WiredWX Hobby Weather ToolsLog in

 


Infected by iliti virus & possible others...

2 posters

descriptionInfected by iliti virus & possible others... EmptyInfected by iliti virus & possible others...

more_horiz
Infected by iliti virus & possible others...

OTL logfile created on: 8/22/2012 7:52:25 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Virus Removal 001
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.98 Gb Total Physical Memory | 14.18 Gb Available Physical Memory | 88.74% Memory free
31.96 Gb Paging File | 30.56 Gb Available in Paging File | 95.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1840.26 Gb Total Space | 1674.07 Gb Free Space | 90.97% Space Free | Partition Type: NTFS
Drive J: | 93.33 Gb Total Space | 24.56 Gb Free Space | 26.32% Space Free | Partition Type: FAT32

Computer Name: LIBRARY | User Name: FabFrommFamily | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/22 19:48:15 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Virus Removal 001\OTL.com


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/19 08:22:48 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2012/03/20 13:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/03/20 12:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/03/20 12:55:54 | 000,199,272 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/11/10 03:11:34 | 000,204,288 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/03/08 17:00:50 | 000,224,704 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\mcafee\msc\McAWFwk.exe -- (McAWFwk)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/14 15:11:18 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/14 06:10:48 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/07 08:38:52 | 000,107,520 | ---- | M] () [Auto | Stopped] -- C:\Users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2012/08/02 11:00:10 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/27 21:09:31 | 000,830,048 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe -- (vToolbarUpdater12.1.5)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2012/02/16 17:32:56 | 000,034,320 | ---- | M] (MyWebSearch.com) [Auto | Stopped] -- C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/09/29 16:36:32 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/09/29 16:31:39 | 000,123,320 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/09/20 21:05:37 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Disabled | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/09/13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/08/25 20:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/27 21:09:32 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/04/10 14:04:32 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/02/22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/02/22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/11/10 03:45:32 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/11/10 02:12:46 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/09/20 22:42:07 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2011/09/20 22:42:03 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2011/09/20 22:42:01 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2011/09/20 22:42:01 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2011/09/20 22:41:56 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/09/20 22:41:56 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/28 19:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/17 05:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 20:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/14 07:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/06/08 07:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/05/20 18:42:44 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/27 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/27 02:19:48 | 000,176,640 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/10/27 02:19:46 | 000,075,264 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZRxdm719YYUS&ptnrS=ZRxdm719YYUS&si=CLzf37jGo64CFXG-tgod8hR5RA&ptb=vZWOkJFO2UtHJke5RKwcHQ&ind=2012021617&n=77ed0371&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{7931b63e-6ba3-4f38-9d55-5b518a03be02}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=UVxdm008YYus&ptb=3217E71D-C087-4D9A-9EDD-EF3301305B2A&ind=2012011217&ptnrS=UVxdm008YYus&si=&n=77ecdad1&psa=&st=sb&searchfor={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{02A9B082-D8E6-4AB1-9ABA-4656B853E300}: "URL" = http://www.mysearchresults.com/search?&c=2632&t=03&q={searchTerms}
IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZRxdm719YYUS&ptnrS=ZRxdm719YYUS&si=CLzf37jGo64CFXG-tgod8hR5RA&ptb=vZWOkJFO2UtHJke5RKwcHQ&ind=2012021617&n=77ed0371&psa=&st=sb&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{7931b63e-6ba3-4f38-9d55-5b518a03be02}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=UVxdm008YYus&ptb=3217E71D-C087-4D9A-9EDD-EF3301305B2A&ind=2012011217&ptnrS=UVxdm008YYus&si=&n=77ecdad1&psa=&st=sb&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={25478072-0715-4449-8F26-9C3EE963FE65}&mid=6851eeb4ce6b47d0a3f9a9628d53b82c-dd09342c53d7249823ba10439343fffb130b7274&lang=en&ds=ft011&pr=sa&d=2012-07-27 21:09:32&v=12.1.0.21&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{B8EEB896-B588-46AF-ACBE-40CAB69FCE39}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120832,17118,0,18,0
IE - HKCU\..\SearchScopes\{F631367A-31A0-437C-8821-AEB57AB46912}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3150609
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files (x86)\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\FabFrommFamily\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/05 10:23:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin [2012/02/16 17:32:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbdownloader@KMcore: C:\Program Files (x86)\SDIV 2.0\Lib\xpi [2012/03/08 20:30:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/07/16 07:47:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.1.0.21\ [2012/07/27 21:09:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/14 06:10:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/14 06:10:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/08/07 08:38:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FabFrommFamily\AppData\Roaming\Mozilla\Extensions
[2012/08/08 18:27:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FabFrommFamily\AppData\Roaming\Mozilla\Firefox\Profiles\2oss947h.default\extensions
[2012/08/07 08:39:05 | 000,000,000 | ---D | M] (MeFeedia) -- C:\Users\FabFrommFamily\AppData\Roaming\Mozilla\Firefox\Profiles\2oss947h.default\extensions\{154d932f-dc51-4a4f-9d52-b78b1419d3b4}
[2012/07/13 03:56:01 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\FabFrommFamily\AppData\Roaming\Mozilla\Firefox\Profiles\2oss947h.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/08/07 08:38:46 | 000,000,000 | ---D | M] (RivalGaming) -- C:\Users\FabFrommFamily\AppData\Roaming\Mozilla\Firefox\Profiles\2oss947h.default\extensions\links@rivalgaming.com
[2012/08/07 08:38:59 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\FabFrommFamily\AppData\Roaming\Mozilla\Firefox\Profiles\2oss947h.default\extensions\plugin@yontoo.com
[2012/08/22 19:51:27 | 000,001,982 | ---- | M] () -- C:\Users\FabFrommFamily\AppData\Roaming\Mozilla\Firefox\Profiles\2oss947h.default\searchplugins\search-here.xml
[2012/07/13 03:55:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/13 03:55:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2012/07/13 03:55:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/07/13 03:58:57 | 000,079,135 | ---- | M] () (No name found) -- C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\EXTENSIONS\{1A2D0EC4-75F5-4C91-89C4-3656F6E44B68}.XPI
[2012/08/08 18:27:35 | 000,021,674 | ---- | M] () (No name found) -- C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\EXTENSIONS\ADDON@DEFAULTTAB.COM.XPI
[2012/08/14 06:10:49 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/27 21:09:29 | 000,003,752 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/08/14 06:10:47 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/14 06:10:47 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120627110650.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (mefeediaTest) - {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - C:\Program Files (x86)\mefeediatest\w3itemplateX.dll ()
O2 - BHO: (RivalGaming Games) - {26D675AC-D925-4bbf-A720-62C2AA4A81EB} - C:\Users\FabFrommFamily\AppData\Local\RivalGaming\RivalGaming.dll (RivalGaming)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (FBDownloader BHO) - {553318DA-D010-469E-84B1-496563CAE1BF} - C:\Program Files (x86)\HTTO Group, Ltd\FBDownloader IE Add-on\FBDownloader.dll (HTTO Group, Ltd)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120713042647.dll (McAfee, Inc.)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (mefeediaTest) - {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - C:\Program Files (x86)\mefeediatest\w3itemplateX.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [PhotoshopElements8SyncAgent] c:\Program Files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Smart PC Cleaner] C:\Program Files (x86)\Smart PC Cleaner\SPCLauncher.exe (Avanquest Software)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.68 208.180.42.100 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B8442ED-1213-486A-9CC8-329A24D6D772}: DhcpNameServer = 208.180.42.68 208.180.42.100 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECE4C237-C1BF-47D8-B66E-E19BDFC76428}: DhcpNameServer = 208.180.42.68 208.180.42.100 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\FabFrommFamily\AppData\LocalLow\FunWebProducts\ScreenSaver\Images\f3wallpp.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/07/16 09:51:42 | 000,000,031 | ---- | M] () - J:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{f815c91f-2fc7-11e1-b7f8-782bcbb751df}\Shell\AutoRun\command - "" = K:\autorun.exe
O33 - MountPoints2\{f815c91f-2fc7-11e1-b7f8-782bcbb751df}\Shell\phone\command - "" = K:\autorun.exe
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\autorun.exe
O33 - MountPoints2\K\Shell\phone\command - "" = K:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

MsConfig:64bit - StartUpFolder: C:^Users^FabFrommFamily^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: AccuWeatherWidget - hkey= - key= - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: BingDesktop - hkey= - key= - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
MsConfig:64bit - StartUpReg: DellStage - hkey= - key= - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Logitech Download Assistant - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: MobileDocuments - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: MyWebSearch Email Plugin - hkey= - key= - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
MsConfig:64bit - StartUpReg: NeroLauncher - hkey= - key= - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
MsConfig:64bit - StartUpReg: PopularScreensaversWallpaper - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Update - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin:64bit: MCODS - C:\Program Files\mcafee\virusscan\mcods.exe (McAfee, Inc.)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {31FC010A-5B46-1D40-2003-2F1209A8170D} - Offline Browsing Pack
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7E6D9527-5A7A-492F-470A-AFC8ED3390DB} - Browser Customizations
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B9C96926-860D-F1E9-129E-0457A5301A3D} - Browser Customizations
ActiveX: {BBE13730-EAA4-0109-B2FB-39A2B8A6223C} - Offline Browsing Pack
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

descriptionInfected by iliti virus & possible others... EmptyRe: Infected by iliti virus & possible others...

more_horiz
(OTL REPORT CONTINUED)

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2012/08/22 19:48:34 | 000,000,000 | ---D | C] -- C:\Virus Removal 001
[2012/08/22 06:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/08/16 03:02:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/16 03:02:14 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/16 03:02:14 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/16 03:02:13 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/16 03:02:13 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/16 03:02:13 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/16 03:02:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/16 03:02:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/16 03:02:13 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/16 03:02:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/16 03:02:12 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/16 03:02:12 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/16 03:02:12 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/16 03:02:12 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/15 22:00:34 | 000,000,000 | ---D | C] -- C:\Users\FabFrommFamily\Documents\Tom
[2012/08/15 18:08:32 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/08/15 18:08:29 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/08/15 18:08:29 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/08/15 18:08:29 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/15 18:08:28 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/15 18:08:28 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/15 18:08:28 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/15 18:08:26 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/07 09:09:17 | 000,000,000 | ---D | C] -- C:\Users\FabFrommFamily\AppData\Roaming\Smart PC Cleaner
[2012/08/07 08:39:10 | 000,000,000 | ---D | C] -- C:\Users\FabFrommFamily\AppData\Local\visi_coupon
[2012/08/07 08:39:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mefeediatest
[2012/08/07 08:39:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Offers from Freeze.com
[2012/08/07 08:38:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012/08/07 08:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/08/07 08:38:52 | 000,000,000 | ---D | C] -- C:\Users\FabFrommFamily\AppData\Roaming\DefaultTab
[2012/08/07 08:38:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart PC Cleaner
[2012/08/07 08:38:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart PC Cleaner
[2012/08/07 08:38:45 | 000,000,000 | ---D | C] -- C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivalGaming
[2012/08/07 08:38:44 | 000,000,000 | ---D | C] -- C:\Users\FabFrommFamily\AppData\Local\RivalGaming
[2012/08/07 08:38:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012/08/07 08:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2012/08/07 08:38:37 | 000,000,000 | ---D | C] -- C:\Users\FabFrommFamily\AppData\Roaming\Yahoo!
[2012/08/07 08:08:47 | 000,000,000 | ---D | C] -- C:\Users\FabFrommFamily\AppData\Roaming\RealNetworks
[2012/08/02 18:33:44 | 001,393,736 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\FabFrommFamily\gotomypc_635.exe
[2012/07/27 21:27:27 | 000,000,000 | ---D | C] -- C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012/07/27 21:10:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012/07/27 21:10:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/07/27 21:10:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012/07/27 21:09:36 | 000,000,000 | ---D | C] -- C:\Users\FabFrommFamily\AppData\Local\AVG Secure Search
[2012/07/27 21:09:35 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/07/27 21:09:32 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/07/27 21:09:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/07/27 21:09:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/07/27 21:09:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/11/29 17:50:20 | 001,393,736 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\FabFrommFamily\gotomypc_626.exe

========== Files - Modified Within 30 Days ==========

[2012/08/22 06:11:58 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/22 06:11:58 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/22 06:11:58 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/22 06:07:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/22 06:07:41 | 4281,159,678 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/22 06:06:29 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\RGames Updater.job
[2012/08/22 06:06:21 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/22 06:06:21 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/22 06:06:21 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/21 23:07:30 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/21 23:07:30 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/21 22:58:16 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/08/17 19:15:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012/08/17 19:09:56 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/08/16 11:56:52 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/08/16 03:19:33 | 000,442,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/14 15:11:18 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/14 15:11:18 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/07 08:38:51 | 000,001,099 | ---- | M] () -- C:\Users\FabFrommFamily\Desktop\Smart PC Cleaner.lnk
[2012/08/02 18:33:49 | 001,393,736 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\FabFrommFamily\gotomypc_635.exe
[2012/07/27 21:27:27 | 000,000,219 | ---- | M] () -- C:\Users\FabFrommFamily\Desktop\Team Fortress 2.url
[2012/07/27 21:10:18 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/07/27 21:09:32 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys

========== Files Created - No Company Name ==========

[2012/08/17 18:15:06 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012/08/07 08:38:51 | 000,001,099 | ---- | C] () -- C:\Users\FabFrommFamily\Desktop\Smart PC Cleaner.lnk
[2012/08/07 08:38:45 | 000,000,296 | ---- | C] () -- C:\Windows\tasks\RGames Updater.job
[2012/07/27 21:27:27 | 000,000,219 | ---- | C] () -- C:\Users\FabFrommFamily\Desktop\Team Fortress 2.url
[2012/07/27 21:10:18 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/04/01 20:37:24 | 000,000,053 | ---- | C] () -- C:\Users\FabFrommFamily\jagex_cl_runescape_LIVE.dat
[2012/04/01 20:37:24 | 000,000,001 | ---- | C] () -- C:\Users\FabFrommFamily\random.dat
[2011/11/10 02:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011/11/10 02:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/09/25 20:53:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/09/20 21:22:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/20 21:06:09 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011/09/20 21:06:09 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011/09/20 21:06:09 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011/09/20 21:06:01 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/09/20 21:06:01 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/09/12 23:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/04/19 22:10:32 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/02/10 09:33:46 | 000,774,812 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/08/14 06:10:47 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/08/14 06:10:47 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/08/14 06:10:47 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/08/14 06:10:48 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/08/14 06:10:48 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/08/14 06:10:48 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/09/20 22:17:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/09/20 22:17:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/09/20 22:17:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/06/28 20:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/06/28 20:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Safari\Safari.exe" /reinstall [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /hideicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /showicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files (x86)\Safari\Safari.exe" [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/08/14 06:10:47 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/08/14 06:10:47 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/08/14 06:10:47 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/08/14 06:10:48 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/08/14 06:10:48 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/08/14 06:10:48 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/09/20 22:17:46 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/09/20 22:17:46 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/09/20 22:17:46 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/06/28 20:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/06/28 20:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /REINSTALL [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /HIDEICONS [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /SHOWICONS [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.exe /md5 >
[2007/11/07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) MD5=E015A2D8890E2A96A93CA818F834C45B -- C:\install.exe

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< %USERPROFILE%\AppData\Local\ /s >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\Application Data /s >

< %PROGRAMFILES%\*. >
[2011/09/25 17:27:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2011/09/20 21:02:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AMD APP
[2011/12/25 20:11:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2011/09/20 21:02:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Technologies
[2012/07/27 21:09:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG Secure Search
[2011/12/25 20:09:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2012/01/12 16:39:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Chimpoo_3aEI
[2011/11/06 14:12:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cisco Systems
[2012/07/27 21:10:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2012/03/08 20:30:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Conduit
[2011/09/20 21:05:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Creative
[2012/03/08 20:30:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Crunchdeal
[2011/09/20 21:07:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cyberlink
[2011/09/20 21:35:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell
[2012/04/24 14:28:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell DataSafe Local Backup
[2012/02/18 15:04:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell Stage
[2012/02/18 15:04:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell Touch Software Suite
[2012/03/08 20:30:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\fbDownloader
[2012/08/07 08:39:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Free Offers from Freeze.com
[2012/02/16 17:32:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FunWebProducts
[2012/02/05 10:24:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2012/03/08 20:30:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HTTO Group, Ltd
[2012/01/12 18:06:58 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/09/20 20:58:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2012/08/16 03:18:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2012/07/14 21:09:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\IrfanView
[2012/07/16 08:17:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2011/09/20 20:57:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2011/11/05 11:10:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Laplink
[2012/07/19 13:49:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\McAfee
[2011/09/20 21:16:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mcafee.com
[2012/08/07 08:39:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mefeediatest
[2012/04/25 09:40:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2011/09/25 17:56:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011/09/25 17:59:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2012/05/09 03:22:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/09/20 21:12:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/09/25 17:57:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2012/08/14 06:10:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2012/08/15 18:01:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2011/09/20 21:00:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Multimedia Card Reader(9106)
[2012/02/05 10:24:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Musicnotes
[2012/02/16 17:32:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MyWebSearch
[2012/03/27 22:00:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nero
[2012/02/16 18:33:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Norton PC Checkup
[2012/08/22 06:31:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NortonInstaller
[2011/09/20 21:13:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PlayReady
[2012/05/16 13:12:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2012/02/05 10:23:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Real
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2012/05/16 13:13:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Safari
[2012/03/08 20:30:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SDIV 2.0
[2011/09/20 21:05:34 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2012/08/07 08:38:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Smart PC Cleaner
[2011/09/20 21:33:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SmartSound Software
[2012/08/21 23:05:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Steam
[2009/07/13 23:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2011/09/20 21:13:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2010/11/20 22:31:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2011/09/20 22:42:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Virtual PC
[2012/08/07 08:38:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yahoo!
[2012/08/07 08:38:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yontoo
[2011/09/20 21:17:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Zinio Reader 4

< %appdata%\*.* >

< MD5 for: AFD.SYS >
[2011/12/27 22:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\SysNative\drivers\afd.sys
[2011/12/27 22:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2011/12/27 23:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2010/11/20 22:24:08 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/09/20 22:41:59 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/09/20 22:41:58 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2012/04/23 23:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\SysWOW64\cryptsvc.dll
[2012/04/23 23:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[2010/11/20 22:24:16 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2012/04/23 23:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[2012/04/24 00:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\SysNative\cryptsvc.dll
[2012/04/24 00:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll
[2010/11/20 22:24:32 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2012/04/24 00:22:32 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=B7337E9C9E5936355BB700AA33E0936E -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2011/09/20 22:41:55 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\SysNative\dnsrslvr.dll
[2011/09/20 22:41:55 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsrslvr.dll
[2011/09/20 22:41:55 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=B2205BAEAE4C178ABEB1B149751FC2B9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsrslvr.dll
[2010/11/20 22:24:15 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=CD55F5355D8F55D44C9F4ED875705BD6 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsrslvr.dll

< MD5 for: ES.DLL >
[2009/07/13 20:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\SysNative\es.dll
[2009/07/13 20:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll
[2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\SysWOW64\es.dll
[2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll

< MD5 for: EXPLORER.EXE >
[2011/09/20 22:41:58 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/09/20 22:41:58 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/09/20 22:41:58 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/09/20 22:41:58 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/09/20 22:41:58 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/09/20 22:41:58 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2009/07/13 20:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\SysNative\ipnathlp.dll
[2009/07/13 20:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\ipnathlp.dll

< MD5 for: NETBT.SYS >
[2010/11/20 22:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys
[2010/11/20 22:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys

< MD5 for: NETMAN.DLL >
[2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\SysNative\netman.dll
[2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\netman.dll

< MD5 for: QMGR.DLL >
[2010/11/20 22:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/20 22:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll

< MD5 for: RPCSS.DLL >
[2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
[2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/09/29 12:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2010/11/20 22:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2012/03/30 05:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2011/09/20 22:41:59 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011/06/21 01:20:30 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
[2012/03/30 06:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\SysNative\drivers\tcpip.sys
[2012/03/30 06:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2011/09/20 22:41:59 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2011/09/20 22:41:54 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=CB6A53EF141CC3DA32DA54F7E75D301B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21687_none_118505f696597a9d\tcpip.sys
[2011/09/20 22:41:54 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=DC08410DB2D0CC542DACAC7A90E6CB7A -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17582_none_10f667b97d405c20\tcpip.sys
[2011/06/21 01:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
[2011/09/29 11:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

< MD5 for: TDX.SYS >
[2010/11/20 22:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\SysNative\drivers\tdx.sys
[2010/11/20 22:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2010/11/20 22:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
[2010/11/20 22:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 22:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< MD5 for: WMISVC.DLL >
[2009/07/13 20:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\SysNative\wbem\WMIsvc.dll
[2009/07/13 20:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_fed8c13f0d90a8cf\WMIsvc.dll

< MD5 for: WSCSVC.DLL >
[2009/07/13 20:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\SysNative\wscsvc.dll
[2009/07/13 20:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_78666321c8b86082\wscsvc.dll

< End of report >

descriptionInfected by iliti virus & possible others... EmptyRe: Infected by iliti virus & possible others...

more_horiz
(EXTRAS.TXT)

OTL Extras logfile created on: 8/22/2012 7:52:25 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Virus Removal 001
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.98 Gb Total Physical Memory | 14.18 Gb Available Physical Memory | 88.74% Memory free
31.96 Gb Paging File | 30.56 Gb Available in Paging File | 95.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1840.26 Gb Total Space | 1674.07 Gb Free Space | 90.97% Space Free | Partition Type: NTFS
Drive J: | 93.33 Gb Total Space | 24.56 Gb Free Space | 26.32% Space Free | Partition Type: FAT32

Computer Name: LIBRARY | User Name: FabFrommFamily | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11A7B2DD-0872-4549-9479-7F38F69E98B5}" = lport=9702 | protocol=6 | dir=in | name=syncup_tcp_9702 |
"{12EEBC5B-38C2-444D-B531-300892E9A9E3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{14B6B211-49E1-4E30-B55E-18A05CD2B4E3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{235A4EE2-2374-4278-A0C7-B9AE5A0DF22D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{2D59B70F-1603-4A18-BE0B-17EC9ACF1E99}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2E36B029-0FE4-469A-988A-DEFF9C2CE7F1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{30D0F0BA-C0A2-4EB2-B749-C6E8E3A6E1F5}" = lport=139 | protocol=6 | dir=in | app=system |
"{43BC51A5-F00C-4A27-95A5-88D9DFFBEE5D}" = lport=138 | protocol=17 | dir=in | app=system |
"{5353BD9B-6EC5-4432-A602-30129E65D390}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{57C05928-7A3F-4F1F-9A62-5B2F31286BF2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5CC92FD6-CD14-43AC-A3CE-BF4F63332432}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6B140445-D169-4A8E-ADC1-3F9A24874E0D}" = rport=139 | protocol=6 | dir=out | app=system |
"{721A387F-E475-4F65-9AD7-53846F91C4CB}" = lport=9700 | protocol=17 | dir=in | name=syncup_udp_9700 |
"{92A4A674-5439-4017-8B40-9EADBD0FFE43}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9A1705A3-E026-4C38-B27D-108324B5A9C7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9DAA65D6-BDD8-4504-948E-DE210CE1FE93}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A50783F4-0C99-4CC6-89AF-D78D36D16803}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BFA6205E-E821-4C24-AF82-3F4D9A5270F6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C20209E0-B6EC-44CE-B623-6B9E76BC4D3E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{C7C667C7-8A01-4B14-8AEE-4911D8561C3B}" = rport=138 | protocol=17 | dir=out | app=system |
"{C94829CD-5A72-41C5-BA16-9D0FCEA4B967}" = lport=9701 | protocol=6 | dir=in | name=syncup_tcp_9701 |
"{D46195EF-A1BB-4AA1-BA27-4BA3BAC78D9F}" = rport=445 | protocol=6 | dir=out | app=system |
"{D505D96C-DA88-447F-85DB-929F0B2F3013}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D67D64B6-6FC9-4FE2-8D90-335C76367E82}" = rport=137 | protocol=17 | dir=out | app=system |
"{D9FF7B83-112A-4989-8A0A-2E68B429E697}" = lport=445 | protocol=6 | dir=in | app=system |
"{DF2A28B8-C9D1-46AB-ACC6-C296DCD2969C}" = lport=137 | protocol=17 | dir=in | app=system |
"{EC20433F-BF22-4C12-A13E-865C4B980D5E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EC57B5D0-2346-4949-8FF2-41F39FB406F2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{ED63B9A4-6C80-419C-89D5-0578251D0A9D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EF5A9CEF-9304-4DF9-9A11-DFAE462BC523}" = lport=9700 | protocol=6 | dir=in | name=syncup_tcp_9700 |
"{FCA9DCF2-2700-40D1-8622-CD8ED731561C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C5AAFB1-3F03-4E26-B091-CEF881E63C97}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0D2FF58D-728D-44E9-91F2-EDDC67A60A7F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{0E7E3AE7-CA94-41E9-AD5E-88CDFA8012C5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{14DFE826-1CBF-4305-A57D-CD97E631FAF4}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe |
"{253540F8-63A8-4AA9-ADCB-AA57EE1D5734}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{25D3E2B9-96A4-428F-996B-64D6793EACC9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2DA8F6FE-F929-410C-947E-1CDAAEE589B0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2F78EA19-0554-4EFF-968B-72F9A58E7158}" = dir=in | app=c:\program files (x86)\laplink\pcsync\pcsync.exe |
"{3560F6F4-6273-44A0-B6EB-22E920F06324}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{36A99D4C-2FBB-428D-9F02-EC74C76F4B61}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3B560245-59AA-4D7B-BBB0-024449DD14EA}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe |
"{3C055A6C-902B-4AAB-A5DA-F5154A6E2F94}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{42860F3A-659F-44C6-AA4B-465F1F2822BD}" = dir=in | app=c:\program files (x86)\laplink\pcsync\sfthost.exe |
"{44502C8B-77D1-40D2-8B6D-BA1265AD8622}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{45E0540D-0F4B-4620-8AEA-DA3AE72BEDF7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4CB12FC5-1D48-492A-B5BD-0F360C32B66E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{51C19F4A-E857-4F97-AB39-43057C6EE5C5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{53583D6A-D531-4465-A112-11ED916DB880}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{54D5D840-AFE1-4EE1-860F-24A3559190C7}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe |
"{54EBDB64-6833-4FA8-8A11-60F72CB7F841}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{73B7FF23-67B4-4CE6-BD66-CF11A5BE6293}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{74EC1B2A-5435-47E9-92DA-7CCCDDBE02EA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{84286BFD-3C5D-4284-8A3F-55521B652E61}" = dir=in | app=c:\program files (x86)\laplink\pcmover\pcmover.exe |
"{98CD6865-D80C-4074-946D-95E7BAED50F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{99AECD09-CA75-4D76-B203-4FAFBE3B0B73}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9CBEB5F5-4C38-4346-B4AA-EB6B624D6C40}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A089C80B-FC09-4BA4-8C5F-ABABF9E1FEE8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{A49E1745-4CBE-467D-ADEA-004F551F562F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A49F8E25-E78C-4676-B1B8-C11239313E05}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AF08C61A-E85E-49BD-A8F0-2FB5E49A4BC5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B1007F33-5040-4DEA-B141-7737798AA3AD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B3C0D71D-5DF0-404D-97AD-9521FD4741F2}" = protocol=6 | dir=out | app=system |
"{B60634AA-04A6-4F42-A985-D8020B40D9A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BC5F98A1-F70F-4492-877D-A5EFC404AF3C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{BD13331F-03EE-4046-9A16-E149E8F8AC54}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{C185FFC1-92FC-4B31-9D3C-85FC86194A48}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C22A6761-FCF8-4822-B291-3CB1D23AFDF3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C32DDF60-778F-4C8E-9EDA-DB19907DD500}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C5D7C0E1-85CB-4A91-9ADF-E3AFEED745E5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CDEBFFE1-E288-4016-AA0B-9C5CF9BD62F8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D6183D30-A0AC-4EB0-9A43-3033E2D6E1D8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D98D2425-5383-427A-98CF-39A3D3785754}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{DB8884A5-E072-44D4-BDB9-580245D0BD1D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F850999E-D617-4A53-9F55-7121DAF00B47}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{2F2FB795-02E4-C0B7-4C7E-33F5DBBBC299}" = ccc-utility64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{72E244E5-ABBF-4905-B29C-4A8BA9190A9C}" = ATI AVIVO64 Codecs
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E73155E5-E75F-D09E-30C0-C18E3C3A1FA3}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Dell Support Center" = Dell Support Center
"DW WLAN Card" = DW WLAN Card
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C39C9B6-2DD9-A78C-DB11-D542912480BE}" = CCC Help Spanish
"{0D98F04D-11A1-4B64-A406-43292B9EEE90}" = Dell PhotoStage
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0E74474A-1CDF-4249-A507-CE8C1DCEC8BC}" = TrustedID IDMonitor Identity Protection
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{16D3E1ED-6F49-CE9E-93C5-0303D0D16196}" = CCC Help Dutch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CCF681C-C203-49B3-83F4-A54F0F944416}" = ASPCA Reminder by We-Care.com v5.0.5.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{23F80A0D-95AA-5001-B4C6-A42E4B3D6615}" = CCC Help Greek
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{25B30DCB-97E2-7A3A-F159-D970B73B71A5}" = CCC Help Italian
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26D7162F-9D1B-CA6D-15C3-1114F551F9A6}" = CCC Help Polish
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2BD9E081-9383-1E4B-D33F-6A6D6DCADBCF}" = CCC Help Hungarian
"{30E411BE-C174-405F-9361-27F4CEDE0C19}" = PCmover Professional
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33E2517D-E262-EA4A-842C-0BE9B1263AC8}" = CCC Help French
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36ADF0B5-55B8-C2F6-387D-3A6715055B51}" = CCC Help Korean
"{37D4213E-49E9-DCCF-5C64-7E090A456C9A}" = CCC Help Czech
"{382F1842-0E6C-4782-B920-D96ED5165F03}" = Catalyst Control Center - Branding
"{39D06E77-8921-4056-8901-36D0035BAECA}" = Dell Stage
"{3C37A01E-C036-4011-8875-521E6DBC2850}" = Laplink PCsync
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
"{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{44743861-8050-E256-42DE-57DD79BE88FC}" = CCC Help Thai
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5778D89F-205C-6575-1EB8-A9C6BA6C4143}" = CCC Help Swedish
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{654AC5F1-A109-6CA6-090E-D848AF7749C4}" = CCC Help Japanese
"{65DB503C-C379-2F23-C24D-232586D0E479}" = CCC Help Chinese Standard
"{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B94DEB7-98DB-1C8D-85D5-A315A2407C3E}" = CCC Help Portuguese
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F73FF67-09CE-F7B6-551D-5A4EA4CAA4CB}" = CCC Help German
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{7D10390B-B895-8DCA-F140-C951B3110731}" = Catalyst Control Center InstallProxy
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81E4A484-448D-4F69-9E48-CD9419D36C72}" = CCC Help Finnish
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{855945E0-69F8-EE59-257E-271AD70EBB18}" = CCC Help Turkish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B0682D6-D608-2430-F3A8-492C91F4F892}" = Catalyst Control Center Localization All
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{938D5F72-6759-4C4A-0CF6-203C4C377717}" = CCC Help Chinese Traditional
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E4D695B-87A6-49A7-A36C-85F2E63B669D}" = FBDownloader IE Add-on
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{ACCDD881-A880-58EF-D6C8-1B962297C7FA}" = CCC Help Russian
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C70F962E-EABC-8FB5-16FD-89B01378214A}" = CCC Help Danish
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E27CA8FE-3A09-E040-711C-397A97D85DA3}" = CCC Help English
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E54120CB-FA9C-7037-71C9-342761EBC5FF}" = CCC Help Norwegian
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F9EE9A09-99B7-B29E-53C3-BBAD0ECB8A78}" = Catalyst Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"AVG Secure Search" = AVG Security Toolbar
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cisco Connect" = Cisco Connect
"DefaultTab" = DefaultTab
"fbDownloader" = fbDownloader 1.0.2
"Guild Wars 2" = Guild Wars 2
"InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"IrfanView" = IrfanView (remove only)
"mefeediatest" = MeFeedia
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee SecurityCenter
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.7.0
"MyWebSearch bar Uninstall" = My Web Search (Popular Screensavers)
"NortonPCCheckup" = Norton PC Checkup
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"PremElem90" = Adobe Premiere Elements 9
"RealPlayer 15.0" = RealPlayer
"Smart PC Cleaner_is1" = Smart PC Cleaner v3.0
"Steam App 440" = Team Fortress 2
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"ZinioReader4" = Zinio Reader 4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"RivalGaming" = RivalGaming
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/15/2012 10:15:41 PM | Computer Name = Library | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
time stamp: 0x4fb57c8f Faulting module name: IEHelperv2.5.0.dll, version: 3.0.0.1,
time stamp: 0x4ed7c091 Exception code: 0xc0000005 Fault offset: 0x00005945 Faulting
process id: 0x1698 Faulting application start time: 0x01cd4b65ecdffbc3 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll Report Id: 2b227d54-b759-11e1-8bd9-782bcbb751df

Error - 6/20/2012 8:41:57 AM | Computer Name = Library | Source = WinMgmt | ID = 10
Description =

Error - 6/20/2012 3:58:36 PM | Computer Name = Library | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary Symantec Eraser Control driver. System Error: The system cannot find the
file specified. .

Error - 6/25/2012 9:53:52 AM | Computer Name = Library | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
time stamp: 0x4fb57c8f Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting
process id: 0x2c54 Faulting application start time: 0x01cd52d9f3faa96c Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\ntdll.dll Report Id: 31ff4736-becd-11e1-a173-782bcbb751df

Error - 6/26/2012 2:24:00 PM | Computer Name = Library | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16446 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2a7c Start
Time: 01cd5396dd200130 Termination Time: 81 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id: 162f7b47-bfbc-11e1-a173-782bcbb751df

Error - 6/27/2012 2:01:34 PM | Computer Name = Library | Source = WinMgmt | ID = 10
Description =

Error - 6/27/2012 2:02:41 PM | Computer Name = Library | Source = MsiInstaller | ID = 11923
Description =

Error - 6/27/2012 2:02:41 PM | Computer Name = Library | Source = MsiInstaller | ID = 11939
Description =

Error - 6/27/2012 7:42:38 PM | Computer Name = Library | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
time stamp: 0x4fb57c8f Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting
process id: 0x13b0 Faulting application start time: 0x01cd54be7c83feab Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\ntdll.dll Report Id: c6b9f885-c0b1-11e1-b86a-782bcbb751df

Error - 6/27/2012 11:08:33 PM | Computer Name = Library | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
time stamp: 0x4fb57c8f Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting
process id: 0x244c Faulting application start time: 0x01cd54db4ceab0b3 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\ntdll.dll Report Id: 8b2d3245-c0ce-11e1-b86a-782bcbb751df

Error - 7/3/2012 1:39:54 AM | Computer Name = Library | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
time stamp: 0x4fb57c8f Faulting module name: IEHelperv2.5.0.dll, version: 3.0.0.1,
time stamp: 0x4ed7c091 Exception code: 0xc0000005 Fault offset: 0x00013459 Faulting
process id: 0x2058 Faulting application start time: 0x01cd58de4422ede0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll Report Id: 839fd3fe-c4d1-11e1-b86a-782bcbb751df

[ System Events ]
Error - 8/22/2012 8:34:57 PM | Computer Name = Library | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/22/2012 8:34:58 PM | Computer Name = Library | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/22/2012 8:34:58 PM | Computer Name = Library | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/22/2012 8:34:58 PM | Computer Name = Library | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/22/2012 8:51:27 PM | Computer Name = Library | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/22/2012 8:51:27 PM | Computer Name = Library | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/22/2012 8:51:27 PM | Computer Name = Library | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/22/2012 8:51:27 PM | Computer Name = Library | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/22/2012 8:51:27 PM | Computer Name = Library | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/22/2012 8:51:27 PM | Computer Name = Library | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068


< End of report >

descriptionInfected by iliti virus & possible others... EmptyRe: Infected by iliti virus & possible others...

more_horiz
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-22 20:06:40
-----------------------------
20:06:40.001 OS Version: Windows x64 6.1.7601 Service Pack 1
20:06:40.001 Number of processors: 8 586 0x2A07
20:06:40.001 ComputerName: LIBRARY UserName:
20:06:42.357 Initialize success
20:06:45.430 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:06:45.430 Disk 0 Vendor: ST320006 CC44 Size: 1907729MB BusType: 3
20:06:45.446 Disk 0 MBR read successfully
20:06:45.446 Disk 0 MBR scan
20:06:45.446 Disk 0 Windows VISTA default MBR code
20:06:45.446 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
20:06:45.461 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 23258 MB offset 81920
20:06:45.461 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 1884430 MB offset 47714304
20:06:45.477 Disk 0 scanning C:\Windows\system32\drivers
20:06:50.422 Service scanning
20:06:59.189 Modules scanning
20:06:59.189 Disk 0 trace - called modules:
20:06:59.205 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:06:59.205 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800e4f4060]
20:06:59.205 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800d4c6050]
20:06:59.205 Scan finished successfully
20:07:12.964 Disk 0 MBR has been saved successfully to "C:\Virus Removal 001\MBR.dat"
20:07:12.964 The log file has been saved successfully to "C:\Virus Removal 001\aswMBR.txt"


descriptionInfected by iliti virus & possible others... EmptyRe: Infected by iliti virus & possible others...

more_horiz
Results of screen317's Security Check version 0.99.46
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Smart PC Cleaner v3.0
Java(TM) 6 Update 31
Java version out of Date!
Adobe Reader X (10.1.4)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
SecurityCheck.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

descriptionInfected by iliti virus & possible others... EmptyRe: Infected by iliti virus & possible others...

more_horiz
Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
Infected by iliti virus & possible others... Mbamicontw5 Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.


First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

descriptionInfected by iliti virus & possible others... EmptyRe: Infected by iliti virus & possible others...

more_horiz
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code:

:OTL

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZRxdm719YYUS&ptnrS=ZRxdm719YYUS&si=CLzf37jGo64CFXG-tgod8hR5RA&ptb=vZWOkJFO2UtHJke5RKwcHQ&ind=2012021617&n=77ed0371&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{7931b63e-6ba3-4f38-9d55-5b518a03be02}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=UVxdm008YYus&ptb=3217E71D-C087-4D9A-9EDD-EF3301305B2A&ind=2012011217&ptnrS=UVxdm008YYus&si=&n=77ecdad1&psa=&st=sb&searchfor={searchTerms}
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{02A9B082-D8E6-4AB1-9ABA-4656B853E300}: "URL" = http://www.mysearchresults.com/search?&c=2632&t=03&q={searchTerms}
IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZRxdm719YYUS&ptnrS=ZRxdm719YYUS&si=CLzf37jGo64CFXG-tgod8hR5RA&ptb=vZWOkJFO2UtHJke5RKwcHQ&ind=2012021617&n=77ed0371&psa=&st=sb&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{7931b63e-6ba3-4f38-9d55-5b518a03be02}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=UVxdm008YYus&ptb=3217E71D-C087-4D9A-9EDD-EF3301305B2A&ind=2012011217&ptnrS=UVxdm008YYus&si=&n=77ecdad1&psa=&st=sb&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={25478072-0715-4449-8F26-9C3EE963FE65}&mid=6851eeb4ce6b47d0a3f9a9628d53b82c-dd09342c53d7249823ba10439343fffb130b7274&lang=en&ds=ft011&pr=sa&d=2012-07-27 21:09:32&v=12.1.0.21&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{B8EEB896-B588-46AF-ACBE-40CAB69FCE39}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120832,17118,0,18,0
IE - HKCU\..\SearchScopes\{F631367A-31A0-437C-8821-AEB57AB46912}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3150609
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (RivalGaming Games) - {26D675AC-D925-4bbf-A720-62C2AA4A81EB} - C:\Users\FabFrommFamily\AppData\Local\RivalGaming\RivalGaming.dll (RivalGaming)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)

:folders

C:\Program Files (x86)\MyWebSearch

:COMMANDS
[resethosts]
[purity]
[start explorer]


* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.

descriptionInfected by iliti virus & possible others... EmptyRe: Infected by iliti virus & possible others...

more_horiz
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/23/2012 at 08:03 PM

Application Version : 5.5.1012

Core Rules Database Version : 9115
Trace Rules Database Version: 6927

Scan type : Complete Scan
Total Scan Time : 01:09:49

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 563
Memory threats detected : 0
Registry items scanned : 66951
Registry threats detected : 758
File items scanned : 238119
File threats detected : 493

PUP.MyWebSearch
(x86) HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
(x86) HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32
(x86) HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
(x86) HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32
(x86) HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\Programmable
(x86) HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
(x86) HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32
(x86) HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
(x86) HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32
(x86) HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable
(x86) [My Web Search Bar Search Scope Monitor] C:\PROGRA~2\MYWEBS~1\BAR\1.BIN\M3SRCHMN.EXE
C:\PROGRA~2\MYWEBS~1\BAR\1.BIN\M3SRCHMN.EXE
(x86) [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
C:\PROGRA~2\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
(x86) HKLM\Software\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
(x86) HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
(x86) HKLM\Software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
(x86) HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
(x86) HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
(x86) HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
(x86) HKLM\Software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
(x86) HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
(x86) HKLM\Software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
(x86) HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
(x86) HKLM\Software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}
(x86) HKCR\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}
(x86) HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
(x86) HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
(x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
(x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
(x86) HKU\S-1-5-21-2349935502-4117598282-3216927103-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
(x86) HKU\S-1-5-21-2349935502-4117598282-3216927103-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
(x86) HKU\S-1-5-21-2349935502-4117598282-3216927103-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
(x86) HKU\S-1-5-21-2349935502-4117598282-3216927103-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
(x86) HKLM\Software\Microsoft\Internet Explorer\Toolbar#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
(x86) HKU\S-1-5-21-2349935502-4117598282-3216927103-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
(x86) HKU\S-1-5-21-2349935502-4117598282-3216927103-1000\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
(x86) HKLM\System\ControlSet001\Services\MYWEBSEARCHSERVICE
C:\PROGRA~2\MYWEBS~1\BAR\1.BIN\MWSSVC.EXE
(x86) HKLM\System\ControlSet001\Enum\Root\LEGACY_MYWEBSEARCHSERVICE
(x86) HKLM\System\ControlSet002\Services\MYWEBSEARCHSERVICE
(x86) HKLM\System\ControlSet002\Enum\Root\LEGACY_MYWEBSEARCHSERVICE
(x86) HKLM\System\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE

PUP.MyWebSearch/FunWebProducts
(x86) HKLM\SOFTWARE\Fun Web Products
(x86) HKLM\SOFTWARE\Fun Web Products#JpegConversionLib
(x86) HKLM\SOFTWARE\Fun Web Products\MSNMessenger
(x86) HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLFile
(x86) HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLDir
(x86) HKLM\SOFTWARE\Fun Web Products\ScreenSaver
(x86) HKLM\SOFTWARE\Fun Web Products\ScreenSaver#ImagesDir
(x86) HKLM\SOFTWARE\Fun Web Products\Settings
(x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos
(x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.numActive
(x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.0
(x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqNone
(x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.numActive
(x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.0
(x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqUninstalled
(x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive
(x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive2
(x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.1
(x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.2
(x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.3
(x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.4
(x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.5
(x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.6
(x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.7
(x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.8
(x86) HKU\S-1-5-21-2349935502-4117598282-3216927103-1000\SOFTWARE\MyWebSearch
(x86) HKLM\SOFTWARE\MyWebSearch
(x86) HKLM\SOFTWARE\MyWebSearch\bar
(x86) HKLM\SOFTWARE\MyWebSearch\bar#Maximized
(x86) HKLM\SOFTWARE\MyWebSearch\bar#Visible
(x86) HKLM\SOFTWARE\MyWebSearch\bar#pid
(x86) HKLM\SOFTWARE\MyWebSearch\bar#fwp
(x86) HKLM\SOFTWARE\MyWebSearch\bar#mwsask
(x86) HKLM\SOFTWARE\MyWebSearch\bar#psid
(x86) HKLM\SOFTWARE\MyWebSearch\bar#un
(x86) HKLM\SOFTWARE\MyWebSearch\bar#tiec
(x86) HKLM\SOFTWARE\MyWebSearch\bar#Dir
(x86) HKLM\SOFTWARE\MyWebSearch\bar#UninstallString
(x86) HKLM\SOFTWARE\MyWebSearch\bar#PluginPath
(x86) HKLM\SOFTWARE\MyWebSearch\bar#RegHookPath
(x86) HKLM\SOFTWARE\MyWebSearch\bar#Id
(x86) HKLM\SOFTWARE\MyWebSearch\bar#CurInstall
(x86) HKLM\SOFTWARE\MyWebSearch\bar#SettingsDir
(x86) HKLM\SOFTWARE\MyWebSearch\bar#sr
(x86) HKLM\SOFTWARE\MyWebSearch\bar#pl
(x86) HKLM\SOFTWARE\MyWebSearch\bar#HistoryDir
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEMON
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEMON#Version
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG#Version
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG#Path
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG#StandardSmileyDir.AIM
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.numActive2
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.0
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.1
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.2
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.3
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.4
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.5
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.6
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.7
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.8
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.9
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.numActive
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.numActive2
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.0.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.1.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.2.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.3.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.4.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.5.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.6.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.7.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.8.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.9.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.10.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.11.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.12.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.13.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.numActive
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.numActive2
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.0.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.1.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.2.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.3.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.4.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.5.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.6.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.7.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.8
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.9
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.10
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.numActive2
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.0
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.1
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.2
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.3
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.4
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.5
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.6
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.7
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.8
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.9
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.10
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.11
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.numActive2
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.0
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.1
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.2
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.3
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.4
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.5
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.6
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.7
(x86) HKLM\SOFTWARE\MyWebSearch\OEHosts
(x86) HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows12
(x86) HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows2
(x86) HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows3
(x86) HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows4
(x86) HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows5
(x86) HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows6
(x86) HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows7
(x86) HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows8
(x86) HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows9
(x86) HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows10
(x86) HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows11
(x86) HKLM\SOFTWARE\MyWebSearch\SearchAssistant
(x86) HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pid
(x86) HKLM\SOFTWARE\MyWebSearch\SearchAssistant#fwp
(x86) HKLM\SOFTWARE\MyWebSearch\SearchAssistant#mwsask
(x86) HKLM\SOFTWARE\MyWebSearch\SearchAssistant#psid
(x86) HKLM\SOFTWARE\MyWebSearch\SearchAssistant#esh
(x86) HKLM\SOFTWARE\MyWebSearch\SearchAssistant#lsp
(x86) HKLM\SOFTWARE\MyWebSearch\SearchAssistant#LastRequest
(x86) HKLM\SOFTWARE\MyWebSearch\SearchAssistant#NextRequest
(x86) HKLM\SOFTWARE\MyWebSearch\SkinTools
(x86) HKLM\SOFTWARE\MyWebSearch\SkinTools#PlayerPath
(x86) HKCR\FunWebProducts.DataControl
(x86) HKCR\FunWebProducts.DataControl\CLSID
(x86) HKCR\FunWebProducts.DataControl\CurVer
(x86) HKCR\FunWebProducts.DataControl.1
(x86) HKCR\FunWebProducts.DataControl.1\CLSID
(x86) HKCR\FunWebProducts.HistoryKillerScheduler
(x86) HKCR\FunWebProducts.HistoryKillerScheduler\CLSID
(x86) HKCR\FunWebProducts.HistoryKillerScheduler\CurVer
(x86) HKCR\FunWebProducts.HistoryKillerScheduler.1
(x86) HKCR\FunWebProducts.HistoryKillerScheduler.1\CLSID
(x86) HKCR\FunWebProducts.HistorySwatterControlBar
(x86) HKCR\FunWebProducts.HistorySwatterControlBar\CLSID
(x86) HKCR\FunWebProducts.HistorySwatterControlBar\CurVer
(x86) HKCR\FunWebProducts.HistorySwatterControlBar.1
(x86) HKCR\FunWebProducts.HistorySwatterControlBar.1\CLSID
(x86) HKCR\FunWebProducts.HTMLMenu
(x86) HKCR\FunWebProducts.HTMLMenu\CLSID
(x86) HKCR\FunWebProducts.HTMLMenu\CurVer
(x86) HKCR\FunWebProducts.HTMLMenu.1
(x86) HKCR\FunWebProducts.HTMLMenu.1\CLSID
(x86) HKCR\FunWebProducts.HTMLMenu.2
(x86) HKCR\FunWebProducts.HTMLMenu.2\CLSID
(x86) HKCR\FunWebProducts.IECookiesManager
(x86) HKCR\FunWebProducts.IECookiesManager\CLSID
(x86) HKCR\FunWebProducts.IECookiesManager\CurVer
(x86) HKCR\FunWebProducts.IECookiesManager.1
(x86) HKCR\FunWebProducts.IECookiesManager.1\CLSID
(x86) HKCR\FunWebProducts.KillerObjManager
(x86) HKCR\FunWebProducts.KillerObjManager\CLSID
(x86) HKCR\FunWebProducts.KillerObjManager\CurVer
(x86) HKCR\FunWebProducts.KillerObjManager.1
(x86) HKCR\FunWebProducts.KillerObjManager.1\CLSID
(x86) HKCR\FunWebProducts.PopSwatterBarButton
(x86) HKCR\FunWebProducts.PopSwatterBarButton\CLSID
(x86) HKCR\FunWebProducts.PopSwatterBarButton\CurVer
(x86) HKCR\FunWebProducts.PopSwatterBarButton.1
(x86) HKCR\FunWebProducts.PopSwatterBarButton.1\CLSID
(x86) HKCR\FunWebProducts.PopSwatterSettingsControl
(x86) HKCR\FunWebProducts.PopSwatterSettingsControl\CLSID
(x86) HKCR\FunWebProducts.PopSwatterSettingsControl\CurVer
(x86) HKCR\FunWebProducts.PopSwatterSettingsControl.1
(x86) HKCR\FunWebProducts.PopSwatterSettingsControl.1\CLSID
(x86) HKCR\MyWebSearch.ChatSessionPlugin
(x86) HKCR\MyWebSearch.ChatSessionPlugin\CLSID
(x86) HKCR\MyWebSearch.ChatSessionPlugin\CurVer
(x86) HKCR\MyWebSearch.ChatSessionPlugin.1
(x86) HKCR\MyWebSearch.ChatSessionPlugin.1\CLSID
(x86) HKCR\MyWebSearch.HTMLPanel
(x86) HKCR\MyWebSearch.HTMLPanel\CLSID
(x86) HKCR\MyWebSearch.HTMLPanel\CurVer
(x86) HKCR\MyWebSearch.HTMLPanel.1
(x86) HKCR\MyWebSearch.HTMLPanel.1\CLSID
(x86) HKCR\MyWebSearch.OutlookAddin
(x86) HKCR\MyWebSearch.OutlookAddin\CLSID
(x86) HKCR\MyWebSearch.OutlookAddin\CurVer
(x86) HKCR\MyWebSearch.OutlookAddin.1
(x86) HKCR\MyWebSearch.OutlookAddin.1\CLSID
(x86) HKCR\MyWebSearch.PseudoTransparentPlugin
(x86) HKCR\MyWebSearch.PseudoTransparentPlugin\CLSID
(x86) HKCR\MyWebSearch.PseudoTransparentPlugin\CurVer
(x86) HKCR\MyWebSearch.PseudoTransparentPlugin.1
(x86) HKCR\MyWebSearch.PseudoTransparentPlugin.1\CLSID
(x86) HKCR\MyWebSearchToolBar.SettingsPlugin
(x86) HKCR\MyWebSearchToolBar.SettingsPlugin\CLSID
(x86) HKCR\MyWebSearchToolBar.SettingsPlugin\CurVer
(x86) HKCR\MyWebSearchToolBar.SettingsPlugin.1
(x86) HKCR\MyWebSearchToolBar.SettingsPlugin.1\CLSID
(x86) HKCR\MyWebSearchToolBar.ToolbarPlugin
(x86) HKCR\MyWebSearchToolBar.ToolbarPlugin\CLSID
(x86) HKCR\MyWebSearchToolBar.ToolbarPlugin\CurVer
(x86) HKCR\MyWebSearchToolBar.ToolbarPlugin.1
(x86) HKCR\MyWebSearchToolBar.ToolbarPlugin.1\CLSID
(x86) HKCR\ScreenSaverControl.ScreenSaverInstaller
(x86) HKCR\ScreenSaverControl.ScreenSaverInstaller\CLSID
(x86) HKCR\ScreenSaverControl.ScreenSaverInstaller\CurVer
(x86) HKCR\ScreenSaverControl.ScreenSaverInstaller.1
(x86) HKCR\ScreenSaverControl.ScreenSaverInstaller.1\CLSID
(x86) HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
(x86) HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Control
(x86) HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32
(x86) HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus
(x86) HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus\1
(x86) HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\ProgID
(x86) HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Programmable
(x86) HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\TypeLib
(x86) HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Version
(x86) HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\VersionIndependentProgID
(x86) HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
(x86) HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\InprocServer32
(x86) HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\ProgID
(x86) HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\Programmable
(x86) HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\TypeLib
(x86) HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\VersionIndependentProgID
(x86) HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
(x86) HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs
(x86) HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}
(x86) HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\Control
(x86) HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\InprocServer32
(x86) HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\MiscStatus
(x86) HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\MiscStatus\1
(x86) HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\ProgID
(x86) HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\Programmable
(x86) HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\TypeLib
(x86) HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\Version
(x86) HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\VersionIndependentProgID
(x86) HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
(x86) HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\InprocServer32
(x86) HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\ProgID
(x86) HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\VersionIndependentProgID
(x86) HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
(x86) HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\Control
(x86) HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\InprocServer32
(x86) HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\MiscStatus
(x86) HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\MiscStatus\1
(x86) HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\ProgID
(x86) HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\Programmable
(x86) HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\TypeLib
(x86) HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\Version
(x86) HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\VersionIndependentProgID
(x86) HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
(x86) HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32
(x86) HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\ProgID
(x86) HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\Programmable
(x86) HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\TypeLib
(x86) HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\VersionIndependentProgID
(x86) HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
(x86) HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\InprocServer32
(x86) HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\ProgID
(x86) HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\Programmable
(x86) HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
(x86) HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\VersionIndependentProgID
(x86) HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}
(x86) HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Control
(x86) HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32
(x86) HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus
(x86) HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1
(x86) HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable
(x86) HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib
(x86) HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Version
(x86) HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}
(x86) HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Control
(x86) HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32
(x86) HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus
(x86) HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1
(x86) HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\ProgID
(x86) HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable
(x86) HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib
(x86) HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Version
(x86) HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\VersionIndependentProgID
(x86) HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}
(x86) HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Control
(x86) HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32
(x86) HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus
(x86) HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1
(x86) HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable
(x86) HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib
(x86) HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Version
(x86) HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}
(x86) HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32
(x86) HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
(x86) HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\InprocServer32
(x86) HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\ProgID
(x86) HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\Programmable
(x86) HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\TypeLib
(x86) HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\VersionIndependentProgID
(x86) HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
(x86) HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}\InprocServer32
(x86) HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
(x86) HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\InprocServer32
(x86) HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\ProgID
(x86) HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\VersionIndependentProgID
(x86) HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
(x86) HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\InprocServer32
(x86) HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\MiscStatus
(x86) HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\MiscStatus\1
(x86) HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\ProgID
(x86) HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\Programmable
(x86) HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\TypeLib
(x86) HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\Version
(x86) HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\VersionIndependentProgID
(x86) HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}
(x86) HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs
(x86) HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}
(x86) HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\InprocServer32
(x86) HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\Programmable
(x86) HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\TypeLib
(x86) HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
(x86) HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32
(x86) HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\ProgID
(x86) HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\Programmable
(x86) HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\VersionIndependentProgID
(x86) HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
(x86) HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\InprocServer32
(x86) HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\MiscStatus
(x86) HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\MiscStatus\1
(x86) HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\ProgID
(x86) HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\Programmable
(x86) HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\TypeLib
(x86) HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\Version
(x86) HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\VersionIndependentProgID
(x86) HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
(x86) HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\InprocServer32
(x86) HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\MiscStatus
(x86) HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\MiscStatus\1
(x86) HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\ProgID
(x86) HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\Programmable
(x86) HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\TypeLib
(x86) HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\Version
(x86) HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\VersionIndependentProgID
(x86) HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
(x86) HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\InprocServer32
(x86) HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\ProgID
(x86) HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\Programmable
(x86) HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\TypeLib
(x86) HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\VersionIndependentProgID
(x86) HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}
(x86) HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\InprocServer32
(x86) HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\Programmable
(x86) HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\TypeLib
(x86) HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}
(x86) HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\Control
(x86) HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\InprocServer32
(x86) HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\MiscStatus
(x86) HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\MiscStatus\1
(x86) HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\ProgID
(x86) HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\Programmable
(x86) HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\TypeLib
(x86) HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\Version
(x86) HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\VersionIndependentProgID
(x86) HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
(x86) HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0
(x86) HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\0
(x86) HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\0\win32
(x86) HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\FLAGS
(x86) HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\HELPDIR
(x86) HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}
(x86) HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0
(x86) HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\0
(x86) HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\0\win32
(x86) HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\FLAGS
(x86) HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\HELPDIR
(x86) HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}
(x86) HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0
(x86) HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\0
(x86) HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\0\win32
(x86) HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\FLAGS
(x86) HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\HELPDIR
(x86) HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}
(x86) HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0
(x86) HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\0
(x86) HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\0\win32
(x86) HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\FLAGS
(x86) HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\HELPDIR
(x86) HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
(x86) HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0
(x86) HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\0
(x86) HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\0\win32
(x86) HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\FLAGS
(x86) HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\HELPDIR
(x86) HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
(x86) HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0
(x86) HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\0
(x86) HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\0\win32
(x86) HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\FLAGS
(x86) HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\HELPDIR
(x86) HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}
(x86) HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0
(x86) HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\0
(x86) HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\0\win32
(x86) HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\FLAGS
(x86) HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\HELPDIR
(x86) HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}
(x86) HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0
(x86) HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\0
(x86) HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\0\win32
(x86) HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\FLAGS
(x86) HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\HELPDIR
(x86) HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
(x86) HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0
(x86) HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0
(x86) HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32
(x86) HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\FLAGS
(x86) HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\HELPDIR
(x86) HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
(x86) HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0
(x86) HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\0
(x86) HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\0\win32
(x86) HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\FLAGS
(x86) HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\HELPDIR
(x86) HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}
(x86) HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0
(x86) HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\0
(x86) HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\0\win32
(x86) HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\FLAGS
(x86) HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\HELPDIR
(x86) HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
(x86) HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0
(x86) HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\0
(x86) HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\0\win32
(x86) HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\FLAGS
(x86) HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\HELPDIR
(x86) HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
(x86) HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
(x86) HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib
(x86) HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
(x86) HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
(x86) HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
(x86) HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib
(x86) HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
(x86) HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
(x86) HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid32
(x86) HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib
(x86) HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib#Version
(x86) HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
(x86) HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid32
(x86) HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib
(x86) HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib#Version
(x86) HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
(x86) HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid32
(x86) HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib
(x86) HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib#Version
(x86) HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
(x86) HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid32
(x86) HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib
(x86) HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib#Version
(x86) HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
(x86) HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid32
(x86) HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib
(x86) HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib#Version
(x86) HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
(x86) HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
(x86) HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
(x86) HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
(x86) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
(x86) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
(x86) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
(x86) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
(x86) HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
(x86) HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid32
(x86) HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib
(x86) HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib#Version
(x86) HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
(x86) HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid32
(x86) HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib
(x86) HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib#Version
(x86) HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
(x86) HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
(x86) HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib
(x86) HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib#Version
(x86) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
(x86) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
(x86) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib
(x86) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib#Version
(x86) HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
(x86) HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
(x86) HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
(x86) HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
(x86) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
(x86) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
(x86) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
(x86) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
(x86) HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
(x86) HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid32
(x86) HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib
(x86) HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib#Version
(x86) HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
(x86) HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid32
(x86) HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib
(x86) HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib#Version
(x86) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
(x86) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
(x86) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
(x86) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version
(x86) HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
(x86) HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
(x86) HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
(x86) HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
(x86) HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
(x86) HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
(x86) HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
(x86) HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
(x86) HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
(x86) HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
(x86) HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
(x86) HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
(x86) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
(x86) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
(x86) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
(x86) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
(x86) HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
(x86) HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid32
(x86) HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib
(x86) HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib#Version
(x86) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
(x86) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid32
(x86) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib
(x86) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib#Version
(x86) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
(x86) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid32
(x86) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib
(x86) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib#Version
(x86) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
(x86) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid32
(x86) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib
(x86) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib#Version
(x86) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
(x86) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32
(x86) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib
(x86) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib#Version
(x86) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
(x86) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid32
(x86) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib
(x86) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib#Version
(x86) HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
(x86) HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid32
(x86) HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib
(x86) HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib#Version
(x86) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
(x86) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ProxyStubClsid32
(x86) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib
(x86) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib#Version
(x86) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
(x86) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid32
(x86) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib
(x86) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib#Version
(x86) HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
(x86) HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
(x86) HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
(x86) HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
(x86) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
(x86) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
(x86) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
(x86) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
(x86) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
(x86) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid32
(x86) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib
(x86) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib#Version
(x86) HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
(x86) HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid32
(x86) HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib
(x86) HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib#Version
(x86) HKLM\Software\FocusInteractive
(x86) HKLM\Software\FocusInteractive\bar
(x86) HKLM\Software\FocusInteractive\bar\Switches
(x86) HKLM\Software\FocusInteractive\bar\Switches#ok
(x86) HKLM\Software\FocusInteractive\bar\Switches#od
(x86) HKLM\Software\FocusInteractive\bar\Switches#nk
(x86) HKLM\Software\FocusInteractive\bar\Switches#nd
(x86) HKLM\Software\FocusInteractive\bar\Switches#incmail.exe
(x86) HKLM\Software\FocusInteractive\bar\Switches#msimn.exe
(x86) HKLM\Software\FocusInteractive\bar\Switches#msn.exe
(x86) HKLM\Software\FocusInteractive\bar\Switches#outlook.exe
(x86) HKLM\Software\FocusInteractive\bar\Switches#waol.exe
(x86) HKLM\Software\FocusInteractive\bar\Switches#aim.exe
(x86) HKLM\Software\FocusInteractive\bar\Switches#icq.exe
(x86) HKLM\Software\FocusInteractive\bar\Switches#icqlite.exe
(x86) HKLM\Software\FocusInteractive\bar\Switches#msmsgs.exe
(x86) HKLM\Software\FocusInteractive\bar\Switches#msnmsgr.exe
(x86) HKLM\Software\FocusInteractive\bar\Switches#ypager.exe
(x86) HKLM\Software\FocusInteractive\bar\Switches#b2.exe
(x86) HKLM\Software\FocusInteractive\bar\Switches#googletalk.exe
(x86) HKLM\Software\FocusInteractive\bar\Switches#winmail.exe
(x86) HKLM\Software\FocusInteractive\bar\Switches#winmail.exe.mui
(x86) HKLM\Software\FocusInteractive\bar\Switches#mwsSrcAs.dll
(x86) HKLM\Software\FocusInteractive\bar\Switches#ua
(x86) HKLM\Software\FocusInteractive\bar\Switches#au
(x86) HKLM\Software\FocusInteractive\bar\Switches#ps
(x86) HKLM\Software\FocusInteractive\bar\Switches#nodns
(x86) HKLM\Software\FocusInteractive\bar\Switches#ffTabs
(x86) HKLM\Software\FocusInteractive\bar\Switches#hpp
(x86) HKLM\Software\FocusInteractive\Email-IM
(x86) HKLM\Software\FocusInteractive\Email-IM\0
(x86) HKLM\Software\FocusInteractive\Email-IM\0#Toolbar
(x86) HKLM\Software\FocusInteractive\Email-IM\0#AppName
(x86) HKLM\Software\FocusInteractive\Email-IM\0#Path
(x86) HKLM\Software\FocusInteractive\Outlook
(x86) HKLM\Software\FocusInteractive\Outlook#MyWebSearch.OutlookAddin
(x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall
(x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#DisplayName
(x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#HelpLink
(x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#Publisher
(x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#UninstallString
(x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#UrlInfoAbout
(x86) HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService
(x86) HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#Type
(x86) HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#Start
(x86) HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#ErrorControl
(x86) HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#ImagePath
(x86) HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#DisplayName
(x86) HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#WOW64
(x86) HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#ObjectName
C:\Program Files (x86)\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
C:\Program Files (x86)\MyWebSearch\bar\1.bin\chrome
C:\Program Files (x86)\MyWebSearch\bar\1.bin\CHROME.MANIFEST
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3REGHK.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
C:\Program Files (x86)\MyWebSearch\bar\1.bin\INSTALL.RDF
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3IEOVR.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3MEDINT.EXE
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKNLCR.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3TPINST.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\ThirdPartyInstallers\SymcPCCUInstaller.exe
C:\Program Files (x86)\MyWebSearch\bar\1.bin\ThirdPartyInstallers\SymcPCCUInstaller.log
C:\Program Files (x86)\MyWebSearch\bar\1.bin\ThirdPartyInstallers

descriptionInfected by iliti virus & possible others... EmptyRe: Infected by iliti virus & possible others...

more_horiz
(SUPERANTISPYWARE LOG CONTINUED)

C:\Program Files (x86)\MyWebSearch\bar\1.bin
C:\Program Files (x86)\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files (x86)\MyWebSearch\bar\Avatar
C:\Program Files (x86)\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files (x86)\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files (x86)\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files (x86)\MyWebSearch\bar\Game
C:\Program Files (x86)\MyWebSearch\bar\gen1\COMMON.F3S
C:\Program Files (x86)\MyWebSearch\bar\gen1
C:\Program Files (x86)\MyWebSearch\bar\History
C:\Program Files (x86)\MyWebSearch\bar\icons\CM.ICO
C:\Program Files (x86)\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files (x86)\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files (x86)\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files (x86)\MyWebSearch\bar\icons\WB.ICO
C:\Program Files (x86)\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files (x86)\MyWebSearch\bar\icons
C:\Program Files (x86)\MyWebSearch\bar\IE9Mesg\COMMON.F3S
C:\Program Files (x86)\MyWebSearch\bar\IE9Mesg
C:\Program Files (x86)\MyWebSearch\bar\jsifb\COMMON.F3S
C:\Program Files (x86)\MyWebSearch\bar\jsifb
C:\Program Files (x86)\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files (x86)\MyWebSearch\bar\Message
C:\Program Files (x86)\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files (x86)\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files (x86)\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files (x86)\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files (x86)\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files (x86)\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files (x86)\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files (x86)\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files (x86)\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files (x86)\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files (x86)\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files (x86)\MyWebSearch\bar\Notifier
C:\Program Files (x86)\MyWebSearch\bar\Overlay\COMMON.F3S
C:\Program Files (x86)\MyWebSearch\bar\Overlay
C:\Program Files (x86)\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files (x86)\MyWebSearch\bar\Settings
C:\Program Files (x86)\MyWebSearch\bar\wbnotify\COMMON.F3S
C:\Program Files (x86)\MyWebSearch\bar\wbnotify
C:\Program Files (x86)\MyWebSearch\bar
C:\Program Files (x86)\MyWebSearch
C:\Program Files (x86)\FunWebProducts\Installr\1.bin\chrome
C:\Program Files (x86)\FunWebProducts\Installr\1.bin
C:\Program Files (x86)\FunWebProducts\Installr
C:\Program Files (x86)\FunWebProducts\ScreenSaver\Images
C:\Program Files (x86)\FunWebProducts\ScreenSaver
C:\Program Files (x86)\FunWebProducts
(x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Run#My Web Search Bar Search Scope Monitor [ "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h ]
(x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Run#MyWebSearch Email Plugin [ C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe ]
(x86) HKLM\Software\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
(x86) HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
(x86) HKLM\Software\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
(x86) HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
(x86) HKLM\Software\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
(x86) HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
(x86) HKLM\Software\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
(x86) HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
(x86) HKLM\Software\Classes\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}
(x86) HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}
(x86) HKLM\Software\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
(x86) HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
(x86) HKLM\Software\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
(x86) HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
(x86) HKU\S-1-5-21-2349935502-4117598282-3216927103-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
(x86) HKU\S-1-5-21-2349935502-4117598282-3216927103-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
C:\PROGRAM FILES (X86)\WINDOWS LIVE\MESSENGER\MSIMG32.DLL
C:\PROGRAM FILES (X86)\WINDOWS LIVE\MESSENGER\RICHED20.DLL
(x86) HKCR\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}
(x86) HKCR\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
(x86) HKCR\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
(x86) HKCR\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
(x86) HKCR\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
(x86) HKCR\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}\ProxyStubClsid32
(x86) HKCR\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}\TypeLib
(x86) HKCR\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}\TypeLib#Version
(x86) HKCR\Interface\{AAA9C380-E19A-4436-88F6-02942C31CC9E}
(x86) HKCR\Interface\{AAA9C380-E19A-4436-88F6-02942C31CC9E}\ProxyStubClsid32
(x86) HKCR\Interface\{AAA9C380-E19A-4436-88F6-02942C31CC9E}\TypeLib
(x86) HKCR\Interface\{AAA9C380-E19A-4436-88F6-02942C31CC9E}\TypeLib#Version
(x86) HKCR\Interface\{AAA9C381-E19A-4436-88F6-02942C31CC9E}
(x86) HKCR\Interface\{AAA9C381-E19A-4436-88F6-02942C31CC9E}\ProxyStubClsid32
(x86) HKCR\Interface\{AAA9C381-E19A-4436-88F6-02942C31CC9E}\TypeLib
(x86) HKCR\Interface\{AAA9C381-E19A-4436-88F6-02942C31CC9E}\TypeLib#Version

Adware.Tracking Cookie
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\USF6TSX0.txt [ /ads.pixfuture.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\WKPE8ERA.txt [ /network.realmedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\Z4TSJB6A.txt [ /steelhousemedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\HQ8JFBZR.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\CQJI9V6U.txt [ /www.pornhub.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\CDMMCQHY.txt [ /statcounter.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\JSV6V0SU.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\W1710B7T.txt [ /linksynergy.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\X62BC0QK.txt [ /2o7.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\XS96GC7W.txt [ /atdmt.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\MLAW9BEI.txt [ /porninspector.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\WTLKAUTE.txt [ /at.atwola.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\I6OCWS2T.txt [ /ads.undertone.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\10F3L7VN.txt [ /realmedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\LDOCBC1J.txt [ /girls-with-no-panties.666sexting.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\MOBI8RWF.txt [ /yourpornpal.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\7SOF9EQB.txt [ /clicksor.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\X88AGTVO.txt [ /ad-g.doubleclick.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\KJ4IYX2E.txt [ /liveperson.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\S7MNIOYU.txt [ /ads.adgoto.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\L9WUO2G8.txt [ /andomedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\HX26E73P.txt [ /ads.trafficjunky.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\MFVXT9TI.txt [ /247realmedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\8ZB8K1NH.txt [ /lucidmedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\DF65CST9.txt [ /questionmarket.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\PR20ZSPR.txt [ /revsci.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\TWWK6VAV.txt [ /casalemedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\9WWMNG3C.txt [ /dc.tremormedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\T28NWWZ0.txt [ /trafficmp.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\TU04CT7N.txt [ /citygridmedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\AILBQU3E.txt [ /imrworldwide.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\DC5YFS94.txt [ /collective-media.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\N2661NIF.txt [ /c.gigcount.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\ZOKRRLR6.txt [ /serving-sys.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\GVGFY47C.txt [ /ads.gamerpublishing.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\KXR8OQ3B.txt [ /adfarm1.adition.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\4RYMZGBO.txt [ /adinterax.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\TSNLZCQF.txt [ /tribalfusion.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\EZG6O97H.txt [ /adxpose.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\7OAKCGJ4.txt [ /delivery.trafficjunky.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\F5095340.txt [ /apmebf.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\96GPJTFX.txt [ /ads.us.e-planning.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\XYJE5VFY.txt [ /media6degrees.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\RN7VW0S1.txt [ /adlegend.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\PTDUNYRQ.txt [ /insightexpressai.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\9CCGHPEV.txt [ /clickbank.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\EAB6HJYR.txt [ /sexandfunstuff.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\97E0JO2W.txt [ /sexandfunstuff.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\44779OTJ.txt [ /insight.torbit.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\6EGZGTDW.txt [ /liveperson.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\IT4XCQNO.txt [ /ox-d.mediaforge.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\63DGWY5N.txt [ /adtech.de ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\AH53OOE7.txt [ /mediaplex.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\2538E3ZV.txt [ /tradedoubler.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\MOFN502H.txt [ /ru4.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\CMX5NCK9.txt [ /ads.crakmedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\Q6UUQNZQ.txt [ /specificclick.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\W4F6DMYM.txt [ /www.profimedia.si ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\SXY8TG19.txt [ /intermundomedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\10B4BIBE.txt [ /ad.360yield.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\38PE87UP.txt [ /mywebsearch.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\3J3TC9ZH.txt [ /adbrite.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\0CURUEVN.txt [ /pro-market.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\TO2S7SXM.txt [ /fastclick.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\FU2K135P.txt [ /ads.pubmatic.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\UPST1S09.txt [ /enoratraffic.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\M1EJ09Q3.txt [ /tacoda.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\AGGZHV2E.txt [ /ad.yieldmanager.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\8563HYS9.txt [ /accounts.google.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\5F76I6KH.txt [ /advertising.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\WCY19X64.txt [ /yieldmanager.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\DYMWAMSE.txt [ /bs.serving-sys.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\3UKYTWFZ.txt [ /ads.pointroll.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\CQWB2191.txt [ /myroitracking.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\LE4HDN8K.txt [ /pbteen.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\TCTR9TWQ.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\UKFDG8UR.txt [ /ads.intergi.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\DKIGT0FF.txt [ /doubleclick.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\AEH80Y8C.txt [ /perfectnaked.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\RKN199M7.txt [ /pornhub.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\4SMSUF3T.txt [ /adserver.adtechus.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\ZGWGKUYS.txt [ /zedo.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\O4PAPL1C.txt [ /adultfriendfinder.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\ER5E7MTD.txt [ /server.cpmstar.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\DOP0GBCQ.txt [ /ad2.adfarm1.adition.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\6GJWC0M4.txt [ /pointroll.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\41XY8U71.txt [ /statse.webtrendslive.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\AU8ZO7SQ.txt [ /saymedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\3BTWMC3M.txt [ /hearstmagazines.112.2o7.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\MKIR2YS8.txt [ /ads.corecpm.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\MULEAM2C.txt [ /liveperson.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\O3RKO2QF.txt [ /ads.meredithads.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\YBAQK931.txt [ /invitemedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\KF8YQSSB.txt [ /counter13.sextracker.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\YKYLYV87.txt [ /e-2dj6wjnycid5sfp.stats.esomniture.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\10H5VX2H.txt [ /banners.battleon.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\AAIO0WFE.txt [ /a1.interclick.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\J14WO7SY.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\4NOK2RVS.txt [ /ads.ookla.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\1TGEQDQQ.txt [ /sales.liveperson.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\N3GGZLIZ.txt [ /ads.saymedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\KBMPQ2IC.txt [ /freshtrackz.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\KKJOGLWZ.txt [ /media.adfrontiers.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\0NRPUXBX.txt [ /ads.cartoonnetwork.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\5KD48L0W.txt [ /track.mdsmatch.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\OQKOZ5P0.txt [ /clickfuse.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\L3JULXYK.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\DKYVUPOR.txt [ /roomandboard.122.2o7.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\ZU52YHGQ.txt [ /pcworldcommunication.122.2o7.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\X0HH9H5I.txt [ /accounts.youtube.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\G9JFHNYM.txt [ /amazon-adsystem.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\6FB3RZLN.txt [ /e2itg.pbteen.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\VM48EJI2.txt [ /burstnet.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\ZYRY9PJU.txt [ /kontera.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\AWVFAC3L.txt [ /ad.wsod.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\G4KU0R57.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\Z6AID0DN.txt [ /statsadv.dadapro.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\JJMFUB6Y.txt [ /yuppitraffic.info ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\VRDCMQQ1.txt [ /jeetyetmedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\DI2R7BXP.txt [ /openx.jeetyetmedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\LTNFXIVM.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\JK19HFX5.txt [ /liveperson.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\1MXN6N3E.txt [ /googleads.g.doubleclick.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\5HMLVZL3.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\FFDP94CC.txt [ /server.iad.liveperson.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\N2141NT9.txt [ /track.grmtracking.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\73BZGMBL.txt [ /sales.liveperson.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\O0MS2GSE.txt [ /e-2dj6wjliwidjibp.stats.esomniture.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\CDIIABQM.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\NJTTME9I.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\3FVP2AQE.txt [ /mediaservices-d.openxenterprise.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\3NMM64FT.txt [ /mediatraffic.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\RO3APUVT.txt [ /www.burstnet.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\K1S339ZT.txt [ /yadro.ru ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\HWAUG3GX.txt [ /interclick.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\93VL6R11.txt [ /cn.clickable.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\9TXSYHLU.txt [ /ero-advertising.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\Z5ZXCJ65.txt [ /technoratimedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\D7XKZJ2J.txt [ /e-2dj6wfliskdjifo.stats.esomniture.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\VCFUD0SX.txt [ /test.sem-tracking-analytics.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\UAVXLTLN.txt [ /sextracker.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\5G3JT2O5.txt [ /doubleclick.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\N86UH6FX.txt [ /tacoda.at.atwola.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\U3HJ31G1.txt [ /www.pbteen.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\XGZ0614J.txt [ /lfstmedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\U0UZ7WDV.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\KY36U5HF.txt [ /traveladvertising.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\38APQR33.txt [ /sexandfunstuff.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\X0HAAHFL.txt [ /dmtracker.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\P91M7EC2.txt [ /in.getclicky.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\DBE96TTG.txt [ /citi.bridgetrack.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\2O6SZN5T.txt [ /ad.doubleclick.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\50Q2NYP4.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\MD131AGQ.txt [ /tptracks.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\7P0HD2EY.txt [ /tracking.secure-offer.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\B7P0NPSN.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\T2JFS2VZ.txt [ /ad.yieldmanager.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\BGHYPRES.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\NXQZLQJ0.txt [ /edge.jeetyetmedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\64CUQR5I.txt [ /clickbooth.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\0JAPJHJK.txt [ /atwola.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\D9I76VHI.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\LT690A1X.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\55HEH8WI.txt [ /hyatt.112.2o7.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\QZU27YMF.txt [ /liveperson.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\NWPTKJE5.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\3MUL3TZY.txt [ /legolas-media.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\L2QQP621.txt [ /sandbox.mlnadvertising.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\M6GJX923.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\BOYYVPWS.txt [ /stat.dealtime.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\MHJ7SDTD.txt [ /ar.atwola.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\ETLQO9E7.txt [ /mediaforge.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\QAFVCZPR.txt [ /tracking.alwaysdownloads.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\Q9PSG0MV.txt [ /view.atdmt.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\AKFMPN17.txt [ /track.linktraker.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\8PMYKAUQ.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\1BUTPWZE.txt [ /liveperson.net ]
C:\USERS\FABFROMMFAMILY\AppData\Roaming\Microsoft\Windows\Cookies\ZEM7WD8I.txt [ Cookie:fabfrommfamily@adsonar.com/adserving ]
C:\USERS\FABFROMMFAMILY\AppData\Roaming\Microsoft\Windows\Cookies\15PPBE4W.txt [ Cookie:fabfrommfamily@cricket-stumps.com/cpvtrack/ ]
C:\USERS\FABFROMMFAMILY\AppData\Roaming\Microsoft\Windows\Cookies\NTER4IYD.txt [ Cookie:fabfrommfamily@www.google.com/accounts ]
C:\USERS\FABFROMMFAMILY\AppData\Roaming\Microsoft\Windows\Cookies\Low\UROZTRS8.txt [ Cookie:fabfrommfamily@us.adserver.yahoo.com/ ]
C:\USERS\FABFROMMFAMILY\AppData\Roaming\Microsoft\Windows\Cookies\Low\XH26TN2O.txt [ Cookie:fabfrommfamily@accounts.google.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\WKPE8ERA.txt [ Cookie:fabfrommfamily@network.realmedia.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\Z4TSJB6A.txt [ Cookie:fabfrommfamily@steelhousemedia.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\HQ8JFBZR.txt [ Cookie:fabfrommfamily@www.googleadservices.com/pagead/conversion/1071207814/ ]
C:\USERS\FABFROMMFAMILY\Cookies\CQJI9V6U.txt [ Cookie:fabfrommfamily@www.pornhub.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\CDMMCQHY.txt [ Cookie:fabfrommfamily@statcounter.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\JSV6V0SU.txt [ Cookie:fabfrommfamily@www.googleadservices.com/pagead/conversion/1072034639/ ]
C:\USERS\FABFROMMFAMILY\Cookies\X62BC0QK.txt [ Cookie:fabfrommfamily@2o7.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\WTLKAUTE.txt [ Cookie:fabfrommfamily@at.atwola.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\10F3L7VN.txt [ Cookie:fabfrommfamily@realmedia.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\LDOCBC1J.txt [ Cookie:fabfrommfamily@girls-with-no-panties.666sexting.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\X88AGTVO.txt [ Cookie:fabfrommfamily@ad-g.doubleclick.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\KJ4IYX2E.txt [ Cookie:fabfrommfamily@liveperson.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\L9WUO2G8.txt [ Cookie:fabfrommfamily@andomedia.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\HX26E73P.txt [ Cookie:fabfrommfamily@ads.trafficjunky.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\MFVXT9TI.txt [ Cookie:fabfrommfamily@247realmedia.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\8ZB8K1NH.txt [ Cookie:fabfrommfamily@lucidmedia.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\TWWK6VAV.txt [ Cookie:fabfrommfamily@casalemedia.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\9WWMNG3C.txt [ Cookie:fabfrommfamily@dc.tremormedia.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\T28NWWZ0.txt [ Cookie:fabfrommfamily@trafficmp.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\AILBQU3E.txt [ Cookie:fabfrommfamily@imrworldwide.com/cgi-bin ]
C:\USERS\FABFROMMFAMILY\Cookies\DC5YFS94.txt [ Cookie:fabfrommfamily@collective-media.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\N2661NIF.txt [ Cookie:fabfrommfamily@c.gigcount.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\ZOKRRLR6.txt [ Cookie:fabfrommfamily@serving-sys.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\TSNLZCQF.txt [ Cookie:fabfrommfamily@tribalfusion.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\EZG6O97H.txt [ Cookie:fabfrommfamily@adxpose.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\7OAKCGJ4.txt [ Cookie:fabfrommfamily@delivery.trafficjunky.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\F5095340.txt [ Cookie:fabfrommfamily@apmebf.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\XYJE5VFY.txt [ Cookie:fabfrommfamily@media6degrees.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\RN7VW0S1.txt [ Cookie:fabfrommfamily@adlegend.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\PTDUNYRQ.txt [ Cookie:fabfrommfamily@insightexpressai.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\9CCGHPEV.txt [ Cookie:fabfrommfamily@clickbank.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\EAB6HJYR.txt [ Cookie:fabfrommfamily@sexandfunstuff.com/wp-content/plugins ]
C:\USERS\FABFROMMFAMILY\Cookies\97E0JO2W.txt [ Cookie:fabfrommfamily@sexandfunstuff.com/wp-admin ]
C:\USERS\FABFROMMFAMILY\Cookies\44779OTJ.txt [ Cookie:fabfrommfamily@insight.torbit.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\6EGZGTDW.txt [ Cookie:fabfrommfamily@liveperson.net/hc/65168756 ]
C:\USERS\FABFROMMFAMILY\Cookies\IT4XCQNO.txt [ Cookie:fabfrommfamily@ox-d.mediaforge.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\63DGWY5N.txt [ Cookie:fabfrommfamily@adtech.de/ ]
C:\USERS\FABFROMMFAMILY\Cookies\AH53OOE7.txt [ Cookie:fabfrommfamily@mediaplex.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\MOFN502H.txt [ Cookie:fabfrommfamily@ru4.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\CMX5NCK9.txt [ Cookie:fabfrommfamily@ads.crakmedia.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\W4F6DMYM.txt [ Cookie:fabfrommfamily@www.profimedia.si/ ]
C:\USERS\FABFROMMFAMILY\Cookies\SXY8TG19.txt [ Cookie:fabfrommfamily@intermundomedia.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\3J3TC9ZH.txt [ Cookie:fabfrommfamily@adbrite.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\0CURUEVN.txt [ Cookie:fabfrommfamily@pro-market.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\UPST1S09.txt [ Cookie:fabfrommfamily@enoratraffic.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\M1EJ09Q3.txt [ Cookie:fabfrommfamily@tacoda.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\AGGZHV2E.txt [ Cookie:fabfrommfamily@ad.yieldmanager.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\8563HYS9.txt [ Cookie:fabfrommfamily@accounts.google.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\5F76I6KH.txt [ Cookie:fabfrommfamily@advertising.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\WCY19X64.txt [ Cookie:fabfrommfamily@yieldmanager.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\DYMWAMSE.txt [ Cookie:fabfrommfamily@bs.serving-sys.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\CQWB2191.txt [ Cookie:fabfrommfamily@myroitracking.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\TCTR9TWQ.txt [ Cookie:fabfrommfamily@www.googleadservices.com/pagead/conversion/1004023078/ ]
C:\USERS\FABFROMMFAMILY\Cookies\DKIGT0FF.txt [ Cookie:fabfrommfamily@doubleclick.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\AEH80Y8C.txt [ Cookie:fabfrommfamily@perfectnaked.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\4SMSUF3T.txt [ Cookie:fabfrommfamily@adserver.adtechus.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\ZGWGKUYS.txt [ Cookie:fabfrommfamily@zedo.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\O4PAPL1C.txt [ Cookie:fabfrommfamily@adultfriendfinder.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\ER5E7MTD.txt [ Cookie:fabfrommfamily@server.cpmstar.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\41XY8U71.txt [ Cookie:fabfrommfamily@statse.webtrendslive.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\AU8ZO7SQ.txt [ Cookie:fabfrommfamily@saymedia.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\3BTWMC3M.txt [ Cookie:fabfrommfamily@hearstmagazines.112.2o7.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\MULEAM2C.txt [ Cookie:fabfrommfamily@liveperson.net/hc/76226072 ]
C:\USERS\FABFROMMFAMILY\Cookies\KF8YQSSB.txt [ Cookie:fabfrommfamily@counter13.sextracker.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\AAIO0WFE.txt [ Cookie:fabfrommfamily@a1.interclick.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\1TGEQDQQ.txt [ Cookie:fabfrommfamily@sales.liveperson.net/hc/76226072 ]
C:\USERS\FABFROMMFAMILY\Cookies\N3GGZLIZ.txt [ Cookie:fabfrommfamily@ads.saymedia.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\KBMPQ2IC.txt [ Cookie:fabfrommfamily@freshtrackz.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\KKJOGLWZ.txt [ Cookie:fabfrommfamily@media.adfrontiers.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\5KD48L0W.txt [ Cookie:fabfrommfamily@track.mdsmatch.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\OQKOZ5P0.txt [ Cookie:fabfrommfamily@clickfuse.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\L3JULXYK.txt [ Cookie:fabfrommfamily@www.googleadservices.com/pagead/conversion/950659976/ ]
C:\USERS\FABFROMMFAMILY\Cookies\ZU52YHGQ.txt [ Cookie:fabfrommfamily@pcworldcommunication.122.2o7.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\X0HH9H5I.txt [ Cookie:fabfrommfamily@accounts.youtube.com/accounts ]
C:\USERS\FABFROMMFAMILY\Cookies\G9JFHNYM.txt [ Cookie:fabfrommfamily@amazon-adsystem.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\VM48EJI2.txt [ Cookie:fabfrommfamily@burstnet.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\ZEM7WD8I.txt [ Cookie:fabfrommfamily@adsonar.com/adserving ]
C:\USERS\FABFROMMFAMILY\Cookies\ZYRY9PJU.txt [ Cookie:fabfrommfamily@kontera.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\G4KU0R57.txt [ Cookie:fabfrommfamily@www.googleadservices.com/pagead/conversion/1005156572/ ]
C:\USERS\FABFROMMFAMILY\Cookies\JJMFUB6Y.txt [ Cookie:fabfrommfamily@yuppitraffic.info/ ]
C:\USERS\FABFROMMFAMILY\Cookies\VRDCMQQ1.txt [ Cookie:fabfrommfamily@jeetyetmedia.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\1MXN6N3E.txt [ Cookie:fabfrommfamily@googleads.g.doubleclick.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\5HMLVZL3.txt [ Cookie:fabfrommfamily@www.googleadservices.com/pagead/conversion/1003715244/ ]
C:\USERS\FABFROMMFAMILY\Cookies\FFDP94CC.txt [ Cookie:fabfrommfamily@server.iad.liveperson.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\N2141NT9.txt [ Cookie:fabfrommfamily@track.grmtracking.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\73BZGMBL.txt [ Cookie:fabfrommfamily@sales.liveperson.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\O0MS2GSE.txt [ Cookie:fabfrommfamily@e-2dj6wjliwidjibp.stats.esomniture.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\CDIIABQM.txt [ Cookie:fabfrommfamily@www.googleadservices.com/pagead/conversion/1015654723/ ]
C:\USERS\FABFROMMFAMILY\Cookies\NJTTME9I.txt [ Cookie:fabfrommfamily@www.googleadservices.com/pagead/conversion/1049231994/ ]
C:\USERS\FABFROMMFAMILY\Cookies\3NMM64FT.txt [ Cookie:fabfrommfamily@mediatraffic.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\RO3APUVT.txt [ Cookie:fabfrommfamily@www.burstnet.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\K1S339ZT.txt [ Cookie:fabfrommfamily@yadro.ru/ ]
C:\USERS\FABFROMMFAMILY\Cookies\15PPBE4W.txt [ Cookie:fabfrommfamily@cricket-stumps.com/cpvtrack/ ]
C:\USERS\FABFROMMFAMILY\Cookies\93VL6R11.txt [ Cookie:fabfrommfamily@cn.clickable.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\9TXSYHLU.txt [ Cookie:fabfrommfamily@ero-advertising.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\Z5ZXCJ65.txt [ Cookie:fabfrommfamily@technoratimedia.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\D7XKZJ2J.txt [ Cookie:fabfrommfamily@e-2dj6wfliskdjifo.stats.esomniture.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\VCFUD0SX.txt [ Cookie:fabfrommfamily@test.sem-tracking-analytics.com/test/ ]
C:\USERS\FABFROMMFAMILY\Cookies\UAVXLTLN.txt [ Cookie:fabfrommfamily@sextracker.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\NTER4IYD.txt [ Cookie:fabfrommfamily@www.google.com/accounts ]
C:\USERS\FABFROMMFAMILY\Cookies\5G3JT2O5.txt [ Cookie:fabfrommfamily@doubleclick.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\N86UH6FX.txt [ Cookie:fabfrommfamily@tacoda.at.atwola.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\U0UZ7WDV.txt [ Cookie:fabfrommfamily@www.googleadservices.com/pagead/conversion/954880626/ ]
C:\USERS\FABFROMMFAMILY\Cookies\KY36U5HF.txt [ Cookie:fabfrommfamily@traveladvertising.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\X0HAAHFL.txt [ Cookie:fabfrommfamily@dmtracker.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\P91M7EC2.txt [ Cookie:fabfrommfamily@in.getclicky.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\2O6SZN5T.txt [ Cookie:fabfrommfamily@ad.doubleclick.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\50Q2NYP4.txt [ Cookie:fabfrommfamily@www.googleadservices.com/pagead/conversion/1072428849/ ]
C:\USERS\FABFROMMFAMILY\Cookies\MD131AGQ.txt [ Cookie:fabfrommfamily@tptracks.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\T2JFS2VZ.txt [ Cookie:fabfrommfamily@ad.yieldmanager.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\BGHYPRES.txt [ Cookie:fabfrommfamily@www.googleadservices.com/pagead/conversion/1069659075/ ]
C:\USERS\FABFROMMFAMILY\Cookies\NXQZLQJ0.txt [ Cookie:fabfrommfamily@edge.jeetyetmedia.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\64CUQR5I.txt [ Cookie:fabfrommfamily@clickbooth.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\0JAPJHJK.txt [ Cookie:fabfrommfamily@atwola.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\LT690A1X.txt [ Cookie:fabfrommfamily@www.googleadservices.com/pagead/conversion/1041121092/ ]
C:\USERS\FABFROMMFAMILY\Cookies\55HEH8WI.txt [ Cookie:fabfrommfamily@hyatt.112.2o7.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\QZU27YMF.txt [ Cookie:fabfrommfamily@liveperson.net/hc/40112812 ]
C:\USERS\FABFROMMFAMILY\Cookies\NWPTKJE5.txt [ Cookie:fabfrommfamily@www.googleadservices.com/pagead/conversion/972663539/ ]
C:\USERS\FABFROMMFAMILY\Cookies\3MUL3TZY.txt [ Cookie:fabfrommfamily@legolas-media.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\L2QQP621.txt [ Cookie:fabfrommfamily@sandbox.mlnadvertising.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\BOYYVPWS.txt [ Cookie:fabfrommfamily@stat.dealtime.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\ETLQO9E7.txt [ Cookie:fabfrommfamily@mediaforge.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\QAFVCZPR.txt [ Cookie:fabfrommfamily@tracking.alwaysdownloads.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\Q9PSG0MV.txt [ Cookie:fabfrommfamily@view.atdmt.com/UJ3/iview/403345096/direct/01/ ]
C:\USERS\FABFROMMFAMILY\Cookies\AKFMPN17.txt [ Cookie:fabfrommfamily@track.linktraker.com/ ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]

PUP.Gamevance
(x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26D675AC-D925-4bbf-A720-62C2AA4A81EB}
(x86) HKCR\CLSID\{26D675AC-D925-4BBF-A720-62C2AA4A81EB}
(x86) HKCR\CLSID\{26D675AC-D925-4BBF-A720-62C2AA4A81EB}
(x86) HKCR\CLSID\{26D675AC-D925-4BBF-A720-62C2AA4A81EB}\InprocServer32
(x86) HKCR\CLSID\{26D675AC-D925-4BBF-A720-62C2AA4A81EB}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{26D675AC-D925-4BBF-A720-62C2AA4A81EB}\ProgID
(x86) HKCR\CLSID\{26D675AC-D925-4BBF-A720-62C2AA4A81EB}\Programmable
(x86) HKCR\CLSID\{26D675AC-D925-4BBF-A720-62C2AA4A81EB}\TypeLib
(x86) HKCR\CLSID\{26D675AC-D925-4BBF-A720-62C2AA4A81EB}\VersionIndependentProgID
(x86) HKCR\RivalGaming.Module.1
(x86) HKCR\RivalGaming.Module.1\CLSID
(x86) HKCR\RivalGaming.Module
(x86) HKCR\RivalGaming.Module\CLSID
(x86) HKCR\RivalGaming.Module\CurVer
(x86) HKCR\TypeLib\{275DA4CE-9717-4da7-B19B-490CB937718F}
(x86) HKCR\TypeLib\{275DA4CE-9717-4da7-B19B-490CB937718F}\1.0
(x86) HKCR\TypeLib\{275DA4CE-9717-4da7-B19B-490CB937718F}\1.0\0
(x86) HKCR\TypeLib\{275DA4CE-9717-4da7-B19B-490CB937718F}\1.0\0\win32
(x86) HKCR\TypeLib\{275DA4CE-9717-4da7-B19B-490CB937718F}\1.0\FLAGS
(x86) HKCR\TypeLib\{275DA4CE-9717-4da7-B19B-490CB937718F}\1.0\HELPDIR
C:\USERS\FABFROMMFAMILY\APPDATA\LOCAL\RIVALGAMING\RIVALGAMING.DLL
(x86) HKU\S-1-5-21-2349935502-4117598282-3216927103-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26D675AC-D925-4BBF-A720-62C2AA4A81EB}
(x86) HKCR\Interface\{DECB1BC9-7B19-411B-85B7-2B9FF33E2BE7}
(x86) HKCR\Interface\{DECB1BC9-7B19-411B-85B7-2B9FF33E2BE7}\ProxyStubClsid32
(x86) HKCR\Interface\{DECB1BC9-7B19-411B-85B7-2B9FF33E2BE7}\TypeLib
(x86) HKCR\Interface\{DECB1BC9-7B19-411B-85B7-2B9FF33E2BE7}\TypeLib#Version
(x86) HKCR\Interface\{F03DA033-A35C-4F66-8849-5F68A181F632}
(x86) HKCR\Interface\{F03DA033-A35C-4F66-8849-5F68A181F632}\ProxyStubClsid32
(x86) HKCR\Interface\{F03DA033-A35C-4F66-8849-5F68A181F632}\TypeLib
(x86) HKCR\Interface\{F03DA033-A35C-4F66-8849-5F68A181F632}\TypeLib#Version

PUP.MyWebSearch-Installer
C:\USERS\FABFROMMFAMILY\APPDATA\LOCALLOW\FUNWEBPRODUCTS\INSTALLR\CACHE\5018827C.EXE

descriptionInfected by iliti virus & possible others... EmptyRe: Infected by iliti virus & possible others...

more_horiz
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.23.08

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
FabFrommFamily :: LIBRARY [administrator]

8/23/2012 8:20:43 PM
mbam-log-2012-08-23 (20-20-43).txt

Scan type: Full scan (C:\|J:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 444757
Time elapsed: 46 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 47
HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.MultipleButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.MultipleButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.SkinLauncher (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.SkinLauncher.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.SkinLauncherSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.SkinLauncherSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.UrlAlertButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.UrlAlertButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (PUP.MyWebSearch) -> Data: C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform|FunWebProducts (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\Users\FabFrommFamily\AppData\LocalLow\Chimpoo_3aEI\Installr\Cache\02A5DF83.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.
J:\old computer files\My Documents\FLVPlayerSetup-1.exe (Adware.Agent) -> Quarantined and deleted successfully.
J:\old computer files\My Documents\FLVPlayerSetup-2.exe (Adware.Agent) -> Quarantined and deleted successfully.
J:\old computer files\My Documents\FLVPlayerSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

descriptionInfected by iliti virus & possible others... EmptyRe: Infected by iliti virus & possible others...

more_horiz
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49606DC7-976D-4030-A74E-9FB5C842FA68}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49606DC7-976D-4030-A74E-9FB5C842FA68}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7931b63e-6ba3-4f38-9d55-5b518a03be02}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7931b63e-6ba3-4f38-9d55-5b518a03be02}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00A6FAF6-072E-44cf-8957-5838F569A31D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\ not found.
File C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{02A9B082-D8E6-4AB1-9ABA-4656B853E300}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02A9B082-D8E6-4AB1-9ABA-4656B853E300}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7931b63e-6ba3-4f38-9d55-5b518a03be02}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7931b63e-6ba3-4f38-9d55-5b518a03be02}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B8EEB896-B588-46AF-ACBE-40CAB69FCE39}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8EEB896-B588-46AF-ACBE-40CAB69FCE39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F631367A-31A0-437C-8821-AEB57AB46912}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F631367A-31A0-437C-8821-AEB57AB46912}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ not found.
File C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ not found.
File C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26D675AC-D925-4bbf-A720-62C2AA4A81EB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26D675AC-D925-4bbf-A720-62C2AA4A81EB}\ not found.
File C:\Users\FabFrommFamily\AppData\Local\RivalGaming\RivalGaming.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ not found.
File C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ not found.
File C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar Search Scope Monitor not found.
File C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin not found.
File C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE not found.
Error: Unable to interpret <:folders> in the current context!
Error: Unable to interpret in the current context!
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.56.0 log created on 08232012_220006

descriptionInfected by iliti virus & possible others... EmptyRe: Infected by iliti virus & possible others...

more_horiz
OK - I believe all instructions were followed... thanks for helping - awaiting further instructions.

descriptionInfected by iliti virus & possible others... EmptyRe: Infected by iliti virus & possible others...

more_horiz
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
********************************************************
Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Infected by iliti virus & possible others... AswMBR_Scan

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

Infected by iliti virus & possible others... AswMBR_SaveLog

On completion of the scan click save log, save it to your desktop and post in your next reply.

descriptionInfected by iliti virus & possible others... EmptyRe: Infected by iliti virus & possible others...

more_horiz
Results of screen317's Security Check version 0.99.46
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Smart PC Cleaner v3.0
Java(TM) 6 Update 34
Java version out of Date!
Adobe Reader X (10.1.4)
Mozilla Firefox (14.0.1)
Google Chrome 21.0.1180.83
````````Process Check: objlist.exe by Laurent````````
SecurityCheck.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

descriptionInfected by iliti virus & possible others... EmptyRe: Infected by iliti virus & possible others...

more_horiz
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-24 15:30:23
-----------------------------
15:30:23.625 OS Version: Windows x64 6.1.7601 Service Pack 1
15:30:23.625 Number of processors: 8 586 0x2A07
15:30:23.625 ComputerName: LIBRARY UserName:
15:30:32.283 Initialize success
15:31:21.224 AVAST engine defs: 12082402
15:31:45.775 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:31:45.775 Disk 0 Vendor: ST320006 CC44 Size: 1907729MB BusType: 3
15:31:45.791 Disk 0 MBR read successfully
15:31:45.791 Disk 0 MBR scan
15:31:45.791 Disk 0 Windows VISTA default MBR code
15:31:45.791 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
15:31:45.807 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 23258 MB offset 81920
15:31:45.822 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 1884430 MB offset 47714304
15:31:45.838 Disk 0 scanning C:\Windows\system32\drivers
15:31:53.061 Service scanning
15:32:05.182 Modules scanning
15:32:05.182 Disk 0 trace - called modules:
15:32:05.197 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:32:05.197 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800e4f4060]
15:32:05.197 3 CLASSPNP.SYS[fffff880018a643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800d4c6050]
15:32:14.027 AVAST engine scan C:\Windows
15:32:19.487 Disk 0 MBR has been saved successfully to "C:\Virus Removal 001\MBR.dat"
15:32:19.503 The log file has been saved successfully to "C:\Virus Removal 001\aswMBR2.txt"


descriptionInfected by iliti virus & possible others... EmptyRe: Infected by iliti virus & possible others...

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum