Trend Micro Security

TROJ_LYDRA.BJ

2012年10月5日
 別名:

TrojanSpy:Win32/Lydra.AC (Microsoft); Spy-Lydra.gen.e (McAfee); Infostealer (Symantec); Trojan.Win32.Malware (fs) (Sunbelt); Trojan.PWS.Lydra.A (FSecure)

 プラットフォーム:

Windows 2000, Windows XP, Windows Server 2003

 危険度:
 ダメージ度:
 感染力:
 感染確認数:


  • マルウェアタイプ: トロイの木馬型
  • 破壊活動の有無: なし
  • 暗号化:  
  • 感染報告の有無: はい

  概要


マルウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。

マルウェアは、タスクマネージャやレジストリエディタ、フォルダオプションを無効にします。

  詳細

ファイルサイズ 468,264 bytes
タイプ EXE
メモリ常駐 はい
発見日 2012年10月5日

侵入方法

マルウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。

インストール

マルウェアは、感染したコンピュータ内に以下のように自身のコピーを作成します。

  • %Windows%\winsys.exe
  • %Windows%\lsassv.exe
  • %Windows%\msrpc.exe
  • %Windows%\calc.exe
  • %Windows%\regedit.exe
  • %System%\calc.exe
  • %System%\regedit.exe
  • %User Profile%\Àâòîçàãðóçêà\AdobeGammaLoader.scr
  • %Windows%\Ãëàâíîå ìåíþ\Ïðîãðàììû\Àâòîçàãðóçêà\AdobeGammaLoader.scr

(註:%Windows%はWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows9x、Me、XP、Server 2003の場合、"C:\Window"、WindowsNT および 2000の場合、"C:\WINNT" です。. %System%はWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows 98 および MEの場合、"C:\Windows\System"、Windows NT および 2000 の場合、"C:\WinNT\System32"、Windows XP および Server 2003 の場合、"C:\Windows\System32" です。. %User Profile% フォルダは、Windows 98 および MEの場合、"C:\Windows\Profiles\<ユーザ名>"、Windows NTでは、"C:\WINNT\Profiles\<ユーザ名>"、Windows 2000, XP, Server 2003の場合は、"C:\Documents and Settings\<ユーザ名>" です。)

自動実行方法

マルウェアは、自身のコピーがWindows起動時に自動実行されるよう以下のレジストリ値を追加します。

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
winsys = "%Windows%\winsys.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\RunServices
winsys = "%Windows%\winsys.exe"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
lsassv = "%Windows%\lsassv.exe"

マルウェアは、自身をシステムサービスとして登録し、Windows起動時に自動実行されるよう以下のレジストリキーを追加します。

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\winsys

他のシステム変更

マルウェアは、以下のレジストリキーを追加します。

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\
Windows\CurrentVersion\policies\
Explorer\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\RunServices

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\policies\
Explorer\Run

マルウェアは、以下のレジストリ値を追加します。

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
ThisEXE = "{malware path and file name}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
VerProg = "95"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\policies\
Explorer\Run
msrpc = "%Windows%\msrpc.exe"

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\winsys
DependOnService = "RpcSs"

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\winsys
Description = "This service manages TCP/IP packets at Internet"

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\winsys
DisplayName = "TCPIP route manager"

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\winsys
Group = "PlugPlay"

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\winsys
ObjectName = "LocalSystem"

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\winsys
ImagePath = "%Windows%\winsys.exe"

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\winsys
ErrorControl = "1"

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\winsys
PlugPlayServiceType = "3"

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\winsys
Start = "2"

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\winsys
Type = "12"

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\
List
{malware path and file name} = "{malware path and file name}:*:enabled:system update"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "{malware path and file name}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "2"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%System Root%\AUTOEXEC.BAT"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "3"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%System Root%\boot.ini"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "4"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%System Root%\CONFIG.SYS"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "5"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Desktop%.ini"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "6"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Profile%\Address Book\Administrator.wab"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "7"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Profile%\Address Book\Administrator.wab~"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "8"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Profile%\Internet Explorer\brndlog.bak"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "9"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Profile%\Internet Explorer\brndlog.txt"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "a"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Desktop%.htt"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "b"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "c"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Profile%\Quick Launch\Launch Internet Explorer Browser.lnk"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "d"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Profile%\Quick Launch\Show Desktop.scf"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "e"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Profile%\Themes\Custom.theme"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "f"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Profile%\Cookies\administrator@ad.wsod[2].txt"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Profile%\Cookies\administrator@atdmt[2].txt"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "11"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Profile%\Cookies\administrator@bing[2].txt"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "12"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Profile%\Cookies\administrator@c.msn[1].txt"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "13"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Profile%\Cookies\administrator@microsoft[1].txt"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "14"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Profile%\Cookies\administrator@msn[1].txt"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "15"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Profile%\Cookies\administrator@scorecardresearch[1].txt"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "16"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Profile%\Cookies\administrator@www.bing[1].txt"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "17"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Profile%\Cookies\administrator@www.msn[1].txt"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "18"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Profile%\Cookies\index.dat"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "19"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "1a"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Favorites%\Links\Customize Links.url"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "1b"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Favorites%\Links\Free Hotmail.url"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "1c"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Favorites%\Links\Windows Marketplace.url"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "1d"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Favorites%\Links\Windows Media.url"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "1e"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Favorites%\Links\Windows.url"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "1f"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Favorites%\MSN.com.url"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Favorites%\Radio Station Guide.url"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "21"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Application Data%\IconCache.db"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "22"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "23"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "24"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "25"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "26"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Application Data%\Microsoft\Internet Explorer\MSIMGSIZ.DAT"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "27"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Application Data%\Microsoft\Media Player\CurrentDatabase_59R.wmdb"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "28"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Application Data%\Microsoft\Windows\UsrClass.dat"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "29"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Application Data%\Microsoft\Windows\UsrClass.dat.LOG"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "2a"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Application Data%\Microsoft\Windows Media\9.0\WMSDKNS.DTD"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "2b"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Application Data%\Microsoft\Windows Media\9.0\WMSDKNS.XML"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "2c"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "2d"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "2e"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "2f"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Profile%\History.IE5\index.dat"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Profile%\MSHist012011091320110914\index.dat"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "31"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Temp%\dd_vcredistMSI5DA7.txt"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "32"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Temp%\dd_vcredistMSI6BB9.txt"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "33"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Temp%\dd_vcredistUI5DA7.txt"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "34"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Temp%\dd_vcredistUI6BB9.txt"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "35"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Temp%\Perflib_Perfdata_42c.dat"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "36"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Temp%\Perflib_Perfdata_740.dat"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "37"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Temp%\_$Df\DF6Wks.sib"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "38"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\10[1].htm"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "39"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\16[1].htm"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "3a"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\192.168.100[1].htm"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "3b"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\192.168.100[2].htm"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "3c"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\192.168.100[3].htm"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "3d"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\192.168.100[4].htm"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "3e"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\19a258f4b5912a20ea2ae53d6cfd78[1].css"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "3f"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\23291C91F42BB7428016F7667C257[1].jpg"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\5280118e68aedbc5821d17132a5340[1].gif"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "41"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\55bce9d411c27344113ec5a6993640_sa[1].css"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "42"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\9C82EAE01868DD71784A2F8F8F111C[1].gif"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "43"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\ADSAdClient31[1].htm"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "44"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\ADSAdClient31[2].htm"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "45"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\BBC13794F9ED1D1A7A1D4D1FEA3CD7[1].jpg"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "46"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\bottom_right3[1].png"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "47"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\box01[1].gif"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "48"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\box02[1].gif"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "49"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\box08[1].gif"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "4a"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\D5F3A7E8D424FDD0287C4F56DD12D3[1].jpg"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "4b"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\desktop.ini"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "4c"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\EB75D45B8948F72EE451223E95A96[1].gif"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "4d"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\en[1].js"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "4e"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\header00b[1].gif"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "4f"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\jquery-1.4.2.min[1].js"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\NBCSliver_Expandable_958x70_IMG[1].jpg"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "51"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\primedns[1].gif"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "52"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\qsonhs[1].aspx"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "53"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\report_image[1].png"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "54"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\table_left3[1].png"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "55"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\10[1].htm"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "56"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\192.168.100[1].htm"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "57"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\192.168.100[2].htm"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "58"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\192.168.100[3].htm"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "59"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\192.168.100[4].htm"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "5a"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\2DDD1FE7634E4E839EDF74F726B63[1].jpg"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "5b"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\38[1].gif"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "5c"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\4a0253de6eac448d8f2c39c53f8926[2].js"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "5d"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\5e98195be7104e342ccb48f09eb9a2[1].gif"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "5e"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\ADSAdClient31[1].htm"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "5f"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\anatm[1].js"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\B1F87AA118856D38983C1465336B4[1].jpg"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "61"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\B46A725F4D8F57976CAEEFF11EB6[1].jpg"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "62"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\box07[1].gif"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "63"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\CalendarPopup[1].js"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "64"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\cc36ca69630adc1a2052edc7351a47[1].gif"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "65"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\desktop.ini"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "66"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\dropdown[1].jpg"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "67"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "68"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\F77B13562B4A15F255E43C9B13EE6[1].jpg"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "69"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\footer00[1].gif"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "6a"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\header02[1].jpg"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "6b"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\import[1].png"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "6c"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\select[1].js"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "6d"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\table_bottom3[1].png"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "6e"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\table_top3[1].png"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "6f"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\transpix[1].gif"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\desktop.ini"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "71"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\index.dat"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "72"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\10[1].htm"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "73"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\192.168.100[1].htm"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "74"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\192.168.100[2].htm"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "75"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\192.168.100[3].htm"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "76"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\192.168.100[4].htm"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "77"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\287[1].png"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "78"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\37BA92E210D341BFDBF4126422A3D2[1].gif"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "79"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\52D2B9F622412A142ABA4B3593335A[1].jpg"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "7a"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\617475cf39bf6f5c0bd6ecb985335c[1].gif"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "7b"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\A488216_300_250[1].js"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "7c"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\adchoices_gif2[1].gif"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "7d"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\ADSAdClient31[1].htm"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "7e"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\background[1].gif"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "7f"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\BING_websearch_2[1].jpg"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\box03[1].gif"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "81"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\box04[1].gif"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "82"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\box06[1].gif"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "83"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\c08736971c07cf49dd10f85e929b4a[1].css"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "84"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\CDAB2F44A1591D2B308C20C6C15375[1].jpg"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "85"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\config[1].gif"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "86"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\deliver[1].js"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "87"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\desktop.ini"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "88"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\DF13BF3F249457CCBCD3706B8ECE[1].jpg"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "89"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\edit_icon_thumb[1].png"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "8a"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\jquery-ui-1.8.custom.min[1].js"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "8b"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\NBCSliver_Expandable_300x250_IMG[1].jpg"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "8c"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\sandbox[1].css"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "8d"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\script_958_70[1].js"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "8e"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\top_right3[1].png"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "8f"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\0000000001_000000000000000017246[1].gif"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\192.168.100[1].htm"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "91"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\192.168.100[2].htm"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "92"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\192.168.100[3].htm"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "93"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\192.168.100[4].htm"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "94"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\192.168.100[5].htm"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "95"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\53918F546C24BA14F49281B8ACF64[1].jpg"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "96"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\614595fba50d96389708a4135776e4[1].gif"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "97"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\732F4F3EC60A7B9EACC46AEE2FB75[1].jpg"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "98"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\7A41237A38B18681E067FFDEDAA714[1].jpg"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "99"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\80DFBE2BF27B3875C15E655592606F[1].jpg"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "9a"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\A488034_958_70[1].js"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "9b"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\ADSAdClient31[1].htm"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "9c"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\bottom_left3[1].png"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "9d"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\box09[1].gif"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "9e"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\C027E0A9FA9AEF2461A8C39CF7[1].jpg"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "9f"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\c57bc2a7d38843d7c4aa8028fc9f82[1].gif"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\dapmsn[1].js"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "a1"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\delete_icon_thumb[1].png"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "a2"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\desktop.ini"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "a3"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\FreeRefurb_300x120_122810[1].jpg"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "a4"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\jquery-1.4.2.min[1].js"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "a5"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\jquery.jeditable.mini[1].js"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "a6"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\overlib[1].js"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "a7"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\script_300_250[1].js"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "a8"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\sunbeltlabs_logo[1].jpg"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "a9"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\table_right3[1].png"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "aa"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\top_left3[1].png"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "ab"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\users[1].png"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "ac"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Temporary Internet Files%\desktop.ini"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "ad"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "ae"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "af"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Profile%\My Music\Sample Music.lnk"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "b1"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Profile%\My Pictures\Sample Pictures.lnk"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "b2"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Profile%\NTUSER.DAT"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "b3"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Profile%\NTUSER.DAT.LOG"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "b4"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Profile%\ntuser.ini"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "b5"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "b6"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Profile%\Recent\server.lnk"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "b7"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Profile%\Recent\set_hostname.lnk"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "b8"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Profile%\Recent\set_server.lnk"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "b9"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Profile%\Recent\the_configurator.lnk"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "ba"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Profile%\SendTo\Compressed (zipped) Folder.ZFSendToTarget"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "bb"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Desktop% (create shortcut).DeskLink"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "bc"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "bd"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Profile%\SendTo\Mail Recipient.MAPIMail"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "be"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%User Profile%\SendTo\My Documents.mydocs"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "bf"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Start Menu%\desktop.ini"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Start Menu%\Programs\Accessories\Accessibility\desktop.ini"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "c1"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Start Menu%\Programs\Accessories\Accessibility\Magnifier.lnk"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "c2"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Start Menu%\Programs\Accessories\Accessibility\Narrator.lnk"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "c3"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Start Menu%\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "c4"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Start Menu%\Programs\Accessories\Accessibility\Utility Manager.lnk"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "c5"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Start Menu%\Programs\Accessories\Address Book.lnk"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "c6"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Start Menu%\Programs\Accessories\Command Prompt.lnk"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "c7"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Start Menu%\Programs\Accessories\desktop.ini"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "c8"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Start Menu%\Programs\Accessories\Entertainment\desktop.ini"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "c9"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Start Menu%\Programs\Accessories\Entertainment\Windows Media Player.lnk"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "ca"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Start Menu%\Programs\Accessories\Notepad.lnk"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "cb"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Start Menu%\Programs\Accessories\Program Compatibility Wizard.lnk"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FNum = "cc"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
FLast = "%Start Menu%\Programs\Accessories\Synchronize.lnk"

マルウェアは、以下のレジストリ値を追加し、タスクマネージャやレジストリエディタ、フォルダオプションを無効にします。

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\
Explorer\Run
winsys = "%Windows%\winsys.exe"

作成活動

マルウェアは、以下のファイルを作成します。

  • %Windows%\pool32.dll
  • %Windows%\ole32w.dll
  • %Windows%\iecomn.dll
  • %Windows%\viaud.dll
  • %Windows%\calc2.exe
  • %Windows%\regedit2.exe
  • %System%\calc2.exe
  • %System%\regedit2.exe
  • %User Startup%\AdobeGammaLoader.scr
  • %Common Startup%\AdobeGammaLoader.scr
  • %Windows%\unrar.dll

(註:%Windows%はWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows9x、Me、XP、Server 2003の場合、"C:\Window"、WindowsNT および 2000の場合、"C:\WINNT" です。. %System%はWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows 98 および MEの場合、"C:\Windows\System"、Windows NT および 2000 の場合、"C:\WinNT\System32"、Windows XP および Server 2003 の場合、"C:\Windows\System32" です。. %User Startup%フォルダは、通常、Windows 98 および MEの場合、"C:\Windows\Profiles\<ユーザ名>\Start Menu\Programs\Startup" 、Windows NTの場合、"C:\WINNT\Profiles\<ユーザ名>\Start Menu\Programs\Startup"、Windows 2000、XP、Server 2003の場合、"C:\Documents and Settings\<ユーザ名>\Start Menu\Programs\Startup " です。. %Common Startup%フォルダは、Windows 2000、XP、Server 2003 の場合 "C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ" 、 Windows NTの場合 "C:\WINNT\Profiles\All Users\プログラム\スタートアップ"、Windows 98 および MEの場合、"C:\Windows\スタート メニュー\プログラム\スタートアップ" です。)

このウイルス情報は、自動解析システムにより作成されました。

  対応方法

対応検索エンジン: 9.200

手順 1

Windows XP および Windows Server 2003 のユーザは、コンピュータからマルウェアもしくはアドウェア等を完全に削除するために、ウイルス検索の実行前には必ず「システムの復元」を無効にしてください。

手順 2

Windowsをセーフモードで再起動します。

[ 詳細 ]

手順 3

レジストリエディタおよびタスクマネージャ、フォルダオプションの機能を有効にします。

[ 詳細 ]
この手順により、このマルウェアが無効にした他のアプリケーションまたはプログラムの機能も有効になります。

手順 4

このレジストリキーを削除します。

[ 詳細 ]

警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。

  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • winsys
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
    • {65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
  • In HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    • Run
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
    • RunServices
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    • Run

手順 5

このレジストリ値を削除します。

[ 詳細 ]

警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。

  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    • winsys = "%Windows%\winsys.exe"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
    • winsys = "%Windows%\winsys.exe"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • lsassv = "%Windows%\lsassv.exe"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • ThisEXE = "{malware path and file name}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • VerProg = "95"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
    • msrpc = "%Windows%\msrpc.exe"
  • In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winsys
    • DependOnService = "RpcSs"
  • In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winsys
    • Description = "This service manages TCP/IP packets at Internet"
  • In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winsys
    • DisplayName = "TCPIP route manager"
  • In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winsys
    • Group = "PlugPlay"
  • In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winsys
    • ObjectName = "LocalSystem"
  • In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winsys
    • ImagePath = "%Windows%\winsys.exe"
  • In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winsys
    • ErrorControl = "1"
  • In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winsys
    • PlugPlayServiceType = "3"
  • In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winsys
    • Start = "2"
  • In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winsys
    • Type = "12"
  • In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    • {malware path and file name} = "{malware path and file name}:*:enabled:system update"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "1"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "{malware path and file name}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "2"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%System Root%\AUTOEXEC.BAT"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "3"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%System Root%\boot.ini"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "4"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%System Root%\CONFIG.SYS"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "5"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Desktop%.ini"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "6"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Profile%\Address Book\Administrator.wab"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "7"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Profile%\Address Book\Administrator.wab~"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "8"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Profile%\Internet Explorer\brndlog.bak"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "9"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Profile%\Internet Explorer\brndlog.txt"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "a"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Desktop%.htt"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "b"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "c"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Profile%\Quick Launch\Launch Internet Explorer Browser.lnk"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "d"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Profile%\Quick Launch\Show Desktop.scf"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "e"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Profile%\Themes\Custom.theme"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "f"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Profile%\Cookies\administrator@ad.wsod[2].txt"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Profile%\Cookies\administrator@atdmt[2].txt"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "11"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Profile%\Cookies\administrator@bing[2].txt"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "12"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Profile%\Cookies\administrator@c.msn[1].txt"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "13"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Profile%\Cookies\administrator@microsoft[1].txt"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "14"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Profile%\Cookies\administrator@msn[1].txt"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "15"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Profile%\Cookies\administrator@scorecardresearch[1].txt"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "16"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Profile%\Cookies\administrator@www.bing[1].txt"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "17"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Profile%\Cookies\administrator@www.msn[1].txt"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "18"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Profile%\Cookies\index.dat"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "19"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "1a"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Favorites%\Links\Customize Links.url"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "1b"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Favorites%\Links\Free Hotmail.url"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "1c"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Favorites%\Links\Windows Marketplace.url"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "1d"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Favorites%\Links\Windows Media.url"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "1e"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Favorites%\Links\Windows.url"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "1f"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Favorites%\MSN.com.url"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Favorites%\Radio Station Guide.url"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "21"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Application Data%\IconCache.db"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "22"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "{random characters}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "23"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "24"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "25"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "26"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Application Data%\Microsoft\Internet Explorer\MSIMGSIZ.DAT"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "27"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Application Data%\Microsoft\Media Player\CurrentDatabase_59R.wmdb"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "28"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Application Data%\Microsoft\Windows\UsrClass.dat"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "29"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Application Data%\Microsoft\Windows\UsrClass.dat.LOG"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "2a"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Application Data%\Microsoft\Windows Media\9.0\WMSDKNS.DTD"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "2b"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Application Data%\Microsoft\Windows Media\9.0\WMSDKNS.XML"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "2c"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "2d"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "2e"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "2f"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Profile%\History.IE5\index.dat"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Profile%\MSHist012011091320110914\index.dat"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "31"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Temp%\dd_vcredistMSI5DA7.txt"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "32"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Temp%\dd_vcredistMSI6BB9.txt"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "33"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Temp%\dd_vcredistUI5DA7.txt"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "34"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Temp%\dd_vcredistUI6BB9.txt"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "35"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Temp%\Perflib_Perfdata_42c.dat"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "36"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Temp%\Perflib_Perfdata_740.dat"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "37"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Temp%\_$Df\DF6Wks.sib"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "38"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\10[1].htm"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "39"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\16[1].htm"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "3a"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\192.168.100[1].htm"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "3b"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\192.168.100[2].htm"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "3c"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\192.168.100[3].htm"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "3d"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\192.168.100[4].htm"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "3e"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\19a258f4b5912a20ea2ae53d6cfd78[1].css"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "3f"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\23291C91F42BB7428016F7667C257[1].jpg"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\5280118e68aedbc5821d17132a5340[1].gif"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "41"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\55bce9d411c27344113ec5a6993640_sa[1].css"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "42"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\9C82EAE01868DD71784A2F8F8F111C[1].gif"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "43"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\ADSAdClient31[1].htm"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "44"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\ADSAdClient31[2].htm"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "45"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\BBC13794F9ED1D1A7A1D4D1FEA3CD7[1].jpg"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "46"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\bottom_right3[1].png"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "47"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\box01[1].gif"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "48"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\box02[1].gif"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "49"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\box08[1].gif"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "4a"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\D5F3A7E8D424FDD0287C4F56DD12D3[1].jpg"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "4b"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\desktop.ini"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "4c"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\EB75D45B8948F72EE451223E95A96[1].gif"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "4d"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\en[1].js"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "4e"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\header00b[1].gif"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "4f"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\jquery-1.4.2.min[1].js"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\NBCSliver_Expandable_958x70_IMG[1].jpg"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "51"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\primedns[1].gif"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "52"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\qsonhs[1].aspx"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "53"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\report_image[1].png"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "54"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\2TPM8950\table_left3[1].png"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "55"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\10[1].htm"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "56"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\192.168.100[1].htm"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "57"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\192.168.100[2].htm"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "58"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\192.168.100[3].htm"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "59"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\192.168.100[4].htm"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "5a"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\2DDD1FE7634E4E839EDF74F726B63[1].jpg"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "5b"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\38[1].gif"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "5c"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\4a0253de6eac448d8f2c39c53f8926[2].js"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "5d"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\5e98195be7104e342ccb48f09eb9a2[1].gif"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "5e"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\ADSAdClient31[1].htm"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "5f"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\anatm[1].js"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\B1F87AA118856D38983C1465336B4[1].jpg"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "61"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\B46A725F4D8F57976CAEEFF11EB6[1].jpg"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "62"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\box07[1].gif"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "63"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\CalendarPopup[1].js"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "64"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\cc36ca69630adc1a2052edc7351a47[1].gif"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "65"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\desktop.ini"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "66"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\dropdown[1].jpg"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "67"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "68"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\F77B13562B4A15F255E43C9B13EE6[1].jpg"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "69"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\footer00[1].gif"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "6a"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\header02[1].jpg"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "6b"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\import[1].png"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "6c"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\select[1].js"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "6d"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\table_bottom3[1].png"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "6e"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\table_top3[1].png"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "6f"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\4H9MXTT9\transpix[1].gif"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\desktop.ini"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "71"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\index.dat"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "72"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\10[1].htm"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "73"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\192.168.100[1].htm"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "74"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\192.168.100[2].htm"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "75"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\192.168.100[3].htm"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "76"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\192.168.100[4].htm"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "77"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\287[1].png"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "78"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\37BA92E210D341BFDBF4126422A3D2[1].gif"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "79"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\52D2B9F622412A142ABA4B3593335A[1].jpg"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "7a"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\617475cf39bf6f5c0bd6ecb985335c[1].gif"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "7b"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\A488216_300_250[1].js"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "7c"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\adchoices_gif2[1].gif"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "7d"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\ADSAdClient31[1].htm"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "7e"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\background[1].gif"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "7f"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\BING_websearch_2[1].jpg"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\box03[1].gif"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "81"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\box04[1].gif"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "82"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\box06[1].gif"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "83"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\c08736971c07cf49dd10f85e929b4a[1].css"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "84"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\CDAB2F44A1591D2B308C20C6C15375[1].jpg"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "85"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\config[1].gif"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "86"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\deliver[1].js"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "87"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\desktop.ini"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "88"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\DF13BF3F249457CCBCD3706B8ECE[1].jpg"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "89"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\edit_icon_thumb[1].png"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "8a"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\jquery-ui-1.8.custom.min[1].js"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "8b"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\NBCSliver_Expandable_300x250_IMG[1].jpg"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "8c"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\sandbox[1].css"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "8d"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\script_958_70[1].js"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "8e"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\SMCZPN4M\top_right3[1].png"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "8f"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\0000000001_000000000000000017246[1].gif"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\192.168.100[1].htm"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "91"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\192.168.100[2].htm"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "92"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\192.168.100[3].htm"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "93"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\192.168.100[4].htm"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "94"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\192.168.100[5].htm"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "95"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\53918F546C24BA14F49281B8ACF64[1].jpg"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "96"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\614595fba50d96389708a4135776e4[1].gif"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "97"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\732F4F3EC60A7B9EACC46AEE2FB75[1].jpg"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "98"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\7A41237A38B18681E067FFDEDAA714[1].jpg"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "99"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\80DFBE2BF27B3875C15E655592606F[1].jpg"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "9a"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\A488034_958_70[1].js"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "9b"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\ADSAdClient31[1].htm"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "9c"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\bottom_left3[1].png"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "9d"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\box09[1].gif"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "9e"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\C027E0A9FA9AEF2461A8C39CF7[1].jpg"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "9f"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\c57bc2a7d38843d7c4aa8028fc9f82[1].gif"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\dapmsn[1].js"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "a1"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\delete_icon_thumb[1].png"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "a2"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\desktop.ini"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "a3"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\FreeRefurb_300x120_122810[1].jpg"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "a4"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\jquery-1.4.2.min[1].js"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "a5"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\jquery.jeditable.mini[1].js"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "a6"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\overlib[1].js"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "a7"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\script_300_250[1].js"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "a8"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\sunbeltlabs_logo[1].jpg"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "a9"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\table_right3[1].png"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "aa"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\top_left3[1].png"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "ab"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\Content.IE5\X9QQH2D9\users[1].png"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "ac"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Temporary Internet Files%\desktop.ini"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "ad"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "ae"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "af"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Profile%\My Music\Sample Music.lnk"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "b1"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Profile%\My Pictures\Sample Pictures.lnk"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "b2"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Profile%\NTUSER.DAT"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "b3"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Profile%\NTUSER.DAT.LOG"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "b4"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Profile%\ntuser.ini"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "b5"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "b6"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Profile%\Recent\server.lnk"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "b7"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Profile%\Recent\set_hostname.lnk"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "b8"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Profile%\Recent\set_server.lnk"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "b9"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Profile%\Recent\the_configurator.lnk"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "ba"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Profile%\SendTo\Compressed (zipped) Folder.ZFSendToTarget"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "bb"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Desktop% (create shortcut).DeskLink"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "bc"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "bd"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Profile%\SendTo\Mail Recipient.MAPIMail"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "be"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%User Profile%\SendTo\My Documents.mydocs"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "bf"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Start Menu%\desktop.ini"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Start Menu%\Programs\Accessories\Accessibility\desktop.ini"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "c1"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Start Menu%\Programs\Accessories\Accessibility\Magnifier.lnk"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "c2"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Start Menu%\Programs\Accessories\Accessibility\Narrator.lnk"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "c3"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Start Menu%\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "c4"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Start Menu%\Programs\Accessories\Accessibility\Utility Manager.lnk"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "c5"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Start Menu%\Programs\Accessories\Address Book.lnk"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "c6"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Start Menu%\Programs\Accessories\Command Prompt.lnk"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "c7"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Start Menu%\Programs\Accessories\desktop.ini"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "c8"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Start Menu%\Programs\Accessories\Entertainment\desktop.ini"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "c9"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Start Menu%\Programs\Accessories\Entertainment\Windows Media Player.lnk"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "ca"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Start Menu%\Programs\Accessories\Notepad.lnk"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "cb"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Start Menu%\Programs\Accessories\Program Compatibility Wizard.lnk"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FNum = "cc"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}
    • FLast = "%Start Menu%\Programs\Accessories\Synchronize.lnk"

手順 6

以下のファイルを検索し削除します。

[ 詳細 ]
コンポーネントファイルが隠しファイル属性の場合があります。[詳細設定オプション]をクリックし、[隠しファイルとフォルダの検索]のチェックボックスをオンにし、検索結果に隠しファイルとフォルダが含まれるようにしてください。
  • %Windows%\pool32.dll
  • %Windows%\ole32w.dll
  • %Windows%\iecomn.dll
  • %Windows%\viaud.dll
  • %Windows%\calc2.exe
  • %Windows%\regedit2.exe
  • %System%\calc2.exe
  • %System%\regedit2.exe
  • %User Startup%\AdobeGammaLoader.scr
  • %Common Startup%\AdobeGammaLoader.scr
  • %Windows%\unrar.dll

手順 7

コンピュータを通常モードで再起動し、最新のバージョン(エンジン、パターンファイル)を導入したウイルス対策製品を用い、「TROJ_LYDRA.BJ」と検出したファイルの検索を実行してください。 検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。


ご利用はいかがでしたか? アンケートにご協力ください