Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

overclick hijacked my browser [Moved]


  • Please log in to reply
14 replies to this topic

#1 kstevens100

kstevens100

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 30 July 2009 - 05:52 PM

When I do a Google search and click on the search results...I get re-directed to overclick.cn and the browser window is empty. I see this issue has been resolved on this site on a case by case basis. I am hoping you can help me as well. I have a laptop that is not infected, so I can stay on the internet while this computer is being diagnosed and fixed. I'd like to know how to keep this from happening again, as well as know what damage/information may have been done to or stole from my computer.

Thanks in advance for your help.

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:32 PM

Posted 30 July 2009 - 06:13 PM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 kstevens100

kstevens100
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 30 July 2009 - 06:17 PM

Isn't this actually an infection? I run Spybot and tell it to remove overclick.cn. It gives me the option, but overclick doesn't go away.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:32 PM

Posted 30 July 2009 - 08:42 PM

Hello this is mostly affected by a rootkit. Please run thes tools next and psot back 2 logs.

Next run ATF and SAS:

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.



Next ROOTREPEAL

Next Please install RootRepeal
Note: Vista users ,, right click on desktop icon and select "Run as Administrator."
Fatdcuk at Malwarebytes posted a comprehensive tutorial - Self Help guide can be found here if needed.: Malwarebytes Removal and Self Help Guides.

Go HERE, and download RootRepeal.zip to your Desktop.
Tutorial with images ,if needed >> L@@K.
Unzip that,(7-zip tool if needed) and then click RootRepeal.exe to open the scanner.
Next click on the Report tab, now click on Scan. A Window will open asking what to include in the scan. Check all of the below and then click OK.

Drivers
Files
Processes
Not this >>> SSDT
Stealth Objects
Hidden Services


Now you'll be asked which drive to scan. Check C: and click OK again and the scan will start. Please be patient as the scan runs. When the scan has finished, click on Save Report.
Name the log RootRepeal.txt and save it to your Documents folder (it should automatically save it there).
Please copy and paste that into your next reply.

Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to High
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 kstevens100

kstevens100
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 30 July 2009 - 10:37 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/30/2009 at 11:20 PM

Application Version : 4.27.1000

Core Rules Database Version : 4030
Trace Rules Database Version: 1970

Scan type : Quick Scan
Total Scan Time : 00:51:05

Memory items scanned : 226
Memory threats detected : 0
Registry items scanned : 565
Registry threats detected : 780
File items scanned : 31615
File threats detected : 110

Trojan.Dropper/SVCHost-Fake
[svchost.exe] \SVCHOST.EXE
\SVCHOST.EXE
[svchost.exe] \SVCHOST.EXE
C:\SVCHOST.EXE

Adware.MyWebSearch
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\Programmable
C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
HKU\S-1-5-21-2058687031-2366360530-3097277543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKU\S-1-5-21-2058687031-2366360530-3097277543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-21-2058687031-2366360530-3097277543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-21-2058687031-2366360530-3097277543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable

Trojan.Unclassified/Helper-DD
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}
HKCR\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}
HKCR\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}
HKCR\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}#AppID
HKCR\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}\InprocServer32
HKCR\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}\InprocServer32#ThreadingModel
HKCR\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}\ProgID
HKCR\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}\Programmable
HKCR\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}\TypeLib
HKCR\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}\VersionIndependentProgID
HKCR\main.BHO.1
HKCR\main.BHO.1\CLSID
HKCR\main.BHO
HKCR\main.BHO\CLSID
HKCR\main.BHO\CurVer
HKCR\TypeLib\{8E3C68CD-F500-4A2A-8CB9-132BB38C3573}
HKCR\TypeLib\{8E3C68CD-F500-4A2A-8CB9-132BB38C3573}\1.0
HKCR\TypeLib\{8E3C68CD-F500-4A2A-8CB9-132BB38C3573}\1.0\0
HKCR\TypeLib\{8E3C68CD-F500-4A2A-8CB9-132BB38C3573}\1.0\0\win32
HKCR\TypeLib\{8E3C68CD-F500-4A2A-8CB9-132BB38C3573}\1.0\FLAGS
HKCR\TypeLib\{8E3C68CD-F500-4A2A-8CB9-132BB38C3573}\1.0\HELPDIR
C:\PROGRAM FILES\COMMON\HELPER.DLL
HKU\S-1-5-21-2058687031-2366360530-3097277543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}
HKCR\Interface\{986A8AC1-AB4D-4F41-9068-4B01C0197867}
HKCR\Interface\{986A8AC1-AB4D-4F41-9068-4B01C0197867}\ProxyStubClsid
HKCR\Interface\{986A8AC1-AB4D-4F41-9068-4B01C0197867}\ProxyStubClsid32
HKCR\Interface\{986A8AC1-AB4D-4F41-9068-4B01C0197867}\TypeLib
HKCR\Interface\{986A8AC1-AB4D-4F41-9068-4B01C0197867}\TypeLib#Version

Trojan.Dropper/Sys-NV
HKLM\System\ControlSet001\Services\msupdate
C:\WINDOWS\SYSTEM32\VHOSTS.EXE
HKLM\System\ControlSet001\Enum\Root\LEGACY_msupdate
HKLM\System\ControlSet003\Services\msupdate
HKLM\System\ControlSet003\Enum\Root\LEGACY_msupdate
HKLM\System\CurrentControlSet\Services\msupdate
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_msupdate

Trojan.Unknown Origin
HKLM\SYSTEM\CurrentControlSet\Enum\Root\legacy_msupdate#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\legacy_msupdate\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\legacy_msupdate\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\legacy_msupdate\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\legacy_msupdate\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\legacy_msupdate\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\legacy_msupdate\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\legacy_msupdate\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Services\msupdate#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\msupdate#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\msupdate#Description
HKLM\SYSTEM\CurrentControlSet\Services\msupdate#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\msupdate#Start
HKLM\SYSTEM\CurrentControlSet\Services\msupdate#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\msupdate#Type
HKLM\SYSTEM\CurrentControlSet\Services\msupdate\Enum
HKLM\SYSTEM\CurrentControlSet\Services\msupdate\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\msupdate\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\msupdate\Enum#NextInstance

Adware.MyWebSearch/FunWebProducts
HKLM\SOFTWARE\Fun Web Products
HKLM\SOFTWARE\Fun Web Products#JpegConversionLib
HKLM\SOFTWARE\Fun Web Products#CacheDir
HKLM\SOFTWARE\Fun Web Products\MSNMessenger
HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLFile
HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLDir
HKLM\SOFTWARE\Fun Web Products\ScreenSaver
HKLM\SOFTWARE\Fun Web Products\ScreenSaver#ImagesDir
HKLM\SOFTWARE\Fun Web Products\Settings
HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn
HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#LastHTMLMenuURL
HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#HTMLMenuRevision
HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#ETag
HKLM\SOFTWARE\Fun Web Products\Settings\MailStampBtn
HKLM\SOFTWARE\Fun Web Products\Settings\MailStampBtn#LastHTMLMenuURL
HKLM\SOFTWARE\Fun Web Products\Settings\MailStampBtn#HTMLMenuRevision
HKLM\SOFTWARE\Fun Web Products\Settings\MailStampBtn#ETag
HKLM\SOFTWARE\Fun Web Products\Settings\MyStationeryBtn
HKLM\SOFTWARE\Fun Web Products\Settings\MyStationeryBtn#LastHTMLMenuURL
HKLM\SOFTWARE\Fun Web Products\Settings\MyStationeryBtn#HTMLMenuRevision
HKLM\SOFTWARE\Fun Web Products\Settings\MyStationeryBtn#ETag
HKLM\SOFTWARE\Fun Web Products\Settings\Promos
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.numActive
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.0
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqNone
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.numActive
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.0
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqUninstalled
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive2
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.1
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.2
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.3
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.4
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.5
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.6
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.7
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuPosDeleted
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#LastHTMLMenuURL
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuRevision
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#ETag
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#iexplore.exe.pos
HKU\S-1-5-21-2058687031-2366360530-3097277543-1003\SOFTWARE\FunWebProducts
HKLM\SOFTWARE\FunWebProducts
HKLM\SOFTWARE\FunWebProducts\Installer
HKLM\SOFTWARE\FunWebProducts\Installer#Dir
HKLM\SOFTWARE\FunWebProducts\Installer#CurInstall
HKLM\SOFTWARE\FunWebProducts\Installer#sr
HKLM\SOFTWARE\FunWebProducts\Installer#pl
HKLM\SOFTWARE\FunWebProducts\Installer#CheckForConnection
HKLM\SOFTWARE\FunWebProducts\Installer#CacheDir
HKLM\SOFTWARE\FunWebProducts\Installer\downloaded
HKU\S-1-5-21-2058687031-2366360530-3097277543-1003\SOFTWARE\MyWebSearch
HKLM\SOFTWARE\MyWebSearch
HKLM\SOFTWARE\MyWebSearch\bar
HKLM\SOFTWARE\MyWebSearch\bar#Maximized
HKLM\SOFTWARE\MyWebSearch\bar#Visible
HKLM\SOFTWARE\MyWebSearch\bar#pid
HKLM\SOFTWARE\MyWebSearch\bar#fwp
HKLM\SOFTWARE\MyWebSearch\bar#mwsask
HKLM\SOFTWARE\MyWebSearch\bar#un
HKLM\SOFTWARE\MyWebSearch\bar#tiec
HKLM\SOFTWARE\MyWebSearch\bar#Dir
HKLM\SOFTWARE\MyWebSearch\bar#PluginPath
HKLM\SOFTWARE\MyWebSearch\bar#CurInstall
HKLM\SOFTWARE\MyWebSearch\bar#SettingsDir
HKLM\SOFTWARE\MyWebSearch\bar#sr
HKLM\SOFTWARE\MyWebSearch\bar#pl
HKLM\SOFTWARE\MyWebSearch\bar#Id
HKLM\SOFTWARE\MyWebSearch\bar#CacheDir
HKLM\SOFTWARE\MyWebSearch\bar#ConfigRevision
HKLM\SOFTWARE\MyWebSearch\bar#ConfigRevisionURL
HKLM\SOFTWARE\MyWebSearch\bar#ConfigDateStamp
HKLM\SOFTWARE\MyWebSearch\bar#HTMLMenuRevision
HKLM\SOFTWARE\MyWebSearch\bar#sscSet
HKLM\SOFTWARE\MyWebSearch\bar#sscLabel
HKLM\SOFTWARE\MyWebSearch\bar#sscURL
HKLM\SOFTWARE\MyWebSearch\bar#SearchProvider
HKLM\SOFTWARE\MyWebSearch\bar#NextConfigRequest
HKLM\SOFTWARE\MyWebSearch\bar#LastConfigRequest
HKLM\SOFTWARE\MyWebSearch\bar#Flags
HKLM\SOFTWARE\MyWebSearch\bar#HistoryDir
HKLM\SOFTWARE\MyWebSearch\MWSOEMON
HKLM\SOFTWARE\MyWebSearch\MWSOEMON#Version
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG#Version
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG#Path
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG#StandardSmileyDir.AIM
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.numActive2
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.0
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.1
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.2
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.3
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.4
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.5
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.6
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.7
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.numActive
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.numActive2
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.0.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.1.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.2.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.3.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.4.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.5.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.6.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.7.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.8.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.9.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.10.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.11.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.12.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.numActive
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.numActive2
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.0.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.1.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.2.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.3.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.4.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.5.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.6.old
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.numActive2
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.0
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.1
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.2
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.3
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.4
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.5
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.6
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.7
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.numActive2
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.0
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.1
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.2
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.3
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.4
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.5
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.6
HKLM\SOFTWARE\MyWebSearch\OEHosts
HKLM\SOFTWARE\MyWebSearch\OEHosts#boscript
HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows8
HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows2
HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows3
HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows4
HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows5
HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows6
HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows7
HKLM\SOFTWARE\MyWebSearch\SearchAssistant
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pid
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#fwp
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#mwsask
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#Dir
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#esh
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#lsp
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#CurInstall
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#sr
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pl
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#Id
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ConfigDateStamp
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ABS
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#DES
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#sscEnabled
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#eintl
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#NextRequest
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#LastRequest
HKLM\SOFTWARE\MyWebSearch\SkinTools
HKLM\SOFTWARE\MyWebSearch\SkinTools#PlayerPath
HKCR\FunWebProducts.DataControl
HKCR\FunWebProducts.DataControl\CLSID
HKCR\FunWebProducts.DataControl\CurVer
HKCR\FunWebProducts.DataControl.1
HKCR\FunWebProducts.DataControl.1\CLSID
HKCR\FunWebProducts.HistoryKillerScheduler
HKCR\FunWebProducts.HistoryKillerScheduler\CLSID
HKCR\FunWebProducts.HistoryKillerScheduler\CurVer
HKCR\FunWebProducts.HistoryKillerScheduler.1
HKCR\FunWebProducts.HistoryKillerScheduler.1\CLSID
HKCR\FunWebProducts.HistorySwatterControlBar
HKCR\FunWebProducts.HistorySwatterControlBar\CLSID
HKCR\FunWebProducts.HistorySwatterControlBar\CurVer
HKCR\FunWebProducts.HistorySwatterControlBar.1
HKCR\FunWebProducts.HistorySwatterControlBar.1\CLSID
HKCR\FunWebProducts.HTMLMenu
HKCR\FunWebProducts.HTMLMenu\CLSID
HKCR\FunWebProducts.HTMLMenu\CurVer
HKCR\FunWebProducts.HTMLMenu.1
HKCR\FunWebProducts.HTMLMenu.1\CLSID
HKCR\FunWebProducts.HTMLMenu.2
HKCR\FunWebProducts.HTMLMenu.2\CLSID
HKCR\FunWebProducts.IECookiesManager
HKCR\FunWebProducts.IECookiesManager\CLSID
HKCR\FunWebProducts.IECookiesManager\CurVer
HKCR\FunWebProducts.IECookiesManager.1
HKCR\FunWebProducts.IECookiesManager.1\CLSID
HKCR\FunWebProducts.KillerObjManager
HKCR\FunWebProducts.KillerObjManager\CLSID
HKCR\FunWebProducts.KillerObjManager\CurVer
HKCR\FunWebProducts.KillerObjManager.1
HKCR\FunWebProducts.KillerObjManager.1\CLSID
HKCR\FunWebProducts.PopSwatterBarButton
HKCR\FunWebProducts.PopSwatterBarButton\CLSID
HKCR\FunWebProducts.PopSwatterBarButton\CurVer
HKCR\FunWebProducts.PopSwatterBarButton.1
HKCR\FunWebProducts.PopSwatterBarButton.1\CLSID
HKCR\FunWebProducts.PopSwatterSettingsControl
HKCR\FunWebProducts.PopSwatterSettingsControl\CLSID
HKCR\FunWebProducts.PopSwatterSettingsControl\CurVer
HKCR\FunWebProducts.PopSwatterSettingsControl.1
HKCR\FunWebProducts.PopSwatterSettingsControl.1\CLSID
HKCR\MyWebSearch.ChatSessionPlugin
HKCR\MyWebSearch.ChatSessionPlugin\CLSID
HKCR\MyWebSearch.ChatSessionPlugin\CurVer
HKCR\MyWebSearch.ChatSessionPlugin.1
HKCR\MyWebSearch.ChatSessionPlugin.1\CLSID
HKCR\MyWebSearch.HTMLPanel
HKCR\MyWebSearch.HTMLPanel\CLSID
HKCR\MyWebSearch.HTMLPanel\CurVer
HKCR\MyWebSearch.HTMLPanel.1
HKCR\MyWebSearch.HTMLPanel.1\CLSID
HKCR\MyWebSearch.OutlookAddin
HKCR\MyWebSearch.OutlookAddin\CLSID
HKCR\MyWebSearch.OutlookAddin\CurVer
HKCR\MyWebSearch.OutlookAddin.1
HKCR\MyWebSearch.OutlookAddin.1\CLSID
HKCR\MyWebSearch.PseudoTransparentPlugin
HKCR\MyWebSearch.PseudoTransparentPlugin\CLSID
HKCR\MyWebSearch.PseudoTransparentPlugin\CurVer
HKCR\MyWebSearch.PseudoTransparentPlugin.1
HKCR\MyWebSearch.PseudoTransparentPlugin.1\CLSID
HKCR\MyWebSearchToolBar.SettingsPlugin
HKCR\MyWebSearchToolBar.SettingsPlugin\CLSID
HKCR\MyWebSearchToolBar.SettingsPlugin\CurVer
HKCR\MyWebSearchToolBar.SettingsPlugin.1
HKCR\MyWebSearchToolBar.SettingsPlugin.1\CLSID
HKCR\MyWebSearchToolBar.ToolbarPlugin
HKCR\MyWebSearchToolBar.ToolbarPlugin\CLSID
HKCR\MyWebSearchToolBar.ToolbarPlugin\CurVer
HKCR\MyWebSearchToolBar.ToolbarPlugin.1
HKCR\MyWebSearchToolBar.ToolbarPlugin.1\CLSID
HKCR\ScreenSaverControl.ScreenSaverInstaller
HKCR\ScreenSaverControl.ScreenSaverInstaller\CLSID
HKCR\ScreenSaverControl.ScreenSaverInstaller\CurVer
HKCR\ScreenSaverControl.ScreenSaverInstaller.1
HKCR\ScreenSaverControl.ScreenSaverInstaller.1\CLSID
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Control
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus\1
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\ProgID
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Programmable
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\TypeLib
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Version
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\VersionIndependentProgID
HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\InprocServer32
HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\InprocServer32#ThreadingModel
HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\ProgID
HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\Programmable
HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\TypeLib
HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\VersionIndependentProgID
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Implemented Categories
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\InprocServer32
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\InprocServer32#ThreadingModel
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance#CLSID
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance\InitPropertyBag
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance\InitPropertyBag#Url
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\Control
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\InprocServer32
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\InprocServer32#ThreadingModel
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\MiscStatus
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\MiscStatus\1
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\ProgID
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\Programmable
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\TypeLib
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\Version
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\VersionIndependentProgID
HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\InprocServer32
HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\InprocServer32#ThreadingModel
HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\ProgID
HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\VersionIndependentProgID
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\Control
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\InprocServer32
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\InprocServer32#ThreadingModel
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\MiscStatus
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\MiscStatus\1
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\ProgID
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\Programmable
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\TypeLib
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\Version
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\VersionIndependentProgID
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32#ThreadingModel
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\ProgID
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\Programmable
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\TypeLib
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\VersionIndependentProgID
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\InprocServer32
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\InprocServer32#ThreadingModel
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\ProgID
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\Programmable
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\VersionIndependentProgID
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Control
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Version
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Control
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\ProgID
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Version
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\VersionIndependentProgID
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Control
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Version
HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}
HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32
HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32#ThreadingModel
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\InprocServer32
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\InprocServer32#ThreadingModel
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\ProgID
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\Programmable
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\TypeLib
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\VersionIndependentProgID
HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}\InprocServer32
HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}\InprocServer32#ThreadingModel
HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\InprocServer32
HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\InprocServer32#ThreadingModel
HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\ProgID
HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\VersionIndependentProgID
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\InprocServer32
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\InprocServer32#ThreadingModel
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\MiscStatus
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\MiscStatus\1
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\ProgID
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\Programmable
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\TypeLib
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\Version
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\VersionIndependentProgID
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\InprocServer32
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\InprocServer32#ThreadingModel
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\Programmable
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\TypeLib
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32#ThreadingModel
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\ProgID
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\Programmable
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\VersionIndependentProgID
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\InprocServer32
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\InprocServer32#ThreadingModel
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\MiscStatus
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\MiscStatus\1
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\ProgID
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\Programmable
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\TypeLib
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\Version
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\VersionIndependentProgID
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\InprocServer32
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\InprocServer32#ThreadingModel
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\MiscStatus
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\MiscStatus\1
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\ProgID
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\Programmable
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\TypeLib
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\Version
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\VersionIndependentProgID
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\InprocServer32
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\InprocServer32#ThreadingModel
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\ProgID
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\Programmable
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\TypeLib
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\VersionIndependentProgID
HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}
HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\InprocServer32
HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\InprocServer32#ThreadingModel
HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\Programmable
HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\TypeLib
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\Control
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\InprocServer32
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\InprocServer32#ThreadingModel
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\MiscStatus
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\MiscStatus\1
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\ProgID
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\Programmable
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\TypeLib
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\Version
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\VersionIndependentProgID
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\0
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\0\win32
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\FLAGS
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\HELPDIR
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\0
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\0\win32
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\FLAGS
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\HELPDIR
HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}
HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0
HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\0
HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\0\win32
HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\FLAGS
HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\HELPDIR
HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}
HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0
HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\0
HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\0\win32
HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\FLAGS
HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\HELPDIR
HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0
HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\0
HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\0\win32
HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\FLAGS
HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\HELPDIR
HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0
HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\0
HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\0\win32
HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\FLAGS
HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\HELPDIR
HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}
HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0
HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\0
HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\0\win32
HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\FLAGS
HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\HELPDIR
HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}
HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0
HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\0
HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\0\win32
HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\FLAGS
HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\HELPDIR
HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0
HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\0
HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\0\win32
HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\FLAGS
HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\HELPDIR
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\0
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\0\win32
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\FLAGS
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\HELPDIR
HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0
HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\0
HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\0\win32
HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\FLAGS
HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\HELPDIR
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid
HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid32
HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib
HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib#Version
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid32
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib#Version
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid32
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib#Version
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid32
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib#Version
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid32
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib#Version
HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid32
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib#Version
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid32
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib#Version
HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid
HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib
HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib#Version
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib#Version
HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid
HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid32
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib#Version
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid32
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib#Version
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version
HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid32
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib#Version
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid32
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib#Version
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid32
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib#Version
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid32
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib#Version
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid32
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib#Version
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid32
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib#Version
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ProxyStubClsid
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ProxyStubClsid32
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib#Version
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid32
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib#Version
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid32
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib#Version
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid32
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib#Version
HKLM\Software\FocusInteractive
HKLM\Software\FocusInteractive\bar
HKLM\Software\FocusInteractive\bar\Switches
HKLM\Software\FocusInteractive\bar\Switches#incmail.exe
HKLM\Software\FocusInteractive\bar\Switches#msimn.exe
HKLM\Software\FocusInteractive\bar\Switches#msn.exe
HKLM\Software\FocusInteractive\bar\Switches#outlook.exe
HKLM\Software\FocusInteractive\bar\Switches#waol.exe
HKLM\Software\FocusInteractive\bar\Switches#aim.exe
HKLM\Software\FocusInteractive\bar\Switches#icq.exe
HKLM\Software\FocusInteractive\bar\Switches#icqlite.exe
HKLM\Software\FocusInteractive\bar\Switches#msmsgs.exe
HKLM\Software\FocusInteractive\bar\Switches#msnmsgr.exe
HKLM\Software\FocusInteractive\bar\Switches#ypager.exe
HKLM\Software\FocusInteractive\bar\Switches#au
HKLM\Software\FocusInteractive\bar\Switches#mwsSrcAs.dll
HKLM\Software\FocusInteractive\bar\Switches#ok
HKLM\Software\FocusInteractive\bar\Switches#od
HKLM\Software\FocusInteractive\bar\Switches#nk
HKLM\Software\FocusInteractive\bar\Switches#nd
HKLM\Software\FocusInteractive\Email-IM
HKLM\Software\FocusInteractive\Email-IM\0
HKLM\Software\FocusInteractive\Email-IM\0#Toolbar
HKLM\Software\FocusInteractive\Email-IM\0#AppName
HKLM\Software\FocusInteractive\Email-IM\0#Path
HKLM\Software\FocusInteractive\Outlook
HKLM\Software\FocusInteractive\Outlook#MyWebSearch.OutlookAddin
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#UrlInfoAbout
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\1.bin
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Avatar
C:\Program Files\MyWebSearch\bar\Cache\01365E58
C:\Program Files\MyWebSearch\bar\Cache\01366175
C:\Program Files\MyWebSearch\bar\Cache\0136656D
C:\Program Files\MyWebSearch\bar\Cache\013667AF
C:\Program Files\MyWebSearch\bar\Cache\1F09967E
C:\Program Files\MyWebSearch\bar\Cache\1F09A033.bin
C:\Program Files\MyWebSearch\bar\Cache\1F09A5B1.bin
C:\Program Files\MyWebSearch\bar\Cache\1F09A9F7.bin
C:\Program Files\MyWebSearch\bar\Cache\1F09ABBC.bin
C:\Program Files\MyWebSearch\bar\Cache\1F09ADFE.bin
C:\Program Files\MyWebSearch\bar\Cache\20050001.bin
C:\Program Files\MyWebSearch\bar\Cache\20050DCD.bin
C:\Program Files\MyWebSearch\bar\Cache\20050F44.bin
C:\Program Files\MyWebSearch\bar\Cache\2005109B.bin
C:\Program Files\MyWebSearch\bar\Cache\20051CF0
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Cache
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\Game
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\History
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\icons
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Message
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Notifier
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings
C:\Program Files\MyWebSearch\bar
C:\Program Files\MyWebSearch\SrchAstt\1.bin
C:\Program Files\MyWebSearch\SrchAstt
C:\Program Files\MyWebSearch
C:\Program Files\FunWebProducts\ScreenSaver\Images
C:\Program Files\FunWebProducts\ScreenSaver
C:\Program Files\FunWebProducts\Shared\305885E4.dat
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\FunWebProducts\Shared\Cache
C:\Program Files\FunWebProducts\Shared
C:\Program Files\FunWebProducts

Rootkit.RunTime2
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\runtime2.sys
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\runtime2.sys

Rootkit.Unclassified/SysDamp-Traces
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Reserved
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Reserved
C:\WINDOWS\system32\svcp.csv

Rootkit.Unclassified/KR_Done
C:\WINDOWS\system32\kr_done1
C:\WINDOWS\system32\vx.tll

Trojan.Dropper/Win-NV
C:\WINDOWS\BOT.EXE

Trojan.Downloader-Gen
C:\WINDOWS\SYSTEM32\WINSUB.XML

#6 kstevens100

kstevens100
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 31 July 2009 - 07:46 AM

Hi there - my browser is still being re-directed to marketing sites...including overclick.cn Do you have any other suggestions?

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:32 PM

Posted 31 July 2009 - 09:00 AM

Yes ,we still need to run ROOTREPEAL. Even thiough we removed a lot we still have some worl to do be get it all.


Next Please install RootRepeal
Note: Vista users ,, right click on desktop icon and select "Run as Administrator."
Fatdcuk at Malwarebytes posted a comprehensive tutorial - Self Help guide can be found here if needed.: Malwarebytes Removal and Self Help Guides.

Go HERE, and download RootRepeal.zip to your Desktop.
Tutorial with images ,if needed >> L@@K.
Unzip that,(7-zip tool if needed) and then click RootRepeal.exe to open the scanner.
Next click on the Report tab, now click on Scan. A Window will open asking what to include in the scan. Check all of the below and then click OK.

Drivers
Files
Processes
Not this >>> SSDT
Stealth Objects
Hidden Services


Now you'll be asked which drive to scan. Check C: and click OK again and the scan will start. Please be patient as the scan runs. When the scan has finished, click on Save Report.
Name the log RootRepeal.txt and save it to your Documents folder (it should automatically save it there).
Please copy and paste that into your next reply.

Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to High

Edited by boopme, 31 July 2009 - 09:01 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 kstevens100

kstevens100
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 31 July 2009 - 09:49 AM

I won't have access to my computer for a few days, so I will try this when I get back. Thanks again for your help. I will follow up with you.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:32 PM

Posted 31 July 2009 - 10:34 AM

Ok, then after RootRepeal run MBAm and post both logs..
Next run MBAM (MalwareBytes):

NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 kstevens100

kstevens100
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 03 August 2009 - 06:31 PM

Hi - I am back. I tried the rootrepeal.googlepages.com/rootrepeal.rar link, and the following message appears "The bandwidth or page view limit for this site ha been exceeded and the page cannot be viewed at this time. Once the site is below the limit, it will once again begin serving as normal."

I found another copy on geekstogo.com via a link from technibble.com.

downloaded rootrepeal. Unzipped it. Clicked on icon of magnifying glass and selected "run". Says "initializing" but then never does. Screen eventually goes dark. Tried four times. Think it is a memory issue?

OK - couple of hours in, and still trying to get rootrepeal to initialize. Right clicked on icon, and asked it to open as Windows 2000 (I am running XP). I at least got the program to open, but got an error message. Any way, I moved the disk access slider to high. Since no files showed under the file tab, I had to close the program ... right click on the program icon and change it back to XP. Then computer locked up again. Got to "initializing please wait..." Then black screen again.

OK - another half hour in, and I've tried everything including installing a new version. I guess they've not worked out all of their bugs with rootrepeal. I have XP SP2. Rootrepair just won't initialize - no matter what I try. Look forward to hearing from you in the A.M.

Thanks

Edited by kstevens100, 03 August 2009 - 08:52 PM.


#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:32 PM

Posted 03 August 2009 - 08:32 PM

Ok ,let's try a different one and see.
Please download Sophos Anti-rootkit & save it to your desktop.
alternate download link
Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.
  • Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now". Click Yes.
  • Make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click Start scan.
  • Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
  • When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
  • Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
    • Files tagged as Removable: No are not marked for removal and cannot be removed.
    • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
    • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
  • Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
  • A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
  • After reboot, a dialog box displays the files you selected for removal and the action taken.
  • Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
  • When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
  • This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\\Local Settings\Temp\.
Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 kstevens100

kstevens100
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 03 August 2009 - 11:27 PM

They didn't recommend any to be deleted... here is the log...

Sophos Anti-Rootkit Version 1.5.0 2009 Sophos Plc
Started logging on 8/3/2009 at 22:55:07 PM
User "Owner" on computer "DESKTOP"
Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x300 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SKYNETwqodnhkv
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SKYNETwqodnhkv
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\WINDOWS\Temp\SKYNETchvvyynpfn.tmp
Hidden: file C:\WINDOWS\system32\SKYNETlog.dat
Hidden: file C:\WINDOWS\Temp\SKYNETvwvxfbuxay.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETfejvfcsslu.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETxksiontofw.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETjbgvuggito.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETtnayaphxoe.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETgdbfsrbknm.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETuxtkosvhtb.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETpjkikbpxmx.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETghmosdplra.tmp
Hidden: file C:\WINDOWS\system32\SKYNETwbkvljxc.dll
Hidden: file C:\WINDOWS\Temp\SKYNETtatkgrlgas.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETpgtdnuwmqg.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETibcoglprpo.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETdrphuielcp.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETjsibadnfth.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETideobtpfnd.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETjalhfbutio.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETsukglfbqix.tmp
Hidden: file C:\WINDOWS\Temp\SKYNEThbenyeyqaq.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETswtipmvave.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETotnjokuprm.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETknhtspunpr.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETtbdwqbuxym.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETeqplbnhrfw.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETbudomxipxj.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETofreamdvgy.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETpdrbvlorpt.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETfgvpftibvo.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETqfqrncyect.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETiwhwxypdbu.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETawtwiqqnmp.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETkwvtomwkgt.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETjxbttxgslg.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETygcnlxlklo.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETtqtfvghttb.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETpcchgvpoeb.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETkygwfgyvda.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETjrxgphhfpl.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETnpsrdibtqg.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETctqbvspmtv.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETyomcdnkoxi.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETffyfvbesev.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETipoxrcopep.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETdjuuofxstu.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETcjnixojkgx.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETfejnvxojeg.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETehsgpsxikr.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETpsfefdkntk.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETohwdyqvoqp.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETcapicmssmj.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETmcsaajeoyx.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETefxncxevxb.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETufvronwvok.tmp
Hidden: file C:\WINDOWS\Temp\SKYNEThcdhoddfyu.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETriexdsvnsr.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETrrlofksoju.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETcucbqouqdu.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETmrqqrftiyv.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETqpgrpiqeyt.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETqouoixxplb.tmp
Hidden: file C:\WINDOWS\SkyNet.exe
Hidden: file C:\WINDOWS\Temp\SKYNETlwrxbayood.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETofoacyhfmg.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETnsyamlnydc.tmp
Hidden: file C:\WINDOWS\system32\SKYNETjwxrbnuj.dat
Hidden: file C:\WINDOWS\Temp\SKYNETipafvmvmup.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETlhdbpqlywl.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETttbmeupccn.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETqdclmkacer.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETrtpthxnxba.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETbbetttbqru.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETvntafuyxby.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETlvksxxnqqx.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETeashqyblje.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETvkerxtorpd.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETrrujthxtia.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETdekkqfulqi.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETshfhqxhppd.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETsmsrbkeyxv.tmp
Hidden: file C:\WINDOWS\system32\sdra64.exe
Hidden: file C:\WINDOWS\Temp\SKYNEThtixpnsrio.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETkjmhmahoqm.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETekkxerikjr.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETdxmykgdlrw.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETwedkvrcxtm.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETqrpanylnki.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETlxufhwkomc.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETtaridqxgmt.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETnefprvlrft.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETyojceyalft.tmp
Hidden: file C:\WINDOWS\Temp\SKYNEThwvpkpllhc.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETbweoxmuyap.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETctmpqaceyv.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETkvskqgvyso.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETiwgrffqbgu.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETqpicggupoq.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETtmbndjfqql.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETljwyaqfvhc.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETnkeygcrykc.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETwirmpqqqex.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETbteapfhhhe.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETkkygfuoyxc.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETamjlutksxv.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETwhluowctmw.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETvnjreuajhw.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETtxuwgyfsiq.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETbbwmhbgech.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETtjvyfrtvnv.tmp
Hidden: file C:\WINDOWS\Temp\SKYNEThwmirdnpyp.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETnonanxprsa.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETkmfovgrwpv.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETylwfnbeqys.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETiihutlrpcj.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETxfauppwxrf.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETbhaxveioje.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETeydsvsemle.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETaxdythqscc.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETgexceffbxq.tmp
Hidden: file C:\WINDOWS\Temp\SKYNEThxajbslrky.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETbewxbgxqrb.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETpbjevoglmy.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETcgpcejpagg.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETdwlwvfqjxt.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETvpopumewee.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETfnwhfsqxom.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETgtxjlelles.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETwtsjqsppyo.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETsgrcinxeoi.tmp
Hidden: file C:\WINDOWS\Temp\SKYNEToxdoucxhia.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETiqbiwqwbir.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETtbeoljdgjv.tmp
Hidden: file C:\WINDOWS\Temp\SKYNEToijqeidudr.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETyrovdgbxqf.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETbjhotimxik.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETakdkipbjyj.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETskmfdstgic.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETulqymjaeom.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETcejkywpbkk.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETryranywdpc.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETxlefnfjaxg.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETpbmvsfreio.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETusymbieuwf.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETkfjtauceuc.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETfhacmqctnf.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETndpklninqx.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETfrqbnprfse.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETmfpabyjbxr.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETdmjrjhrxch.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETmbeervbvpw.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETyiumrivnqr.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETuknrdknqmn.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETifielvpcle.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETlgpfbmaxjy.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETptlrxycvvp.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETawmejhudmi.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETscfxcibmtt.tmp
Hidden: file C:\WINDOWS\Temp\SKYNEThxbisfbvrx.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETstgesgsbqj.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETjqigrnjalf.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETjtbmxsmsas.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETvrvdseelun.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETdiwnulwngh.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETiprpjjrqqj.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETgpdjvafxdt.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETnrpyeeyynb.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETfufjersddv.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETiptfrilbnv.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETsglnnptddm.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETamigmtcmdo.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETnufrktoldh.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETreoqpweqnu.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETsyhsqguqpi.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETgoexhturmx.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETeegwvtvtjg.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETofvkwlwfvi.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETsiyeckhglh.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETpcynulmmyi.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETmrbnjfwkip.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETpbrkycycdf.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETuhpaonwjcn.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETlnmbpeaynp.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETjbusibbnyd.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETntclaxbpha.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETahtcedlaxv.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETwsimwbniqr.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETpjyxoktvsm.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETsufwnwuqaw.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETpwclshuuax.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETvlpbbupuxo.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETvlfthesfym.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETakwakwxhaq.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETnhrcmvbdfg.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETblwwgpgwnx.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETnoebmuyckv.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETuhcrnuwqav.tmp
Hidden: file C:\WINDOWS\Temp\SKYNEToipvuhklpb.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETpfhywlnekh.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETiylbxxmjgi.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETtmqpyywpam.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETqdylspnxrc.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETpwbgcuslql.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETeavnxdisfx.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETsyadqgalbe.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETrpvxeghqna.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETyeaiympjwa.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETbbvmutlred.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETareidinhgo.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETnyycbqtgbk.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETschxtyeocy.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETmtycvmptyv.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETvxkjqkjkvr.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETqlogmvxvap.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETfqqtqmqram.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETceekicvhnw.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETdgxbrgbsbs.tmp
Hidden: file C:\WINDOWS\Temp\SKYNEThubsriqvet.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETbcwruqdvaa.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETwsdirurskc.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETfoenmxprwa.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETqbutiogysp.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETwribcojtmp.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETjmlginjskv.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETefgttqjmlp.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETeyxtvlklog.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETpdfrdaamod.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETwsbhyjmxip.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETjxrndlnrxb.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETupuqhrvbwu.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETftrhknshwa.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETtftpdwqbym.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETiwqvrvmksi.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETfpfusbdihc.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETckwskancor.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETrpgxylqbvs.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETdfxynkenxd.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETqcgkbipuwd.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETnbklamsjkv.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETcjwgktpvna.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETrimnetrprq.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETtaipestnqh.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETtvvfiivtao.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETgopvuwbuei.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETjxglqdrcrt.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETmponymhxbs.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETldvmlmoueq.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETsmvgitnwop.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETebxmgaegwj.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETesvpimxqae.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETxtfaoyrkqm.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETwmgrawbhjd.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETbknnaulmfl.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETigwxfrciho.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETqlqefshaee.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETwqhfovcjtm.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETbsiumgpbca.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETvnhgvcbjjy.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETjjghbaxmfd.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETswttacpffs.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETbgamywirvd.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETktbxwmkiin.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETwdebadyxvw.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETawlwjotjac.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETafnjmmxkfd.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETperrihniig.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETdwuctiffxb.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETesnlieqklu.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETdmnpuwfmhs.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETbclqbicoin.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETbnjanlpxdj.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETndpavanrjs.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETiamirnnsjp.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETinoxrxmmfx.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETrnhfbdctly.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETtmfyjkfopp.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETciobvmpqwq.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETbddsktorub.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETuhwvyubujx.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETmgajahiwwm.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETcxewodbdws.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETglrsvmdcgk.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETaawxleaoni.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETaeiegkuxbo.tmp
Hidden: file C:\WINDOWS\Temp\SKYNEThdbgmmkrca.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETtwblebefjy.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETkkddixeumj.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETtuwefboifk.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETljcclqduax.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETleamxkcanv.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETwoiuaoayxg.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETimwfkyafwh.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETiybaglddmt.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETlhuttbxkis.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETkqvpglxqjq.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETbnjmdoultv.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETcurbmrjrmo.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETkuonxydcxj.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETbfueochaun.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETqbpafpklys.tmp
Hidden: file C:\WINDOWS\Temp\SKYNEToksjsxwrof.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETxkyaokkcdh.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETxklbtuiiej.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETdwwmdatqtr.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETdiixbqibso.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETpsvxanjduo.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETwkbsmwfpfc.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETiaoqinifhu.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETefrlrnujht.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETlqkapgduvg.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETmnadbsycrt.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETareyhdqjjx.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETmlmgwfmjap.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETyhnmeomixh.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETdwusejcwip.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETyfvfqvaqul.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETvrqviwpcnm.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETqlfygslemb.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETlfhsuxkxne.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETswlkuspbpf.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETfmbebrrtah.tmp
Hidden: file C:\WINDOWS\Temp\SKYNEThgukunapts.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETbxdvtjolfp.tmp
Hidden: file C:\WINDOWS\Temp\SKYNEThvdvrlrrog.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETqinuljidow.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETouxowblxqx.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETrqcktsryla.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETbnqmetbnip.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETntbsdbtbig.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETptlshxymja.tmp
Hidden: file C:\WINDOWS\Temp\SKYNEThkyhfcubag.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETubptfwqwqi.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETbigspbxshx.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETsthttdgyjd.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETktpcovoccg.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETrgjjooymrn.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETdahqdnpyqf.tmp
Hidden: file C:\WINDOWS\Temp\SKYNETaljofigqxw.tmp
Hidden: file C:\WINDOWS\system32\twex.exe
Hidden: file C:\WINDOWS\system32\SKYNETwgrfmnel.dat
Hidden: file C:\Documents and Settings\Owner\Local Settings\Temp\SKYNETxrcfidfvlt.tmp
Hidden: file C:\WINDOWS\system32\drivers\SKYNETjrukqgwk.sys
Hidden: file C:\WINDOWS\system32\SKYNETxuktvnlx.dll
Hidden: file C:\WINDOWS\pcdlib32.exe
Stopped logging on 8/4/2009 at 0:01:24 AM


ALSO - My computer locked up this morning. I re-started, and there was a message on a blue background with symbols all over it, telling me my computer is infected and how dangerous it is. Is that a result of one of the programs I downloaded at your request???? Once I get rid of the virus, how do I keep this from happening again? Also, should I be worried about my accounts and passwords?

Edited by kstevens100, 04 August 2009 - 09:34 AM.


#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:32 PM

Posted 04 August 2009 - 10:22 AM

HI, the rootkit does exist.. Please read this and tell me what you want to do.

IMPORTANT NOTE: uacinit.dll is related to a nasty variant of the TDSSSERV rootkit component. Rootkits, backdoor Trojans, Botnets, and IRC Bots are very dangerous because they compromise system integrity by making changes that allow it to by used by the attacker for malicious purposes. Rootkits are used by Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:

What danger is presented by rootkits?
Rootkits and how to combat them
r00tkit Analysis: What Is A Rootkit

If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised and change each password using a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
What Should I Do If I've Become A Victim Of Identity Theft?
Identity Theft Victims Guide - What to do


Although the infection has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

When should I re-format? How should I reinstall?
Help: I Got Hacked. Now What Do I Do?
Where to draw the line? When to recommend a format and reinstall?


Should you decide not to follow that advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. Some infections are difficult to remove completely because of their morphing characteristics which allows the malware to regenerate itself. Sometimes there is another hidden piece of malware which has not been detected by your security tools that protects malicious files and registry keys (which have been detected) so they cannot be permanently deleted. Disinfection will probably require the use of more powerful tools than we recommend in this forum. Before that can be done you will need you to create and post a DDS/HijackThis log for further investigation. Let me know how you wish to proceed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 kstevens100

kstevens100
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 04 August 2009 - 10:44 AM

OK - I guess I will have to have my computer re-formatted then. If I back up my computer on CD's (emails and photos), and then put them back on the computer....how do I know i didn't just copy the virus and install it right back on? Also, HOW do I keep the virus out going forward?

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:32 PM

Posted 04 August 2009 - 10:50 AM

Not an unwise decision to make. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action but I cannot make that decision for you.

Reformatting a hard disk deletes all data. If you decide to reformat, you can back up all your important documents, data files and photos. The safest practice is not to backup any autorun.ini or .exe files because they may be infected. Some types of malware may disguise itself by adding and hiding its extension to the existing extension of files so be sure you take a close look at the full name. After reformatting, as a precaution, make sure you scan these files with your anti-virus prior to copying them back to your hard drive.

The best proceedure is a low level format. This completely wipes the drive. Then reinstall the OS.
Use the free version of Active@ KillDisk.
Or Darik's Boot And Nuke

The best sources of Information on this are
Reformatting Windows XP
Michael Stevens Tech

Of course also feel free to ask anything on this in the XP forum. They'd be glad to help.

==============================

2 guidelines/rules when backing up

1) Backup all your important data files, pictures, music, work etc... and save it onto an external hard-drive. These files usually include .doc, .txt, .mp3, .jpg etc...
2) Do not backup any executables files or any window files. These include .exe/.scr/.htm/.html/.xml/.zip/.rar files as they may contain traces of malware. Also, .html or .htm files that are webpages should also be avoided.

Download Belarc Advisor - builds a detailed profile of your installed software and hardware, including Microsoft Hotfixes, and displays the results in your Web browser.
Run it and then print out the results, they may be handy.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users