModel HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\ProgID HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\Programmable HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\TypeLib HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\VersionIndependentProgID HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}\InprocServer32 HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}\InprocServer32#ThreadingModel HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\InprocServer32 HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\InprocServer32#ThreadingModel HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\ProgID HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\VersionIndependentProgID HKCR\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179} HKCR\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\InprocServer32 HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\InprocServer32#ThreadingModel HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\MiscStatus HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\MiscStatus\1 HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\ProgID HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\Programmable HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\TypeLib HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\Version HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\VersionIndependentProgID HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\InprocServer32 HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\InprocServer32#ThreadingModel HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\Programmable HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\TypeLib HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32 HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32#ThreadingModel HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\ProgID HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\Programmable HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\VersionIndependentProgID HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\InprocServer32 HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\InprocServer32#ThreadingModel HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\MiscStatus HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\MiscStatus\1 HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\ProgID HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\Programmable HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\TypeLib HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\Version HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\VersionIndependentProgID HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\InprocServer32 HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\InprocServer32#ThreadingModel HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\MiscStatus HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\MiscStatus\1 HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\ProgID HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\Programmable HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\TypeLib HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\Version HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\VersionIndependentProgID HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\InprocServer32 HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\InprocServer32#ThreadingModel HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\ProgID HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\Programmable HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\TypeLib HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\VersionIndependentProgID HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\InprocServer32 HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\InprocServer32#ThreadingModel HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\Programmable HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\TypeLib HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\Control HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\InprocServer32 HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\InprocServer32#ThreadingModel HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\MiscStatus HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\MiscStatus\1 HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\ProgID HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\Programmable HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\TypeLib HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\Version HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\VersionIndependentProgID HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0 HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\0 HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\0\win32 HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\FLAGS HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\HELPDIR HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0 HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\0 HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\0\win32 HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\FLAGS HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\HELPDIR HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0 HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\0 HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\0\win32 HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\FLAGS HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\HELPDIR HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0 HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\0 HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\0\win32 HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\FLAGS HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\HELPDIR HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0 HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\0 HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\0\win32 HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\FLAGS HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\HELPDIR HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0 HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\0 HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\0\win32 HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\FLAGS HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\HELPDIR HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0 HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\0 HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\0\win32 HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\FLAGS HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\HELPDIR HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0 HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\0 HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\0\win32 HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\FLAGS HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\HELPDIR HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0 HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\0 HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\0\win32 HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\FLAGS HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\HELPDIR HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C} HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0 HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\0 HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\0\win32 HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\FLAGS HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\HELPDIR HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32 HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA} HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32 HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid32 HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib#Version HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390} HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid32 HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib#Version HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid32 HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib#Version HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728} HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid32 HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib#Version HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A} HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid32 HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib#Version HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32 HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32 HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid32 HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib#Version HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82} HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid32 HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib#Version HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906} HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32 HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib#Version HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906} HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32 HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib#Version HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32 HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C} HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32 HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid32 HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib#Version HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid32 HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib#Version HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32 HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32 HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9} HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32 HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9} HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32 HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9} HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32 HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8} HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid32 HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib#Version HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69} HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid32 HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib#Version HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC} HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid32 HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib#Version HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D} HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid32 HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib#Version HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1} HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid32 HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib#Version HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477} HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid32 HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib#Version HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ProxyStubClsid HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ProxyStubClsid32 HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib#Version HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F} HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid32 HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib#Version HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612} HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32 HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612} HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32 HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8} HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid32 HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib#Version HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978} HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid32 HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib#Version HKLM\Software\FocusInteractive HKLM\Software\FocusInteractive\bar HKLM\Software\FocusInteractive\bar\Switches HKLM\Software\FocusInteractive\bar\Switches#incmail.exe HKLM\Software\FocusInteractive\bar\Switches#msimn.exe HKLM\Software\FocusInteractive\bar\Switches#msn.exe HKLM\Software\FocusInteractive\bar\Switches#outlook.exe HKLM\Software\FocusInteractive\bar\Switches#waol.exe HKLM\Software\FocusInteractive\bar\Switches#aim.exe HKLM\Software\FocusInteractive\bar\Switches#icq.exe HKLM\Software\FocusInteractive\bar\Switches#icqlite.exe HKLM\Software\FocusInteractive\bar\Switches#msmsgs.exe HKLM\Software\FocusInteractive\bar\Switches#msnmsgr.exe HKLM\Software\FocusInteractive\bar\Switches#ypager.exe HKLM\Software\FocusInteractive\bar\Switches#au HKLM\Software\FocusInteractive\bar\Switches#mwsSrcAs.dll HKLM\Software\FocusInteractive\bar\Switches#ok HKLM\Software\FocusInteractive\bar\Switches#od HKLM\Software\FocusInteractive\bar\Switches#nk HKLM\Software\FocusInteractive\bar\Switches#nd HKLM\Software\FocusInteractive\Email-IM HKLM\Software\FocusInteractive\Email-IM\0 HKLM\Software\FocusInteractive\Email-IM\0#Toolbar HKLM\Software\FocusInteractive\Email-IM\0#AppName HKLM\Software\FocusInteractive\Email-IM\0#Path HKLM\Software\FocusInteractive\Outlook HKLM\Software\FocusInteractive\Outlook#MyWebSearch.OutlookAddin HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#HelpLink HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#Publisher HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#UrlInfoAbout Trojan.Media-Codec HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Bar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Bar#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Bar#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Warning Center HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Warning Center#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Warning Center#UninstallString Trojan.VideoCach/Gen HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226} HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0 HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\0 HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\0\win32 HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\FLAGS HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\HELPDIR HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91} HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\ProxyStubClsid HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\ProxyStubClsid32 HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\TypeLib HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\TypeLib#Version HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5} HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid32 HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib#Version Trojan.Media-Codec/V4 HKCR\multimediaControls.chl HKCR\multimediaControls.chl\CLSID Adware.E404 Helper/Hij HKCR\CLSID\e405.e405mgr HKCR\CLSID\e405.e405mgr#UserId HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB} HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0\win32 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\FLAGS HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\HELPDIR HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836} HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32 HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib#Version Rogue.Windows AntiVirus 2008 C:\Program Files\WAV\Uninstall.exe C:\Program Files\WAV\WAV.exe C:\Program Files\WAV\WAV1.dat C:\Program Files\WAV C:\WINDOWS\Prefetch\WAV.EXE-1272C412.pf Rogue.FakeAlert C:\SYSTEM VOLUME INFORMATION\_RESTORE{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1049\A0159988.DLL Trojan.Unclassified-Packed/Suspicious C:\SYSTEM VOLUME INFORMATION\_RESTORE{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1051\A0163443.DLL
This is what I copied and pasted from C:combofix.txt Not sure if this is what you were looking for... Thanks! Bryn ComboFix 08-10-28.01 - HP_Owner 2008-10-28 21:05:42.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.195 [GMT -6:00] Running from: C:\Documents and Settings\HP_Owner\Desktop\Combo-Fix.exe * Created a new restore point .
Hey brinnybug Please post the entire Combofix log, as the combofix log you posted is not complete. Best Regards
Here is my combofix log. Sorry I didn't have it right the first time. Thanks for your patience -Bryn ComboFix 08-10-30.04 - HP_Owner 2008-10-30 0:03:13.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.169 [GMT -6:00] Running from: C:\Documents and Settings\HP_Owner\Desktop\Combo-Fix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Applications\iebt.dll C:\WINDOWS\system32\512686\512686.dll . ---- Previous Run ------- . C:\Documents and Settings\HP_Owner\My Documents\My Documents.url C:\Documents and Settings\HP_Owner\My Documents\My Pictures\My Pictures.url C:\Documents and Settings\HP_Owner\My Documents\My Videos\My Video.url C:\Program Files\Applications\iebr.dll C:\Program Files\Applications\iebu.exe C:\Program Files\Applications\myd.ico C:\Program Files\Applications\mym.ico C:\Program Files\Applications\myp.ico C:\Program Files\Applications\myv.ico C:\Program Files\Applications\ot.ico C:\Program Files\Applications\ts.ico C:\Program Files\Applications\wcm.exe C:\Program Files\Applications\wcs.exe C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll C:\Program Files\myglobalsearch C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL C:\Program Files\myglobalsearch\bar\Cache\00A1D784 C:\Program Files\myglobalsearch\bar\Cache\00A1DFA2 C:\Program Files\myglobalsearch\bar\Cache\00A1E0DB.bin C:\Program Files\myglobalsearch\bar\Cache\00A1E417.bin C:\Program Files\myglobalsearch\bar\Cache\00A1E5CD.bin C:\Program Files\myglobalsearch\bar\Cache\files.ini C:\Program Files\myglobalsearch\bar\History\search C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\IE4 Error Log.txt C:\WINDOWS\system32\512686 C:\WINDOWS\system32\512686\512686.dll C:\WINDOWS\system32\wav.cpl D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-30 ))))))))))))))))))))))))))))))) . 2008-10-28 23:20 . 2008-10-28 23:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-10-28 23:19 . 2008-10-28 23:19 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-10-28 23:19 . 2008-10-28 23:19 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com 2008-10-28 22:20 . 2008-10-28 22:20 <DIR> d-------- C:\Program Files\Lavasoft 2008-10-28 22:20 . 2008-10-28 22:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-10-28 22:19 . 2008-10-28 23:18 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-10-28 21:41 . 2008-10-28 21:41 <DIR> d-------- C:\Program Files\Trend Micro 2008-10-28 21:12 . 2008-10-29 10:00 <DIR> d-------- C:\WINDOWS\system32\512686 2008-10-28 19:51 . 2008-10-28 19:51 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-10-28 19:51 . 2008-10-28 19:51 <DIR> d-------- C:\WINDOWS\l2schemas 2008-10-28 19:50 . 2008-10-28 19:50 <DIR> d-------- C:\WINDOWS\system32\bits 2008-10-28 19:45 . 2008-10-28 19:51 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-10-28 19:35 . 2008-10-28 19:35 <DIR> d-------- C:\WINDOWS\EHome 2008-10-28 13:39 . 2008-10-28 23:39 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-28 13:38 . 2008-10-29 10:00 <DIR> d-------- C:\Program Files\Applications 2008-10-23 20:59 . 2008-10-15 10:34 337,408 --------- C:\WINDOWS\system32\dllcache\netapi32.dll 2008-10-15 04:09 . 2008-09-08 04:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys 2008-10-15 04:08 . 2008-08-14 04:11 2,189,184 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-10-15 04:08 . 2008-08-14 04:09 2,145,280 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-10-15 04:08 . 2008-08-14 03:33 2,066,048 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-10-15 04:08 . 2008-08-14 03:33 2,023,936 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2008-10-15 04:08 . 2008-09-15 06:12 1,846,400 --------- C:\WINDOWS\system32\dllcache\win32k.sys 2008-10-10 11:21 . 2008-10-10 11:21 <DIR> d-------- C:\Program Files\AnswerWorks 4.0 2008-10-10 11:12 . 2008-10-10 11:22 <DIR> d-------- C:\Program Files\AutoCAD 2006 2008-10-10 11:10 . 2008-10-10 11:23 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared 2008-10-10 11:10 . 2008-10-10 11:10 <DIR> d-------- C:\Program Files\Autodesk 2008-09-27 22:53 . 2008-10-29 12:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-09-23 19:11 . 2008-09-23 19:11 <DIR> d--hs---- C:\found.001 2008-09-22 10:40 . 2008-09-22 10:40 <DIR> d-------- C:\Program Files\Interbank FX Trader 4 2008-09-22 10:21 . 2008-09-22 10:21 <DIR> d-------- C:\Program Files\Candleworks 2008-09-22 10:00 . 2008-10-10 00:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-09-22 10:00 . 2008-09-22 10:00 1,409 --a------ C:\WINDOWS\QTFont.for 2008-09-04 15:02 . 2008-09-04 15:02 <DIR> d-------- C:\4a87f6866f5aa95e6191b3 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-29 20:02 3,645 ----a-w C:\WINDOWS\viassary-hp.reg 2008-10-10 17:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk 2008-09-28 04:54 --------- d-----w C:\Program Files\Google 2008-09-25 15:48 --------- d-----w C:\Program Files\Lexmark 1200 Series 2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-05-18 04:32 776,728 ----a-w C:\Program Files\kSolo_Install.exe 2008-01-15 05:10 6,880 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat 2007-05-30 08:42 1,051,008 ----a-w C:\Program Files\SetupOneCare.exe 2006-12-07 17:26 360,448 ----a-w C:\Program Files\Uninstall My Web Search.dll 2003-08-05 17:41 53,248 ----a-w C:\WINDOWS\inf\ap561.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1207080] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-02-10 1937408] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-03-06 5181440] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 4670968] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 126976] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-06-03 180269] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-02-28 1385472] "mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-01-26 53248] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496] "Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064] "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328] "Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2006-03-16 57344] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-06 282624] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-09 7311360] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-09 86016] "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 C:\WINDOWS\system32\Hdaudpropshortcut.exe] "nwiz"="nwiz.exe" [2005-12-09 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-03-06 5181440] C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\ HP Organize.lnk - C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2005-06-03 36864] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-12-08 25214] Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696] AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 10872] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048] Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2005-06-03 45056] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"= "C:\\WINDOWS\\system32\\LEXPPS.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\PROGRA~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [ ] S3 jnv4_mib;jnv4_mib;C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jnv4_mib.sys [ ] . Contents of the 'Scheduled Tasks' folder 2007-05-30 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe [] 2008-10-30 C:\WINDOWS\Tasks\User_Feed_Synchronization-{17F8DCFD-5593-4B5E-9D9B-2C0178A7F9F8}.job - C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 12:58] . - - - - ORPHANS REMOVED - - - - URLSearchHooks-(Default) - (no file) HKLM-Run-My Web Search Bar Search Scope Monitor - C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe HKLM-Run-EIbminsprt310 - E:\Ibmins\prtStart.exe HKLM-Run-Eibminsprt311 - E:\ibmins\prtStart.exe HKLM-Run-OneCareUI - C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe HKLM-Run-ANTIVIRUS - C:\Program Files\WAV\wav.exe HKLM-Explorer_Run-smile - C:\Program Files\Applications\wcs.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\2sizziyl.default\ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-30 00:08:58 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe C:\Program Files\Lexmark 1200 Series\lxczbmon.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe . ************************************************************************** . Completion time: 2008-10-30 0:16:15 - machine was rebooted [HP_Owner] ComboFix-quarantined-files.txt 2008-10-30 06:16:11 Pre-Run: 111,543,037,952 bytes free Post-Run: 111,773,454,336 bytes free 219 --- E O F --- 2008-10-29 02:01:18
run combo fix and smitfraud fix in safe mode . then run spybot 1.4 with all of the updates downloaded except any that mention 1.6 .in other words don't update to 1.6 on spybot . it will run in safe mode or normal mode .you can use hijack this if need be also undll from nod32 works very well .
Hey brinnybug Please post a new HijackThis log, and then tell me what problems you have left. It looks like Combofix and Superantispyware together took out most of your malware. Best Regards PS: No offense to xtend, but please ignore xtend's advice.
