Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Regedit And Task Manager "blocked By Administrator"


  • This topic is locked This topic is locked
21 replies to this topic

#1 fr0sTbytE

fr0sTbytE

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 01 December 2006 - 02:53 PM

When I try to go into Task Manager or Regedit the error "Has been blocked by your Administrator" pops up. I am the only one who uses this pc so I was confused at first but then concluded that their must be something running that I don't know about. Here is my HiJackThis log, i'm not sure how much you will need so ill post the whole thing. Thanks for your help guys

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\windows\system32\rlvknlg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Save\Save.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mvitklnnmsfiheyeagwiqt.net/9bGk...2kB60luew2e.jsp
R3 - URLSearchHook: (no name) - {965A592F-8EFA-4250-8630-7960230792F1} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {DF225C95-9B84-8625-395C-452D0AB6A675} - C:\DOCUME~1\Sophie\APPLIC~1\CHICOO~1\Chin Free.exe (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [readme bags plan proxy] C:\Documents and Settings\All Users\Application Data\bin phone readme bags\MEDIA AMEN.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [VirusBurster] C:\Program Files\VirusBurster\virusburster.exe /h
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Mapi bits city wma] C:\Documents and Settings\All Users\Application Data\transbalmmapibits\Wait Grid.exe
O4 - HKLM\..\Run: [bpk] C:\WINDOWS\system32\bpk.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Eggsbias] C:\DOCUME~1\Tyler\APPLIC~1\DASHCU~1\warn platform.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: aVISTAfeeling MediaPlayer.lnk = Local Settings\Temp\Rar$EX10.625\XP_pass_hack_by_scanner.com.ru\Xtra\Vista_MediaPlayer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.8.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28578.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple...iTunesSetup.exe
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v45/bejeweled/bejeweled.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1104453706484
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {D22AC3EF-B7D8-11D5-A281-005056BF0101} (plug Class) - http://gxb.nastydollars.com/gxplugin/gxbplug.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: RelevantKnowledge - C:\WINDOWS\system32\rlls.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

:thumbsup:

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:19 AM

Posted 02 December 2006 - 08:47 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

The top header of your log is missing. Please repost your log to include the header information.

Also I would like to ask you to change your avatar. There is a line for these things and I think that is on the wrong side of it.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 fr0sTbytE

fr0sTbytE
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 02 December 2006 - 09:41 AM

Alright thanks Sam. I don't know if this is what you wanted but it's the only thing left on the report.

Logfile of HijackThis v1.99.1
Scan saved at 2:42:30 PM, on 12/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

I also removed my inappropriate avatar. Thanks again.

:thumbsup:

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:19 AM

Posted 02 December 2006 - 10:08 AM

Yes, that's it. Thank you.

I need to see a different type of log from Hijackthis
  • Run Hijackthis.
  • Click on "Open the Misc Tools section".
  • Next click on "Open uninstall manager".
  • Press the button 'save list'. It will open a Notepad file.
  • Place the content of that file here in your in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 fr0sTbytE

fr0sTbytE
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 02 December 2006 - 10:55 AM

Alright I got the new list.. here it is :flowers:


4U MP4 Video Converter (version 1.2.0)
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Download Manager 2.0 (Remove Only)
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Premiere Pro Tryout
Adobe Reader 7.0.8
Adobe Stock Photos 1.0
AIM 6.0
AIM Toolbar
AOL Instant Messenger
A-one iPod PSP 3GP Video Converter 4.32
Apollo Audio DVD Creator 1.2.3
Apple Software Update
AVI DivX to DVD SVCD VCD Converter 2.1.4
AVS Video Tools 5.4
Bejeweled 2 (remove only)
Bejeweled 2 Deluxe 1.0
CC_ccProxyMSI
CC_ccStart
ccCommon
C-Media WDM Audio Driver
Counter-Strike™
Cucusoft DVD to iPod + iPod Video Converter Suite 3.9.3.20
Dell Photo Printer 720
DigiOnAudio2
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Download Plugin for Mozilla, Opera, Netscape
FlashGet ads support
Fraps (remove only)
GameSpy Software
Google Desktop
Google Toolbar for Firefox
Google Video Uploader
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hijackthis 1.99.1
HijackThis 1.99.1
hp officejet 7100 series
Insaniquarium Deluxe 1.0
IP Changer 2.0
iPod for Windows User Guide
iPod System Software Updater 2.1
iTunes
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2
Lernout & Hauspie TruVoice for Microsoft Agent
LiveReg (Symantec Corporation)
LiveUpdate 1.90 (Symantec Corporation)
Macromedia Shockwave Player
Medal of Honor Allied Assault
Medal of Honor Allied Assault™ Breakthrough Demo
Medal of Honor Allied Assault™ Spearhead Demo
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft Office Professional Edition 2003
Mozilla Firefox (1.5.0.8)
Mozilla Firefox (2.0)
MSN Messenger 7.5
MSN Toolbar
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
My Search Bar
Nero 7
New.net Domains 7.22
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
NVIDIA Windows 2000/XP Display Drivers
On2 VP3 Video for Windows Codec
Panda ActiveScan
PCMesh Anonymous Web Surfing
Pinnacle InstantCD/DVD Suite
PokerStars
Quake 3 Arena Demo
QuickTime
Real Alternative 1.42
RealArcade
RelevantKnowledge
Roguescanfix 1.5
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Steam™
StyleXP (remove only)
Symantec Script Blocking Installer
TeamSpeak 2 RC2
Themexp.org File
TipTop Deluxe 1.1
Ultra QuickTime Converter 1.3.0
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Viewpoint Media Player
WhenU SaveNow
Windows Installer 3.1 (KB893803)
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
World of Warcraft
XviD 1.1 final uninstall

:thumbsup:

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:19 AM

Posted 02 December 2006 - 01:45 PM

Let's get rid of as much as we can the easy way first.

Click Start -> Control Panel -> Add Remove Programs and uninstall these programs:

My Search Bar
New.net Domains 7.22
RelevantKnowledge
Viewpoint Media Player
WhenU SaveNow



Reboot your computer when you are done uninstalling all of these. Then post a new hijackthis log, like the original log that you posted.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 fr0sTbytE

fr0sTbytE
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 02 December 2006 - 09:48 PM

Hi Sam, the My Search Bar program was being stubborn and didn't uninstall properly.. well here is the new Log.


Logfile of HijackThis v1.99.1
Scan saved at 9:44:35 PM, on 12/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mvitklnnmsfiheyeagwiqt.net/9bGk...2kB60luew2e.jsp
R3 - URLSearchHook: (no name) - {965A592F-8EFA-4250-8630-7960230792F1} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {DF225C95-9B84-8625-395C-452D0AB6A675} - C:\DOCUME~1\Sophie\APPLIC~1\CHICOO~1\Chin Free.exe (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [readme bags plan proxy] C:\Documents and Settings\All Users\Application Data\bin phone readme bags\MEDIA AMEN.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [VirusBurster] C:\Program Files\VirusBurster\virusburster.exe /h
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Mapi bits city wma] C:\Documents and Settings\All Users\Application Data\transbalmmapibits\Wait Grid.exe
O4 - HKLM\..\Run: [bpk] C:\WINDOWS\system32\bpk.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Eggsbias] C:\DOCUME~1\Tyler\APPLIC~1\DASHCU~1\warn platform.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: aVISTAfeeling MediaPlayer.lnk = Local Settings\Temp\Rar$EX10.625\XP_pass_hack_by_scanner.com.ru\Xtra\Vista_MediaPlayer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.8.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28578.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple...iTunesSetup.exe
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v45/bejeweled/bejeweled.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1104453706484
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {D22AC3EF-B7D8-11D5-A281-005056BF0101} (plug Class) - http://gxb.nastydollars.com/gxplugin/gxbplug.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe



Thanks :thumbsup:

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:19 AM

Posted 03 December 2006 - 11:14 AM

No problem. We'll get it manually along with the other junk that's still there.

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mvitklnnmsfiheyeagwiqt.net/9bGk...2kB60luew2e.jsp
R3 - URLSearchHook: (no name) - {965A592F-8EFA-4250-8630-7960230792F1} - (no file)
O2 - BHO: (no name) - {DF225C95-9B84-8625-395C-452D0AB6A675} - C:\DOCUME~1\Sophie\APPLIC~1\CHICOO~1\Chin Free.exe (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (file missing)
O4 - HKLM\..\Run: [readme bags plan proxy] C:\Documents and Settings\All Users\Application Data\bin phone readme bags\MEDIA AMEN.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [VirusBurster] C:\Program Files\VirusBurster\virusburster.exe /h
O4 - HKLM\..\Run: [Mapi bits city wma] C:\Documents and Settings\All Users\Application Data\transbalmmapibits\Wait Grid.exe
O4 - HKLM\..\Run: [bpk] C:\WINDOWS\system32\bpk.exe
O4 - HKCU\..\Run: [Eggsbias] C:\DOCUME~1\Tyler\APPLIC~1\DASHCU~1\warn platform.exe
O4 - Startup: aVISTAfeeling MediaPlayer.lnk = Local Settings\Temp\Rar$EX10.625\XP_pass_hack_by_scanner.com.ru\Xtra\Vista_MediaPlayer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.8.cab
O16 - DPF: {D22AC3EF-B7D8-11D5-A281-005056BF0101} (plug Class) - http://gxb.nastydollars.com/gxplugin/gxbplug.dll



Reboot your computer.




Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 fr0sTbytE

fr0sTbytE
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 03 December 2006 - 12:43 PM

Ok thanks Sam. I put a custom login screen on my pc... so that is the Genesis.exe and Alien.exe in the System32 Folder. Anyways, here is the log you asked for:


Tyler - 06-12-03 12:35:20.89 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Tyler\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-11-03 to 2006-12-03 ))))))))))))))))))))))))))))))))))


2006-12-01 16:01 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2006-12-01 15:16 <DIR> d-------- C:\Program Files\TGTSoft
2006-12-01 15:06 <DIR> dr--s---- C:\WINDOWS\assembly
2006-12-01 15:06 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2006-12-01 15:06 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2006-12-01 14:41 <DIR> d-------- C:\Program Files\Hijackthis
2006-12-01 06:03 2,702,336 --a------ C:\WINDOWS\system32\Genesis_original.exe
2006-12-01 06:03 2,701,824 --a------ C:\WINDOWS\system32\Genesis.exe
2006-12-01 06:02 183,296 --a-s---- C:\WINDOWS\NDNuninstall7_22.exe
2006-12-01 05:59 50,688 --a-s---- C:\WINDOWS\NDNuninstall6_38.exe
2006-12-01 05:59 <DIR> d-------- C:\Program Files\themexp
2006-11-30 20:43 2,702,336 --a------ C:\WINDOWS\system32\alien.exe
2006-11-30 20:29 <DIR> d-------- C:\BACKUP
2006-11-30 06:21 <DIR> d-------- C:\Program Files\Video ActiveX Object
2006-11-30 06:19 <DIR> d-------- C:\Program Files\Allok RM RMVB to AVI MPEG DVD Converter
2006-11-29 21:29 <DIR> d-------- C:\Program Files\545 Studios
2006-11-28 18:14 <DIR> d-------- C:\Documents and Settings\Tyler\Application Data\Media Player Classic
2006-11-28 18:13 <DIR> d-------- C:\Program Files\Real Alternative
2006-11-28 18:13 <DIR> d-------- C:\Program Files\Media Player Classic
2006-11-28 18:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Real
2006-11-25 20:06 <DIR> d-------- C:\Documents and Settings\Tyler\Application Data\acccore
2006-11-25 20:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2006-11-25 20:05 <DIR> d-------- C:\Program Files\Common Files\AOL
2006-11-25 20:05 <DIR> d-------- C:\Program Files\AIM6
2006-11-25 20:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2006-11-25 20:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2006-11-25 17:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-11-24 14:31 704,512 --a------ C:\WINDOWS\system32\CDDBUI.dll
2006-11-24 14:31 569,344 --a------ C:\WINDOWS\system32\CDDBControl.dll
2006-11-24 14:31 53,248 --a------ C:\WINDOWS\system32\Mfc42loc.dll
2006-11-24 14:31 15,172 --a------ C:\WINDOWS\system32\drivers\PzWDM.sys
2006-11-24 14:30 40,960 --a------ C:\WINDOWS\system32\ezSP_Px.exe
2006-11-24 14:30 <DIR> d-------- C:\Program Files\DigiOn
2006-11-24 13:13 <DIR> d-------- C:\apollotmp
2006-11-24 12:44 <DIR> d-------- C:\Program Files\Apollo Audio DVD Creator
2006-11-19 17:43 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2006-11-19 17:43 <DIR> d-------- C:\Program Files\Plustech Inc
2006-11-18 21:49 <DIR> d-------- C:\WINDOWS\system32\dt
2006-11-15 06:06 <DIR> d-------- C:\Program Files\Common Files\Vbox
2006-11-15 06:04 <DIR> d-------- C:\Program Files\WMF
2006-11-15 06:03 <DIR> d-------- C:\Program Files\DirectX9
2006-11-15 05:48 14,604 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2006-11-15 03:01 <DIR> d-------- C:\1effad6172f8c442c84236b9b9042b
2006-11-14 15:28 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2006-11-12 21:00 <DIR> d-------- C:\Program Files\Google Video
2006-11-12 13:42 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2006-11-12 12:15 <DIR> d-------- C:\Fraps
2006-11-10 06:34 <DIR> d-------- C:\Documents and Settings\Tyler\Application Data\AdobeUM
2006-11-09 20:14 <DIR> d-------- C:\Program Files\Dash curb settings
2006-11-09 20:12 <DIR> d-------- C:\Program Files\Download Plugin
2006-11-05 20:51 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll
2006-11-05 20:51 475,136 --a------ C:\WINDOWS\system32\SkinCrafter.dll
2006-11-05 20:51 139,264 --a------ C:\WINDOWS\system32\viscomqtde.dll
2006-11-05 20:51 <DIR> d-------- C:\Program Files\A-one iPod PSP 3GP Video Converter
2006-11-05 11:07 <DIR> d-------- C:\Program Files\Roger Wilco
2006-11-05 11:07 <DIR> d-------- C:\Program Files\GameSpy Arcade
2006-11-04 20:32 <DIR> d-------- C:\WINDOWS\temp
2006-11-04 16:49 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-11-04 16:45 <DIR> d-------- C:\Documents and Settings\Tyler\Application Data\MSN6
2006-11-04 16:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2006-11-04 16:15 <DIR> d-------- C:\Program Files\Roguescanfix
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-03 12:33 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-03 12:31 -------- d-------- C:\Program Files\Common Files
2006-12-02 21:36 -------- d-------- C:\Program Files\Warcraft III
2006-12-02 11:14 -------- d-------- C:\Program Files\PokerStars
2006-12-01 15:53 -------- d-------- C:\Program Files\WinRAR
2006-11-29 21:32 -------- d-------- C:\Program Files\AIM
2006-11-28 18:12 -------- d-------- C:\Program Files\Common Files\Real
2006-11-28 18:12 -------- d-------- C:\Documents and Settings\Tyler\Application Data\Real
2006-11-25 20:05 -------- d-------- C:\Documents and Settings\Tyler\Application Data\Mozilla
2006-11-24 14:30 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-18 19:54 -------- d-------- C:\Documents and Settings\Tyler\Application Data\teamspeak2
2006-11-15 17:42 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-11-15 06:05 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-11-15 06:05 -------- d-------- C:\Program Files\Adobe
2006-11-15 03:01 -------- d-------- C:\Program Files\Internet Explorer
2006-11-10 06:33 -------- d-------- C:\Documents and Settings\Tyler\Application Data\Adobe
2006-11-10 06:31 879 --a------ C:\Documents and Settings\Tyler\Application Data\AdobeDLM.log
2006-11-10 06:31 0 --a------ C:\Documents and Settings\Tyler\Application Data\dm.ini
2006-11-10 06:30 -------- d-------- C:\Program Files\Common Files\Adobe
2006-11-09 20:14 -------- d-------- C:\Documents and Settings\Tyler\Application Data\Dash curb settings
2006-11-07 15:00 -------- d-------- C:\Program Files\EA GAMES
2006-11-04 18:10 -------- d-------- C:\Program Files\Norton Internet Security
2006-11-04 17:16 -------- d-------- C:\Program Files\Messenger
2006-11-04 17:14 -------- d-------- C:\Program Files\iTunes
2006-11-04 14:38 -------- d-------- C:\Program Files\BFG
2006-11-02 20:19 -------- d-------- C:\Program Files\iPod
2006-11-02 20:17 -------- d-------- C:\Program Files\QuickTime
2006-11-02 20:15 -------- d-------- C:\Program Files\Apple Software Update
2006-11-01 21:53 -------- d-------- C:\Documents and Settings\Tyler\Application Data\Opera
2006-10-31 13:12 -------- d-------- C:\Documents and Settings\Tyler\Application Data\Ahead
2006-10-30 15:09 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-10-29 21:22 -------- d-------- C:\Program Files\Common Files\Ahead
2006-10-29 21:20 -------- d-------- C:\Program Files\Nero
2006-10-29 16:41 -------- d-------- C:\Program Files\4U Computing
2006-10-29 15:58 -------- d-------- C:\Program Files\AVI DivX to DVD SVCD VCD Converter
2006-10-27 14:09 -------- d-------- C:\Program Files\Common Files\AVSMedia
2006-10-27 14:08 -------- d-------- C:\Program Files\Common Files\Download Manager
2006-10-27 13:52 -------- d-------- C:\Program Files\Cucusoft
2006-10-26 20:58 -------- d-------- C:\Documents and Settings\Tyler\Application Data\DivX
2006-10-26 20:32 -------- d-------- C:\Program Files\On2 Technologies
2006-10-26 20:20 -------- d-------- C:\Program Files\Ultra QuickTime Converter
2006-10-26 20:19 2368 --a------ C:\WINDOWS\system32\SVKP.sys
2006-10-26 20:00 -------- d-------- C:\Program Files\DivX
2006-10-26 19:59 -------- d-------- C:\Program Files\Google
2006-10-26 18:35 -------- d-------- C:\Program Files\XviD
2006-10-26 04:43 40960 --a------ C:\WINDOWS\system32\frapsvid.dll
2006-10-18 17:23 864 --a------ C:\Program Files\counting crows.zip
2006-10-16 19:46 -------- d-------- C:\Documents and Settings\Tyler\Application Data\Apple Computer
2006-10-16 19:39 -------- d-------- C:\Program Files\SymNetDrv
2006-10-16 19:39 -------- d-------- C:\Program Files\Symantec
2006-10-16 19:18 4096 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2006-10-16 19:18 -------- d-------- C:\Documents and Settings\Tyler\Application Data\Symantec
2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-10 17:13 59153 --a------ C:\Program Files\zzzz-CB-rifles-only-v1.0.rar
2006-10-10 14:36 233472 --a------ C:\Program Files\PakScape.exe
2006-10-08 17:45 29392 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-10-08 15:54 -------- d-------- C:\Documents and Settings\Tyler\Application Data\WeatherBug
2006-10-08 14:44 20992 --a--c--- C:\WINDOWS\Explor.exe
2006-10-07 16:40 -------- d-------- C:\Program Files\Viewpoint
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 14:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 14:04 635486 --a------ C:\WINDOWS\system32\DivX.dll
2006-10-01 17:42 774144 --a------ C:\Program Files\RngInterstitial.dll
2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-09-15 21:52 91904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Steam"=""
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"Aim6"=""
"STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"URLLSTCK.exe"="C:\\Program Files\\Norton Internet Security\\UrlLstCk.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"NapsterShell"="C:\\Program Files\\Napster\\napster.exe /systray"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"PinnacleDriverCheck"="C:\\WINDOWS\\System32\\PSDrvCheck.exe"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"ezShieldProtector for Px"="C:\\WINDOWS\\system32\\ezSP_Px.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\A4B475E490BBE8C0.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Tyler.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-12-03 12:37:04.46
C:\ComboFix.txt ... 06-12-03 12:37


The Task manager and Regedit are working again. :thumbsup:

Edited by fr0sTbytE, 03 December 2006 - 01:14 PM.


#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:19 AM

Posted 03 December 2006 - 04:04 PM

We're getting close now.

Open notepad and copy and paste this text in it:
%systemdrive%
cd C:\WINDOWS\Tasks
attrib -r -s -h A4B475E490BBE8C0.job
del A4B475E490BBE8C0.job

Save this as remjob.bat , choose to save it as *all files and place it on your desktop.
Doubleclick on remjob.bat. A doswindow will open and close again, this is normal.


Delete these files.

C:\WINDOWS\NDNuninstall7_22.exe
C:\WINDOWS\NDNuninstall6_38.exe
C:\WINDOWS\Explor.exe <-- be careful here not to delete explorer.exe



Delete these folders.

C:\Program Files\Dash curb settings
C:\Program Files\Download Plugin
C:\Program Files\Viewpoint
C:\Documents and Settings\Tyler\Application Data\Dash curb settings




Reboot your computer.




Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new hijackthis log.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 fr0sTbytE

fr0sTbytE
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 03 December 2006 - 06:03 PM

Hi Sam, the C:\Program Files\Viewpoint was also being stubborn. It says: Access is Denied. Please make sure it is not Write-Protected or running. I could not find it on the processes list so I left it there. Here is the panda report:


Incident Status Location

Spyware:spyware/linkreplacer Not disinfected c:\windows\system32\lmdv.bin
Adware:adware/tvmedia Not disinfected C:\Documents and Settings\Tyler\Application Data\tvmcwrd.dll
Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\smdat32a.sys
Adware:adware/cydoor Not disinfected c:\windows\system32\AdCache
Potentially unwanted tool:application/funweb Not disinfected c:\program files\FunWebProducts
Potentially unwanted tool:application/myway Not disinfected c:\program files\MyWay
Potentially unwanted tool:application/mywebsearch Not disinfected c:\program files\MyWebSearch
Adware:adware/seekseek Not disinfected Windows Registry
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM
Adware:adware/virtualbouncer Not disinfected Windows Registry
Adware:adware/whenusearch Not disinfected Windows Registry
Adware:adware/ipbill Not disinfected Windows Registry
Adware:adware/sbsoft Not disinfected Windows Registry
Spyware:spyware/new.net Not disinfected Windows Registry
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ofeegtpd.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ofeegtpd.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ofeegtpd.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ofeegtpd.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ofeegtpd.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ofeegtpd.default\cookies.txt[.advertising.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ofeegtpd.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ofeegtpd.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ofeegtpd.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ofeegtpd.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ofeegtpd.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ofeegtpd.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ofeegtpd.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ofeegtpd.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ofeegtpd.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ofeegtpd.default\cookies.txt[.zedo.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ofeegtpd.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ofeegtpd.default\cookies.txt[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Guest\Cookies\guest@2o7[1].txt
Spyware:Cookie/7search Not disinfected C:\Documents and Settings\Guest\Cookies\guest@7search[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Guest\Cookies\guest@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Guest\Cookies\guest@adrevolver[3].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Guest\Cookies\guest@ads.addynamix[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Guest\Cookies\guest@ads.pointroll[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Guest\Cookies\guest@adultfriendfinder[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Guest\Cookies\guest@advertising[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Guest\Cookies\guest@as-us.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Guest\Cookies\guest@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Guest\Cookies\guest@belnk[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Guest\Cookies\guest@bs.serving-sys[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Guest\Cookies\guest@c.enhance[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Guest\Cookies\guest@casalemedia[1].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Guest\Cookies\guest@centrport[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Guest\Cookies\guest@com[1].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Guest\Cookies\guest@data.coremetrics[1].txt
Spyware:Cookie/DelfinMedia Not disinfected C:\Documents and Settings\Guest\Cookies\guest@delfinproject[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Guest\Cookies\guest@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Guest\Cookies\guest@ehg-dig.hitbox[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Guest\Cookies\guest@fastclick[2].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Guest\Cookies\guest@findwhat[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Guest\Cookies\guest@go[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Guest\Cookies\guest@hitbox[2].txt
Spyware:Cookie/Lop Not disinfected C:\Documents and Settings\Guest\Cookies\guest@lop[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Guest\Cookies\guest@maxserving[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Guest\Cookies\guest@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Guest\Cookies\guest@overture[1].txt
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Guest\Cookies\guest@paycounter[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Guest\Cookies\guest@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Guest\Cookies\guest@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Guest\Cookies\guest@realmedia[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Guest\Cookies\guest@revenue[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Guest\Cookies\guest@server.iad.liveperson[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Guest\Cookies\guest@serving-sys[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Guest\Cookies\guest@statcounter[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Guest\Cookies\guest@statse.webtrendslive[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Guest\Cookies\guest@tradedoubler[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Guest\Cookies\guest@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Guest\Cookies\guest@tribalfusion[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Guest\Cookies\guest@www.burstbeacon[1].txt
Spyware:Cookie/VirusBurst Not disinfected C:\Documents and Settings\Guest\Cookies\guest@www.virusburst[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Guest\Cookies\guest@zedo[1].txt
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\KXEF09QJ\newpass2[1].htm
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.atwola.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.2o7.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.weborama.fr/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.advertising.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.spylog.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.targetnet.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.com.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.overture.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.azjmp.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.ads.addynamix.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.ccbill.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.clickbank.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.microsoftwga.112.2o7.net/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\bjk6p3pj.default\cookies.txt[.tradedoubler.com/]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Tyler\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-9523825-6dca4404.zip[NewSecurityClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Tyler\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-9523825-6dca4404.zip[NewURLClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Tyler\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv470.jar-1e162ed0-7aa19204.zip[Matrix.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Tyler\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv470.jar-1e162ed0-7aa19204.zip[Dummy.class]
Spyware:Cookie/217.73.66.16 Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@217.73.66[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@247realmedia[1].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@276[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@2o7[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@888[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@ad.sensismediasmart.com[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@adopt.hbmediapro[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@adrevolver[2].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@ads.addynamix[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@ads.pointroll[2].txt
Spyware:Cookie/ads.tripod.lycos.com Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@ads.tripod.lycos[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@adserver.filefront[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@adtech[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@advertising[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@apmebf[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@as-eu.falkag[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@as-us.falkag[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@as1.falkag[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@atwola[2].txt
Spyware:Cookie/Lop Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@ayb.lop[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@azjmp[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Tyler\Cookies\tyler@banner[1].txt

#12 fr0sTbytE

fr0sTbytE
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 03 December 2006 - 06:06 PM

And here is the new HiJackThis Log:


Logfile of HijackThis v1.99.1
Scan saved at 5:58:14 PM, on 12/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28578.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple...iTunesSetup.exe
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v45/bejeweled/bejeweled.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1104453706484
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe



Wow it looks like I have a lot of bad things on my computer.. :thumbsup:

Edited by fr0sTbytE, 03 December 2006 - 06:07 PM.


#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:19 AM

Posted 03 December 2006 - 07:48 PM

It's not as bad as it appears.

Please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
  • If you have trouble getting into Safe mode go here for more info.
Once in safe mode, delete these folders.

c:\windows\system32\AdCache
c:\program files\FunWebProducts
c:\program files\MyWay
c:\program files\MyWebSearch
c:\program files\Viewpoint



And delete these files.

c:\windows\system32\lmdv.bin
c:\windows\smdat32a.sys
C:\Documents and Settings\Tyler\Application Data\tvmcwrd.dll




Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
Now reboot back into normal mode.



Download and scan with the free 15 day trial of Counterspy
Save the report when it's finished:
  • Once Counterspy has done scanning,the 'Scan Results' box will appear.
  • Click on 'View Results'.
  • Under (Recommended Action),using the drop down menus at the side of each entry found,set EVERYTHING to Remove.
  • Then click on Take Action.
  • Once everything has been removed,click on View Details.
  • Copy and Paste those details into your next reply here.
Let me know how your computer is running and any problems that you are still having.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 fr0sTbytE

fr0sTbytE
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 04 December 2006 - 04:26 PM

Hi Sam, I did delete the cookies... but on here it doesnt look like I did so maybe I did it wrong. Anyways, here is the report you asked for. Thanks. (The rest is on the next post).


Spyware Scan Details
Start Date: 12/4/2006 3:02:29 PM
End Date: 12/4/2006 4:15:05 PM
Total Time: 1 hrs 12 mins 36 secs

Detected spyware

Weatherbug Low Risk Adware more information...
Details: Weatherbug is an ad supported desktop weather applicaton that provides updates on weather conditions and displays real time temperatures in the taskbar icon.
Status: Deleted

Infected files detected
c:\documents and settings\tyler\application data\weatherbug\102x96aimlogoad.jpg
c:\documents and settings\tyler\application data\weatherbug\533.jpg
c:\documents and settings\tyler\application data\weatherbug\60-aol-aimnew-mask.bmp
c:\documents and settings\tyler\application data\weatherbug\60-aol-aimnew3.jpg
c:\documents and settings\tyler\application data\weatherbug\60default-mask.bmp
c:\documents and settings\tyler\application data\weatherbug\60default.jpg
c:\documents and settings\tyler\application data\weatherbug\60_blueyellow.jpg
c:\documents and settings\tyler\application data\weatherbug\60_blueyellow_mask.bmp
c:\documents and settings\tyler\application data\weatherbug\60_blueyellow_nav_traffic.jpg
c:\documents and settings\tyler\application data\weatherbug\nav_alt2.jpg
c:\documents and settings\tyler\application data\weatherbug\nav_square2.jpg
c:\documents and settings\tyler\application data\weatherbug\thumbs.db
c:\documents and settings\tyler\application data\weatherbug\topnav_free_round_green.jpg
c:\documents and settings\tyler\application data\weatherbug\topnav_free_sq_green.jpg

Infected registry entries detected
HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c}
HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c}\TypeLib {3C2D2A1E-031F-4397-9614-87C932A848E0}
HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} IMiniBugTransporterX
HKEY_CURRENT_USER\Software\AWS
HKEY_CURRENT_USER\Software\AWS\MiniBug\DownLoad TotalFileNum 1
HKEY_CURRENT_USER\Software\AWS\MiniBug\DownLoad FileToRun AIMWxBugSetup60b6.04.0.9.EXE
HKEY_CURRENT_USER\Software\AWS\MiniBug\DownLoad RunMode 1
HKEY_CURRENT_USER\Software\AWS\MiniBug\DownLoad FileUrl0 http://wdownload.weatherbug.com/MiniBug/In...60b6.04.0.9.EXE
HKEY_CURRENT_USER\Software\AWS\MiniBug\DownLoad FileSize0 3699800
HKEY_CURRENT_USER\Software\AWS\MiniBug\DownLoad FileFlag0 56767
HKEY_CURRENT_USER\Software\AWS\MiniBug\DownLoad File0Done 1
HKEY_CURRENT_USER\Software\AWS\MiniBug\DownLoad FileLoc0 3699800
HKEY_CURRENT_USER\Software\AWS\MiniBug\DownLoad TotalBytes 3699800
HKEY_CURRENT_USER\Software\AWS\MiniBug\DownLoad AllDownloaded 1
HKEY_CURRENT_USER\Software\AWS\MiniBug\Reg RegNum 93214237
HKEY_CURRENT_USER\Software\AWS\MiniBug\Reg GetDataURL http://wisapidata.weatherbug.com/WxDataISA...p;ZipCode=06488
HKEY_CURRENT_USER\Software\AWS\MiniBug\Reg GetFileInfoURL http://ww2.weatherbug.com/MiniBug/GetFileI...Code=Z3959&
HKEY_CURRENT_USER\Software\AWS\MiniBug\Setup Zip 06488
HKEY_CURRENT_USER\Software\AWS\MiniBug\Setup ZCode Z3959
HKEY_CURRENT_USER\Software\AWS\MiniBug\Setup DownloadID 1800
HKEY_CURRENT_USER\Software\AWS\MiniBug\Setup Email
HKEY_CURRENT_USER\Software\AWS\MiniBug\Setup BugStartup 2
HKEY_CURRENT_USER\Software\AWS\MiniBug\Setup StartCode 1
HKEY_CURRENT_USER\Software\AWS\MiniBug\Setup Special
HKEY_CURRENT_USER\Software\AWS\MiniBug\Setup TRIES 1500
HKEY_CURRENT_USER\Software\AWS\MiniBug\Setup DELAY 10
HKEY_CURRENT_USER\Software\AWS\weather\Command GetStationURL6
HKEY_CURRENT_USER\Software\AWS\weather\Command GetDesignURL6 a54~Cyv2g:4mtyoHkkz3Kus2i{mxhnkgz}k42t:omky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\Command GetDataURL6 [54*:4zgHgkzCKmo2iVMYEgMgz~H3]VMYEgMgz~H3]us2i{m~h2}:4voyg3o>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\Command GetCompactDataURL6 [544*g:gzGHkzCKmo2iVMYEgMgz~H3]VMYEgMgz~H3]us2i{m~h2}:4voyg3o>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\Command GetForecastURL6 _54*:4yzigxkJukzCKmo2iVMYEzMgykiux3JVMYEzMgykiux3lus2i{m~h2}:4voyg3o>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\Command GetWarningURL6 _544*z:kxErkzCKmo2ivoygzMkxEr]~M3EVMYxzrk~E3]us2i{m~h2}:4voyg3o>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\Command GetDesignURLASP6 a54~Cyv2g:4mtyoHkkz3Kus2i{mxhnkgz}k42t:omky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\CurrentStation StationID H68]K$T5
HKEY_CURRENT_USER\Software\AWS\weather\CurrentStation ZIPCityState b68Y(K~4zwmgzyXt5
HKEY_CURRENT_USER\Software\AWS\weather\Design ReqParas >54*Y89**YY67**YY5<**H|5#g6*g|*#54[E5*E5*[56[E7*E5*[E7*[\!*!*#58[E\*8**E54*H55*H`76**``5Z*#M*[H55*JG6*JG7*JG8*JG9*JG:*JG;*JG<*JG<*]U=*JGH*H!9*]U8*]U;*]U:*]U5*]U7*]U6*]U:*YV7**HV8*YV9*YV6*YE5*[]Y5*YV6
HKEY_CURRENT_USER\Software\AWS\weather\Design DesignInterval 21600
HKEY_CURRENT_USER\Software\AWS\weather\Design AdFreshInterval 300
HKEY_CURRENT_USER\Software\AWS\weather\Design BackgroundImageURL `54mpvz2{rlgHk:4z3{rlgHk:4y3rkYgy3gv]x~3q}ky3jus2i{mxhnkgz}k42t:omky2Hsm3M>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\Design BackgroundImageFile e54mpvz2{rlgHk:4mbF{kxznkgb]zgHgt$ougzoivrEvxbrkZOybtmzokz$Ytj$gzykt{suibHG>6
HKEY_CURRENT_USER\Software\AWS\weather\Design BackgroundImageSize 97191
HKEY_CURRENT_USER\Software\AWS\weather\Design MaskImageURL `54sv2hyqsgz1{rlgHk:4z3{rlgHk:4y3rkYgy3gv]x~3q}ky3jus2i{mxhnkgz}k42t:omky2Hsm3M>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\Design MaskImageFile d54sv2hyqsgz1{rlgHk:4mbF{kxznkgb]zgHgt$ougzoivrEvxbrkZOybtmzokz$Ytj$gzykt{suibHG>6
HKEY_CURRENT_USER\Software\AWS\weather\Design MaskImageSize 85864
HKEY_CURRENT_USER\Software\AWS\weather\Design BrandImageURL `54vm2p7739kygmMsz3gyjiugFx~3q}ky3jus2i{mxhnkgz}k42t:omky2Hsm3M>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\Design BrandImageFile c54mpv7297mbF{kxznkgb]zgHgt$ougzoivrEvxbrkZOybtmzokz$Ytj$gzykt{suibHG>6
HKEY_CURRENT_USER\Software\AWS\weather\Design BrandClickURL N544UAU"VX:*4<:;87A:MH*XA4YZGEFH4*!A!\48:2tAouxy\k7*97EAH"4*EAH"M#G*U^A MHutzozg*Y<<:8A4ov*`<:;47::8sA#{kmeXMI#eMUGZeE[KeFZ>KIEXeZ\*XjA4g|*t:=55GAvCgyO2uxkmgz3igruhKrs3iun2zt2}}}3}>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\Design BrandImageSize 5781
HKEY_CURRENT_USER\Software\AWS\weather\Design AffiliateLogo _54vm2pgjmuruM":E~=4635kygmMsk3gzroloEl~3q}ky3jus2i{mxhnkgz}k42t:omky2Hsm3M>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\Design AffiliateLogoFile b54mpvj2ugum"rEM=:6~54mbF{kxznkgb]zgHgt$ougzoivrEvxbrkZOybtmzokz$Ytj$gzykt{suibHG>6
HKEY_CURRENT_USER\Software\AWS\weather\Design AffiliateClick h54*$ye{zemutzogimeh{>ekzxmzgCev~gyt2ouoykikjgzrologlt3suus3ius2i{mxhnkgz}k~2q}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\Design AffiliateImageSize 5645
HKEY_CURRENT_USER\Software\AWS\weather\Design BottomURL >54*((E5((5A*E((E6((6A*E((H5((5A*H((H6((6A*H((H7((7A*H((H8((8A*H((H<(( HKEY_CURRENT_USER\Software\AWS\weather\Design DataR 15
HKEY_CURRENT_USER\Software\AWS\weather\Design DataG 33
HKEY_CURRENT_USER\Software\AWS\weather\Design DataB 135
HKEY_CURRENT_USER\Software\AWS\weather\Design DataShadownR 0
HKEY_CURRENT_USER\Software\AWS\weather\Design DataShadownG 0
HKEY_CURRENT_USER\Software\AWS\weather\Design DataShadownB 0
HKEY_CURRENT_USER\Software\AWS\weather\Design DataShadownDepth 0
HKEY_CURRENT_USER\Software\AWS\weather\Design ArrowR 253
HKEY_CURRENT_USER\Software\AWS\weather\Design ArrowG 0
HKEY_CURRENT_USER\Software\AWS\weather\Design ArrowB 0
HKEY_CURRENT_USER\Software\AWS\weather\Design ConditionR 15
HKEY_CURRENT_USER\Software\AWS\weather\Design ConditionG 33
HKEY_CURRENT_USER\Software\AWS\weather\Design ConditionB 135
HKEY_CURRENT_USER\Software\AWS\weather\Design ConditionShadowR 0
HKEY_CURRENT_USER\Software\AWS\weather\Design ConditionShadowG 0
HKEY_CURRENT_USER\Software\AWS\weather\Design ConditionShadowB 0
HKEY_CURRENT_USER\Software\AWS\weather\Design ConditionShadowDepth 0
HKEY_CURRENT_USER\Software\AWS\weather\Design FillerR 253
HKEY_CURRENT_USER\Software\AWS\weather\Design FillerG 0
HKEY_CURRENT_USER\Software\AWS\weather\Design FillerB 0
HKEY_CURRENT_USER\Software\AWS\weather\Design TitleR 70
HKEY_CURRENT_USER\Software\AWS\weather\Design TitleG 0
HKEY_CURRENT_USER\Software\AWS\weather\Design TitleB 172
HKEY_CURRENT_USER\Software\AWS\weather\Design TitleShadowR 0
HKEY_CURRENT_USER\Software\AWS\weather\Design TitleShadowG 0
HKEY_CURRENT_USER\Software\AWS\weather\Design TitleShadowB 0
HKEY_CURRENT_USER\Software\AWS\weather\Design TitleShadowDepth 0
HKEY_CURRENT_USER\Software\AWS\weather\Design LastPopupID 0
HKEY_CURRENT_USER\Software\AWS\weather\Design NewVersion 6.04
HKEY_CURRENT_USER\Software\AWS\weather\Design AdDormantFreshInterval 1800
HKEY_CURRENT_USER\Software\AWS\weather\Design TimeToDormant 60
HKEY_CURRENT_USER\Software\AWS\weather\Design LA 0
HKEY_CURRENT_USER\Software\AWS\weather\Design TdURL6 X54(5((EA(E5e*XIe ghjZ}Ejuotx]nkgz]kYe XAeghgz}e*}((u}tj]o]~gOojurjL}kokz\gy(!A(}~gOojuren|}rz(*G((VA(jkiu*P((E9([A(E9*[((E5([A(E5*[Ie XveuYtH]o]~Ye XAeyvju(*}(juot~]O]jgkq]kkjk}\oyz!g((~AO}jgkq}k}ez|*
HKEY_CURRENT_USER\Software\AWS\weather\Design TdInterval 3600
HKEY_CURRENT_USER\Software\AWS\weather\Design PartnerName \54$ HKEY_CURRENT_USER\Software\AWS\weather\Design LeftNavTabCount 11
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftNavImageURL c54mpvi2loglzx|etg}erukrkOr{eh:4k3gmos43z:{rlgjk~3q}ky3jus2i{mxhnkgz}k42t:omky2Hsm3M>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftNavImageFileName f54mpvi2loglzx|etg}erukrkOr{eh:4mbF{kxznkgb]zgHgt$ougzoivrEvxbrkZOybtmzokz$Ytj$gzykt{suibHG>6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftNavImageSize 55585
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabTip0 _542ktxkyik$us$n{xOuu$$zKu6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabName0 P54IeM\e!EFeZ6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabAction0 N54e\I!M#eMUGZeE[KeF6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabURL0 &54&&6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabTop0 0
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabBottom0 20
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabTip1 [54z2gykiux$lgO1j$;{xOuz$Kk6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabName1 S54ZeEYIGUXeJEFeZ6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabAction1 S54eZYK[#eMUGZeE[KeF6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabURL1 P54e]Ie gO;HGeAJ\6#EYe ]*eIe ]GeAJ\5#EYe ]*e(*H(E#(XA(tj*x(((\A(kx*|((#I`U((kAut*P((HIGUMV(`A(ov*P((VG((kAujPi(*!(!\((rAr|rCzs2nyzigxkJuz3gykiux3Jus2i{mxhnkgz}k~2q}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabTop1 20
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabBottom1 40
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabTip2 a54222xksu$$tj$gvysgk${xgzkxsvzk0$zkrokrgz$yx0jgxgx$rkvvHu6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabName2 S54eEXEHeXEFeZ6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabAction2 S54eZYK[#eMUGZeE[KeF6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabURL2 Q54Ie ]xerkvvHu"eAX\6#EYe ]*eIe ]"eAX\5#EYe ]*e(*H(E#(XA(tj*x(((\A(kx*|((HIGUMV(`A(ov*P((VG((kAujPi(*!(!\((rAr|rCzs2ngxgj3Xgxgj3Xus2i{mxhnkgz}k~2q}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabTop2 40
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabBottom2 60
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabTip3 c542zykxgrr$tgougz$ttj$ggrui$rk}\o6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabName3 P54eXZ!IeEEFeZ6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabAction3 S54eZYK[#eMUGZeE[KeF6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabURL3 U54Ie ]teu}qt[t]eAY\6#EYe ]*eIe ]]eAY\5#EYe ]*e(*H(E#(XA(tj*x(((\A(kx*|((HIGUMV(`A(ov*P((VG((kAujPi(*!(!\((rAr|rCzs2nkxznkgk]kxk|3Ykxznkgk]kxk|3Yus2i{mxhnkgz}k~2q}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabTop3 60
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabBottom3 80
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabTip4 _5422k2ux$stj$gtyouvz$uykgv$rskzo0$gykxgs$igrui$r|k!o6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabName4 N54EeIXE"eGEFeZ6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabAction4 S54eZYK[#eMUGZeE[KeF6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabURL4 P54e]Ie syGggruie!!G6AE\e#]Ye e*]Ie !G5AE\e#]Ye **((#HXE((jAxt(*\(((xA|k(*H(#MMUEZYZ((zAzg*y((HIGUMV(`A(ov*P((VG((kAujPi(*!(!\((rAr|rCzs2nxgskGgg3kxgs3Gus2i{mxhnkgz}k~2q}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabTop4 80
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabBottom4 100
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabTip5 d542utzoigrux$nkuzgtz$$gyzigxkluj$gtx$nkgz}kz$ktxxi{k$znq$kiGn6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabName5 Q54!e\IXEeZEFeZ6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabAction5 S54eZYK[#eMUGZeE[KeF6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabURL5 R54(G((VA(jkiu*PIe ]Yee[Z]6AE\e#]Ye e*]Ie Z]5AE\e#]Ye **((#HXE((jAxt(*\(((xA|k(*!(!\((rAr|rCzs2nkrg|Zxr3|kxg3Zus2i{mxhnkgz}k~2q}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabTop5 100
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabBottom5 120
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabTip6 d54y2zunu$v}t$u{xOuj$kt$yuxO$oz{tssium$F{kxznkg$]nk$zuslxy$zunu$vk}\o6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabName6 L54eZ_#M"[U"eGEFeZ6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabAction6 S54eZYK[#eMUGZeE[KeF6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabURL6 U54e]Ie syh{ErVeA_\6#EYe ]*eIe ]VeA_\5#EYe ]*e(*H(E#(XA(tj*x((V9(YA(yvzegy*r(((\A(kx*|((VG((kAujPi(*!(!\((rAr|rCzs2nuyuzVn{x_uy3zunuxVu{3_us2i{mxhnkgz}k~2q}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabTop6 120
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabBottom6 140
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabTip7 b5422k2ux$stj$gvyzoO$kzgl$yt0ougzxsluotk$tiokyi0$kyotjrkg$nkxznkg$}yzzkrgk$znz$Kk6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabName7 R54YeI]e#EFeZ6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabAction7 S54eZYK[#eMUGZeE[KeF6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabURL7 V54e*]Ie kxiqxgkZgtoixxL{JeA#|6#gYe ]*eIe ]JeA#|5#gYe ]*eA8ghezxxi{(*H(E#(XA(tj*x(((\A(kx*|((VG((kAujPi(*!(!\((rAr|rCzs2ngrzxktsGuxYzy3k}3#us2i{mxhnkgz}k~2q}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabTop7 140
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabBottom7 160
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabTip8 i54zngrLk6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabName8 O54Le!ZIEeLEFeZ6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabAction8 S54eZYK[#eMUGZeE[KeF6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabURL8 R54e]Ie zOro{gxWEoUeAL\6#EYe ]*eIe ]UeAL\5#EYe ]*e(*H(E#(XA(tj*x(((\A(kx*|((HIGUMV(`A(ov*P((VG((kAujPi(*!(!\((rAr|rCzs2nzngrLkn3rzkg3Lus2i{mxhnkgz}k~2q}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabTop8 160
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabBottom8 180
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabTip9 e542kyzo|ozogij$zkrgxkx1nkgz}kt$l{x$u{z$u{q$kiGn6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabName9 P54#eJ[IXZLIEe]EFeZ6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabAction9 S54eZYK[#eMUGZeE[KeF6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabURL9 \54Ie ]keutt`J{JeA]\6#EYe ]*eIe ]JeA]\5#EYe ]*e(*H(E#(XA(tj*xIe Xge|oxotZJ{]~Ye XAeo~zxsgge|oxo*zIe Xyekxy}Etogo|Zx{t~Je]XYe jAxk}ktyegogo|zxe*XIe izxkuxgG|oxotZJ{]~Ye XAeizxkuxeiogo|zx5*hAzgxe{x*
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabTop9 180
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabBottom9 200
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabTip10 f54utzosguxtl$ooillxg$zgrui$r|k!o6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabName10 R54eMGJJXEeZEFeZ6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabAction10 S54eZYK[#eMUGZeE[KeF6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabURL10 U54(*H(E#(XA(tj*x(((\A(kx*|((VG((kAujPi(*!(!\((rAr|e*XIe utmoXkoillxgzZgye!XYe jAeoutmoxk(*5((!A(!5rCzs2noillxg3Zoillxg3Zus2i{mxhnkgz}k~2q}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabTop10 200
HKEY_CURRENT_USER\Software\AWS\weather\Design LeftTabBottom10 220
HKEY_CURRENT_USER\Software\AWS\weather\Design TopNavTabCount 7
HKEY_CURRENT_USER\Software\AWS\weather\Design TopNavImageURL b54mpvt2kkKxje{tXukexkeJg|v#Zuk3gmos43z:{rlgjk~3q}ky3jus2i{mxhnkgz}k42t:omky2Hsm3M>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\Design TopNavImageFileName f54mpvt2kkKxje{tXukexkeJg|v#ZumbF{kxznkgb]zgHgt$ougzoivrEvxbrkZOybtmzokz$Ytj$gzykt{suibHG>6
HKEY_CURRENT_USER\Software\AWS\weather\Design TopNavImageSize 28269
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabTip0 `54%jy$g#Un$oz$}ky{xgzlks$o{ksVx6
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabName0 L54!eE!Y"Ye![eVIZeKEFeZ6
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabAction0 P54eU#ZM\EZMEGUeVX#eMUGZeE[KeF6
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabURL0 \54(*H(E#(XA(tj*x86A8iO*e86A;i~Cev~gyt2ougzo|izyEr{3V{yVrs3ium2h{kxznkg2}rm~jq}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabLeft0 0
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabRight0 63
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabTip1 c542xkzu$ytkroutx$u{t$$ouvYn6
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabName1 M54e!!"EeYXIZUeYEFeZ6
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabAction1 Q54eMI#eMUGZeE[KeF6
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabURL1 a544544A=ojCiv~gyk2us3n{yvrs3ium2h{kxznkg2}xkzu3y>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabLeft1 63
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabRight1 105
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabTip2 g54kyoix|yky$kykrox$}{zhu$gxk"u6
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabName2 K54!eE!Y"YeIYI!MXe]EFeZ6
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabAction2 Q54eMI#eMUGZeE[KeF6
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabURL2 ^54*69jAyo(*I(UHVG`M((vAPoxzrkzgz~(*H(KMXI((jAeokmCxv~gyt2ougzzxoykmkXtyvukyzXkiox3Hus2i{mxhnkgz}kv2sv2ykh3}>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabLeft2 105
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabRight2 160
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabTip3 Z54G$V{xOuq$kiGn6
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabName3 I54!eE!Y"GeeVG LIeGEFeZ6
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabAction3 Q54eMI#eMUGZeE[KeF6
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabURL3 g543xm2ukx{zsviu{xOuiqnk3i>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabLeft3 167
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabRight3 246
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabTip4 h54xOzukiox$jtzzkut$irrJ{6
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabName4 X54rrsgeYEVI"MZeYEFeZ6
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabAction4 S54eZYK[#eMUGZeE[KeF6
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabURL4 V54(G((VA(jkiu*P(*H(E#(XA(tj*x((\!(!A(|rCrsrnz~2jkMtt3suus3Gus2i{mxhnkgz}k~2q}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabLeft4 246
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabRight4 304
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabTip5 g542myotzzykj$gty$utzouvk$oPusyzG{6
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabName5 U54rrsgeYIY#GXIJIXIeVEFeZ6
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabAction5 M54eUKE!HMYeGII#IXIJVX#eMUGZeE[KeF6
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabURL5 U54(*H(E#(XA(tj*x(((\A(kx*|((VG((kAujPi(*!(!\((rAr|rCzs2nkxrjnuikrg3vus2i{mxhnkgz}k~2q}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabLeft5 304
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabRight5 376
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabTip6 _54z2uxvvy{k$ottr$utj$gWyJE0$rvLk6
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabName6 P54VeI!eLEFeZ6
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabAction6 Q54eMI#eMUGZeE[KeF6
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabURL6 Q54(*G((VA(jkiu*P((\!(!A(|r*r(((\A(utyokx*|((MHIK(XA(oj*x((HIGUMV(`A(ov*P((#HXE((jAxt(*\(((xA|k~Cyv2grvLkv3kr3Lus2i{mxhnkgz}k~2q}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabLeft6 376
HKEY_CURRENT_USER\Software\AWS\weather\Design TopTabRight6 416
HKEY_CURRENT_USER\Software\AWS\weather\Design StartCount 65424492
HKEY_CURRENT_USER\Software\AWS\weather\Design EndCount 65458162
HKEY_CURRENT_USER\Software\AWS\weather\Design ShreBugText e54{mxFnkgz]kk$gxYn6
HKEY_CURRENT_USER\Software\AWS\weather\Design DownloadText n54ygjru}tHu6
HKEY_CURRENT_USER\Software\AWS\weather\Design MoreObs Y54(*\(((xA|k(*H(#MMUEZYZ((zAzgCysrnzy2xzrkOE3"zykxEr"Oy3r{3Vus2i{mxhnkgz}k~2q}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\Design StatClks X54eZYK[#eMUGZeE[KeFZAKIEXeZ(*\(((xA|k(*Z(#M([A(zyto*{((HIGUMV(`A(ov*P((MHU#ZMZE(YA(gzyzrCzs2ntyougzx|ykUhy3utzo|gkxhy3Uus2i{mxhnkgz}k~2q}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\Design LocMan _547*9=OAei7*:<~Aei~Cyv2gutzoig!ux3mktg"gutzoig!us3ium2h{kxznkg2}rm~jq}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\Design InsWiz f54Cv~gy~2jkotj3gxoPr]gryzMts3ium2h{kxznkg2}rm~jq}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\Design Zone @54:44GZ6
HKEY_CURRENT_USER\Software\AWS\weather\Design PMClicks 0
HKEY_CURRENT_USER\Software\AWS\weather\Design PMDeclined 1
HKEY_CURRENT_USER\Software\AWS\weather\Design PMTime 1108556325
HKEY_CURRENT_USER\Software\AWS\weather\Design UA4 55456
HKEY_CURRENT_USER\Software\AWS\weather\Forecast Title0 n54zmntoZu6
HKEY_CURRENT_USER\Software\AWS\weather\Forecast Hi0 154116
HKEY_CURRENT_USER\Software\AWS\weather\Forecast Low0 654946
HKEY_CURRENT_USER\Software\AWS\weather\Forecast Cond0 14
HKEY_CURRENT_USER\Software\AWS\weather\Forecast CondText1_0 a54xy}knu$YO2{jru$irOyz"u6
HKEY_CURRENT_USER\Software\AWS\weather\Forecast CondText2_0 W54222rOqkro6
HKEY_CURRENT_USER\Software\AWS\weather\Forecast Title1 \54gOtj"u6
HKEY_CURRENT_USER\Software\AWS\weather\Forecast Hi1 754;46
HKEY_CURRENT_USER\Software\AWS\weather\Forecast Low1 754866
HKEY_CURRENT_USER\Software\AWS\weather\Forecast Cond1 3
HKEY_CURRENT_USER\Software\AWS\weather\Forecast CondText1_1 a54$gzn}oO${jru$irOxzVg6
HKEY_CURRENT_USER\Software\AWS\weather\Forecast CondText2_1 ]54222ulk$ting$inzomyr6
HKEY_CURRENT_USER\Software\AWS\weather\Forecast Title2 h54OjgkyZ{6
HKEY_CURRENT_USER\Software\AWS\weather\Forecast Hi2 954:96
HKEY_CURRENT_USER\Software\AWS\weather\Forecast Low2 754866
HKEY_CURRENT_USER\Software\AWS\weather\Forecast Cond2 3
HKEY_CURRENT_USER\Software\AWS\weather\Forecast CondText1_2 Z5422O2{jru$irOxzVg6
HKEY_CURRENT_USER\Software\AWS\weather\Forecast CondText2_2
HKEY_CURRENT_USER\Software\AWS\weather\Forecast Interval 3600
HKEY_CURRENT_USER\Software\AWS\weather\Forecast UpdateTime 1108761275
HKEY_CURRENT_USER\Software\AWS\weather\Links CustomLinkNum 5
HKEY_CURRENT_USER\Software\AWS\weather\Links CLinkName0 e54{yVrm$F{kxznkg$]zk|gzoEi6
HKEY_CURRENT_USER\Software\AWS\weather\Links CLinkURL0 [54#eMUEZM\GZeEXUeVU#ZMEGKeF[>eIZXKZE*e86A8iO*e86A;i~Cev~gyt2ougzo|izyEr{3V{yVrs3ium2h{kxznkg2}rm~jq}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\Links CLinkName1 e54{yVrm$F{kxznkg$]zuk$ohixhyY{6
HKEY_CURRENT_USER\Software\AWS\weather\Links CLinkURL1 [54#eMUEZM\GZeEXUeVU#ZMEGKeF[>eIZXKZE*e86A8iO*e86A;i~Cev~gyt2ougzo|izyEr{3V{yVrs3ium2h{kxznkg2}rm~jq}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\Links CLinkName2 15416
HKEY_CURRENT_USER\Software\AWS\weather\Links CLinkURL2 15416
HKEY_CURRENT_USER\Software\AWS\weather\Links CLinkName3 e54{mxFnkgz]kk$gxYn6
HKEY_CURRENT_USER\Software\AWS\weather\Links CLinkURL3 Y54*((VG((kAujPi(*H(KMXI((jAxoe*ZYK[#eMUGZeE[KeFZ>KIEXeZ~Cyv2g{mkFZnxkng3Y{mkFZnxkng3Yus2i{mxhnkgz}k~2q}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\Links CLinkName4 a54mkVgk$us$L{mxFnkgz]k6
HKEY_CURRENT_USER\Software\AWS\weather\Links CLinkURL4 g54sium2h{kxznkg2}}}3}>3zvnz6
HKEY_CURRENT_USER\Software\AWS\weather\Options path C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE
HKEY_CURRENT_USER\Software\AWS\weather\Options Version 6.04
HKEY_CURRENT_USER\Software\AWS\weather\Options Start 1116191745
HKEY_CURRENT_USER\Software\AWS\weather\Options CheckInstance 0
HKEY_CURRENT_USER\Software\AWS\weather\Options OldVersion 65448:26
HKEY_CURRENT_USER\Software\AWS\weather\Options ZipCode 06488
HKEY_CURRENT_USER\Software\AWS\weather\Options Temperature 64
HKEY_CURRENT_USER\Software\AWS\weather\Options ObTime 1116191751
HKEY_CURRENT_USER\Software\AWS\weather\Options FirstMin 0
HKEY_CURRENT_USER\Software\AWS\weather\Options ClosePrompt 1
HKEY_CURRENT_USER\Software\AWS\weather\Reg UA5 :58:<8:::8@992
HKEY_CURRENT_USER\Software\AWS\weather\Reg FC4 7548<5;5=5:556
HKEY_CURRENT_USER\Software\AWS\weather\Reg UA10 42
HKEY_CURRENT_USER\Software\AWS\weather\Reg UA7 42
HKEY_CURRENT_USER\Software\AWS\weather\Reg N =58@>?8;>><3
HKEY_CURRENT_USER\Software\AWS\weather\Reg WXID 64367086
HKEY_CURRENT_USER\Software\AWS\weather\Reg DEC 0
HKEY_CURRENT_USER\Software\AWS\weather\Reg UA1 :58;<8:::8@993
HKEY_CURRENT_USER\Software\AWS\weather\Reg A2 63374;<:443444
HKEY_CURRENT_USER\Software\AWS\weather\Reg A1 554454946
HKEY_CURRENT_USER\Software\AWS\weather\Reg L1 7547976
HKEY_CURRENT_USER\Software\AWS\weather\Reg L2 m54O{xnh{zYu6
HKEY_CURRENT_USER\Software\AWS\weather\Reg L3 P54GZ6
HKEY_CURRENT_USER\Software\AWS\weather\Reg UA13 75468;95;5:556
HKEY_CURRENT_USER\Software\AWS\weather\Reg UA3 75469:7994<556
HKEY_CURRENT_USER\Software\AWS\weather\setup ZipCode 06488
HKEY_CURRENT_USER\Software\AWS\weather\setup ZCode Z3959
HKEY_CURRENT_USER\Software\AWS\weather\setup DOWNLOADID 1800
HKEY_CURRENT_USER\Software\AWS\weather\setup y 100
HKEY_CURRENT_USER\Software\AWS\weather\setup x 100
HKEY_CURRENT_USER\Software\AWS\weather\Warning TVNetwork 0
HKEY_CURRENT_USER\Software\AWS\weather\Warning WarningInterval 300
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData Data0 754"$W959>>5497
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData Data1 554499335497
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData Data2 75428:87
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData Data3 ;549=7
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData Data4 75477
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData Data5 6544787
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData Data6 =54=7
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData Data7 354E#37
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData Data8 354E#37
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData Data9 C54=z2;6=7
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData Data10 554)<<7
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData Data11 754;47
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData Data12 754967
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData Data13 754:57
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData Data14 954:87
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData Data15 354E#37
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData Data16 25424/47
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData Data17 25424/47
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData Data18 8543o4&24/47
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData Data19 354442547
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData Data20 75425:<7
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData Data21 5547&2<6=7
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData Data22 554;&2;6=7
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData Data23 354E#37
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData Data24 D54w468>7
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData Data25 ;549=7
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData Data26 75477
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData Data27 254147
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData Data28 5547197
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData Data29 45447
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData Data30 354E#37
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData Data31 <54o324/47
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData Data32 25424/47
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData StationName1 g54ykmvVO7
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData StationName2
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData CityState Y54G[0$yPi|slkk"p7
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData ActiveFrequency 300
HKEY_CURRENT_USER\Software\AWS\weather\WeatherData InactiveFrequency 3600
HKEY_CURRENT_USER\Software\AWS\weather\Web NAV1 754L"6
HKEY_CURRENT_USER\Software\AWS\weather\Web NAV2 d54}ttutqe[L"6
HKEY_CURRENT_USER\Software\AWS\weather\Web WxWinViewCount 9547;6
HKEY_CURRENT_USER\Software\AWS\weather\Web LastGetDesign 75468;95;5:557
HKEY_CURRENT_USER\Software\AWS\weather\Web GutsClicks 45447
HKEY_CURRENT_USER\Software\AWS\weather\Web EnlargeClicks 45447
HKEY_CURRENT_USER\Software\AWS\weather\Web LastViewedWeekendWxWindow <78@;>@A99=996
HKEY_CURRENT_USER\Software\AWS\weather\Web WxWinLastTab =57=3
HKEY_CURRENT_USER\Software\AWS\weather\Web WxWinLastTabTime :57@;<>9<8:883
HKEY_CURRENT_USER\Software\AWS\weather\Web WxWinLastTabZip <57?;?7=3
HKEY_CURRENT_USER\Software\AWS\weather\Web LastViewedWeekdayWxWindow 957<:8<9;8:883
HKEY_CURRENT_USER\Software\AWS\weather\Web WeatherWindowAdTab 633489:4:49443
HKEY_CURRENT_USER\Software\AWS\Weather
HKEY_CURRENT_USER\Software\AWS\Weather\Command GetStationURL6
HKEY_CURRENT_USER\Software\AWS\Weather\Command GetDesignURL6 a54~Cyv2g:4mtyoHkkz3Kus2i{mxhnkgz}k42t:omky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\Weather\Command GetDataURL6 [54*:4zgHgkzCKmo2iVMYEgMgz~H3]VMYEgMgz~H3]us2i{m~h2}:4voyg3o>3zvnz6
HKEY_CURRENT_USER\Software\AWS\Weather\Command GetCompactDataURL6 [544*g:gzGHkzCKmo2iVMYEgMgz~H3]VMYEgMgz~H3]us2i{m~h2}:4voyg3o>3zvnz6
HKEY_CURRENT_USER\Software\AWS\Weather\Command GetForecastURL6 _54*:4yzigxkJukzCKmo2iVMYEzMgykiux3JVMYEzMgykiux3lus2i{m~h2}:4voyg3o>3zvnz6
HKEY_CURRENT_USER\Software\AWS\Weather\Command GetWarningURL6 _544*z:kxErkzCKmo2ivoygzMkxEr]~M3EVMYxzrk~E3]us2i{m~h2}:4voyg3o>3zvnz6
HKEY_CURRENT_USER\Software\AWS\Weather\Command GetDesignURLASP6 a54~Cyv2g:4mtyoHkkz3Kus2i{mxhnkgz}k42t:omky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\Weather\CurrentStation StationID H68]K$T5
HKEY_CURRENT_USER\Software\AWS\Weather\CurrentStation ZIPCityState b68Y(K~4zwmgzyXt5
HKEY_CURRENT_USER\Software\AWS\Weather\Design ReqParas >54*Y89**YY67**YY5<**H|5#g6*g|*#54[E5*E5*[56[E7*E5*[E7*[\!*!*#58[E\*8**E54*H55*H`76**``5Z*#M*[H55*JG6*JG7*JG8*JG9*JG:*JG;*JG<*JG<*]U=*JGH*H!9*]U8*]U;*]U:*]U5*]U7*]U6*]U:*YV7**HV8*YV9*YV6*YE5*[]Y5*YV6
HKEY_CURRENT_USER\Software\AWS\Weather\Design DesignInterval 21600
HKEY_CURRENT_USER\Software\AWS\Weather\Design AdFreshInterval 300
HKEY_CURRENT_USER\Software\AWS\Weather\Design BackgroundImageURL `54mpvz2{rlgHk:4z3{rlgHk:4y3rkYgy3gv]x~3q}ky3jus2i{mxhnkgz}k42t:omky2Hsm3M>3zvnz6
HKEY_CURRENT_USER\Software\AWS\Weather\Design BackgroundImageFile e54mpvz2{rlgHk:4mbF{kxznkgb]zgHgt$ougzoivrEvxbrkZOybtmzokz$Ytj$gzykt{suibHG>6
HKEY_CURRENT_USER\Software\AWS\Weather\Design BackgroundImageSize 97191
HKEY_CURRENT_USER\Software\AWS\Weather\Design MaskImageURL `54sv2hyqsgz1{rlgHk:4z3{rlgHk:4y3rkYgy3gv]x~3q}ky3jus2i{mxhnkgz}k42t:omky2Hsm3M>3zvnz6
HKEY_CURRENT_USER\Software\AWS\Weather\Design MaskImageFile d54sv2hyqsgz1{rlgHk:4mbF{kxznkgb]zgHgt$ougzoivrEvxbrkZOybtmzokz$Ytj$gzykt{suibHG>6
HKEY_CURRENT_USER\Software\AWS\Weather\Design MaskImageSize 85864
HKEY_CURRENT_USER\Software\AWS\Weather\Design BrandImageURL `54vm2p7739kygmMsz3gyjiugFx~3q}ky3jus2i{mxhnkgz}k42t:omky2Hsm3M>3zvnz6
HKEY_CURRENT_USER\Software\AWS\Weather\Design BrandImageFile c54mpv7297mbF{kxznkgb]zgHgt$ougzoivrEvxbrkZOybtmzokz$Ytj$gzykt{suibHG>6
HKEY_CURRENT_USER\Software\AWS\Weather\Design BrandClickURL N544UAU"VX:*4<:;87A:MH*XA4YZGEFH4*!A!\48:2tAouxy\k7*97EAH"4*EAH"M#G*U^A MHutzozg*Y<<:8A4ov*`<:;47::8sA#{kmeXMI#eMUGZeE[KeFZ>KIEXeZ\*XjA4g|*t:=55GAvCgyO2uxkmgz3igruhKrs3iun2zt2}}}3}>3zvnz6
HKEY_CURRENT_USER\Software\AWS\Weather\Design BrandImageSize 5781
HKEY_CURRENT_USER\Software\AWS\Weather\Design AffiliateLogo _54vm2pgjmuruM":E~=4635kygmMsk3gzroloEl~3q}ky3jus2i{mxhnkgz}k42t:omky2Hsm3M>3zvnz6
HKEY_CURRENT_USER\Software\AWS\Weather\Design AffiliateLogoFile b54mpvj2ugum"rEM=:6~54mbF{kxznkgb]zgHgt$ougzoivrEvxbrkZOybtmzokz$Ytj$gzykt{suibHG>6
HKEY_CURRENT_USER\Software\AWS\Weather\Design AffiliateClick h54*$ye{zemutzogimeh{>ekzxmzgCev~gyt2ouoykikjgzrologlt3suus3ius2i{mxhnkgz}k~2q}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\Weather\Design AffiliateImageSize 5645
HKEY_CURRENT_USER\Software\AWS\Weather\Design BottomURL >54*((E5((5A*E((E6((6A*E((H5((5A*H((H6((6A*H((H7((7A*H((H8((8A*H((H<(( HKEY_CURRENT_USER\Software\AWS\Weather\Design DataR 15
HKEY_CURRENT_USER\Software\AWS\Weather\Design DataG 33
HKEY_CURRENT_USER\Software\AWS\Weather\Design DataB 135
HKEY_CURRENT_USER\Software\AWS\Weather\Design DataShadownR 0
HKEY_CURRENT_USER\Software\AWS\Weather\Design DataShadownG 0
HKEY_CURRENT_USER\Software\AWS\Weather\Design DataShadownB 0
HKEY_CURRENT_USER\Software\AWS\Weather\Design DataShadownDepth 0
HKEY_CURRENT_USER\Software\AWS\Weather\Design ArrowR 253
HKEY_CURRENT_USER\Software\AWS\Weather\Design ArrowG 0
HKEY_CURRENT_USER\Software\AWS\Weather\Design ArrowB 0
HKEY_CURRENT_USER\Software\AWS\Weather\Design ConditionR 15
HKEY_CURRENT_USER\Software\AWS\Weather\Design ConditionG 33
HKEY_CURRENT_USER\Software\AWS\Weather\Design ConditionB 135
HKEY_CURRENT_USER\Software\AWS\Weather\Design ConditionShadowR 0
HKEY_CURRENT_USER\Software\AWS\Weather\Design ConditionShadowG 0
HKEY_CURRENT_USER\Software\AWS\Weather\Design ConditionShadowB 0
HKEY_CURRENT_USER\Software\AWS\Weather\Design ConditionShadowDepth 0
HKEY_CURRENT_USER\Software\AWS\Weather\Design FillerR 253
HKEY_CURRENT_USER\Software\AWS\Weather\Design FillerG 0
HKEY_CURRENT_USER\Software\AWS\Weather\Design FillerB 0
HKEY_CURRENT_USER\Software\AWS\Weather\Design TitleR 70
HKEY_CURRENT_USER\Software\AWS\Weather\Design TitleG 0
HKEY_CURRENT_USER\Software\AWS\Weather\Design TitleB 172
HKEY_CURRENT_USER\Software\AWS\Weather\Design TitleShadowR 0
HKEY_CURRENT_USER\Software\AWS\Weather\Design TitleShadowG 0
HKEY_CURRENT_USER\Software\AWS\Weather\Design TitleShadowB 0
HKEY_CURRENT_USER\Software\AWS\Weather\Design TitleShadowDepth 0
HKEY_CURRENT_USER\Software\AWS\Weather\Design LastPopupID 0
HKEY_CURRENT_USER\Software\AWS\Weather\Design NewVersion 6.04
HKEY_CURRENT_USER\Software\AWS\Weather\Design AdDormantFreshInterval 1800
HKEY_CURRENT_USER\Software\AWS\Weather\Design TimeToDormant 60
HKEY_CURRENT_USER\Software\AWS\Weather\Design LA 0
HKEY_CURRENT_USER\Software\AWS\Weather\Design TdURL6 X54(5((EA(E5e*XIe ghjZ}Ejuotx]nkgz]kYe XAeghgz}e*}((u}tj]o]~gOojurjL}kokz\gy(!A(}~gOojuren|}rz(*G((VA(jkiu*P((E9([A(E9*[((E5([A(E5*[Ie XveuYtH]o]~Ye XAeyvju(*}(juot~]O]jgkq]kkjk}\oyz!g((~AO}jgkq}k}ez|*
HKEY_CURRENT_USER\Software\AWS\Weather\Design TdInterval 3600
HKEY_CURRENT_USER\Software\AWS\Weather\Design PartnerName \54$ HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftNavTabCount 11
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftNavImageURL c54mpvi2loglzx|etg}erukrkOr{eh:4k3gmos43z:{rlgjk~3q}ky3jus2i{mxhnkgz}k42t:omky2Hsm3M>3zvnz6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftNavImageFileName f54mpvi2loglzx|etg}erukrkOr{eh:4mbF{kxznkgb]zgHgt$ougzoivrEvxbrkZOybtmzokz$Ytj$gzykt{suibHG>6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftNavImageSize 55585
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabTip0 _542ktxkyik$us$n{xOuu$$zKu6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabName0 P54IeM\e!EFeZ6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabAction0 N54e\I!M#eMUGZeE[KeF6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabURL0 &54&&6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabTop0 0
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabBottom0 20
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabTip1 [54z2gykiux$lgO1j$;{xOuz$Kk6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabName1 S54ZeEYIGUXeJEFeZ6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabAction1 S54eZYK[#eMUGZeE[KeF6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabURL1 P54e]Ie gO;HGeAJ\6#EYe ]*eIe ]GeAJ\5#EYe ]*e(*H(E#(XA(tj*x(((\A(kx*|((#I`U((kAut*P((HIGUMV(`A(ov*P((VG((kAujPi(*!(!\((rAr|rCzs2nyzigxkJuz3gykiux3Jus2i{mxhnkgz}k~2q}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabTop1 20
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabBottom1 40
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabTip2 a54222xksu$$tj$gvysgk${xgzkxsvzk0$zkrokrgz$yx0jgxgx$rkvvHu6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabName2 S54eEXEHeXEFeZ6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabAction2 S54eZYK[#eMUGZeE[KeF6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabURL2 Q54Ie ]xerkvvHu"eAX\6#EYe ]*eIe ]"eAX\5#EYe ]*e(*H(E#(XA(tj*x(((\A(kx*|((HIGUMV(`A(ov*P((VG((kAujPi(*!(!\((rAr|rCzs2ngxgj3Xgxgj3Xus2i{mxhnkgz}k~2q}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabTop2 40
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabBottom2 60
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabTip3 c542zykxgrr$tgougz$ttj$ggrui$rk}\o6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabName3 P54eXZ!IeEEFeZ6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabAction3 S54eZYK[#eMUGZeE[KeF6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabURL3 U54Ie ]teu}qt[t]eAY\6#EYe ]*eIe ]]eAY\5#EYe ]*e(*H(E#(XA(tj*x(((\A(kx*|((HIGUMV(`A(ov*P((VG((kAujPi(*!(!\((rAr|rCzs2nkxznkgk]kxk|3Ykxznkgk]kxk|3Yus2i{mxhnkgz}k~2q}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabTop3 60
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabBottom3 80
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabTip4 _5422k2ux$stj$gtyouvz$uykgv$rskzo0$gykxgs$igrui$r|k!o6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabName4 N54EeIXE"eGEFeZ6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabAction4 S54eZYK[#eMUGZeE[KeF6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabURL4 P54e]Ie syGggruie!!G6AE\e#]Ye e*]Ie !G5AE\e#]Ye **((#HXE((jAxt(*\(((xA|k(*H(#MMUEZYZ((zAzg*y((HIGUMV(`A(ov*P((VG((kAujPi(*!(!\((rAr|rCzs2nxgskGgg3kxgs3Gus2i{mxhnkgz}k~2q}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabTop4 80
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabBottom4 100
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabTip5 d542utzoigrux$nkuzgtz$$gyzigxkluj$gtx$nkgz}kz$ktxxi{k$znq$kiGn6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabName5 Q54!e\IXEeZEFeZ6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabAction5 S54eZYK[#eMUGZeE[KeF6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabURL5 R54(G((VA(jkiu*PIe ]Yee[Z]6AE\e#]Ye e*]Ie Z]5AE\e#]Ye **((#HXE((jAxt(*\(((xA|k(*!(!\((rAr|rCzs2nkrg|Zxr3|kxg3Zus2i{mxhnkgz}k~2q}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabTop5 100
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabBottom5 120
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabTip6 d54y2zunu$v}t$u{xOuj$kt$yuxO$oz{tssium$F{kxznkg$]nk$zuslxy$zunu$vk}\o6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabName6 L54eZ_#M"[U"eGEFeZ6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabAction6 S54eZYK[#eMUGZeE[KeF6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabURL6 U54e]Ie syh{ErVeA_\6#EYe ]*eIe ]VeA_\5#EYe ]*e(*H(E#(XA(tj*x((V9(YA(yvzegy*r(((\A(kx*|((VG((kAujPi(*!(!\((rAr|rCzs2nuyuzVn{x_uy3zunuxVu{3_us2i{mxhnkgz}k~2q}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabTop6 120
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabBottom6 140
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabTip7 b5422k2ux$stj$gvyzoO$kzgl$yt0ougzxsluotk$tiokyi0$kyotjrkg$nkxznkg$}yzzkrgk$znz$Kk6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabName7 R54YeI]e#EFeZ6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabAction7 S54eZYK[#eMUGZeE[KeF6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabURL7 V54e*]Ie kxiqxgkZgtoixxL{JeA#|6#gYe ]*eIe ]JeA#|5#gYe ]*eA8ghezxxi{(*H(E#(XA(tj*x(((\A(kx*|((VG((kAujPi(*!(!\((rAr|rCzs2ngrzxktsGuxYzy3k}3#us2i{mxhnkgz}k~2q}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabTop7 140
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabBottom7 160
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabTip8 i54zngrLk6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabName8 O54Le!ZIEeLEFeZ6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabAction8 S54eZYK[#eMUGZeE[KeF6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabURL8 R54e]Ie zOro{gxWEoUeAL\6#EYe ]*eIe ]UeAL\5#EYe ]*e(*H(E#(XA(tj*x(((\A(kx*|((HIGUMV(`A(ov*P((VG((kAujPi(*!(!\((rAr|rCzs2nzngrLkn3rzkg3Lus2i{mxhnkgz}k~2q}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabTop8 160
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabBottom8 180
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabTip9 e542kyzo|ozogij$zkrgxkx1nkgz}kt$l{x$u{z$u{q$kiGn6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabName9 P54#eJ[IXZLIEe]EFeZ6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabAction9 S54eZYK[#eMUGZeE[KeF6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabURL9 \54Ie ]keutt`J{JeA]\6#EYe ]*eIe ]JeA]\5#EYe ]*e(*H(E#(XA(tj*xIe Xge|oxotZJ{]~Ye XAeo~zxsgge|oxo*zIe Xyekxy}Etogo|Zx{t~Je]XYe jAxk}ktyegogo|zxe*XIe izxkuxgG|oxotZJ{]~Ye XAeizxkuxeiogo|zx5*hAzgxe{x*
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabTop9 180
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabBottom9 200
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabTip10 f54utzosguxtl$ooillxg$zgrui$r|k!o6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabName10 R54eMGJJXEeZEFeZ6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabAction10 S54eZYK[#eMUGZeE[KeF6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabURL10 U54(*H(E#(XA(tj*x(((\A(kx*|((VG((kAujPi(*!(!\((rAr|e*XIe utmoXkoillxgzZgye!XYe jAeoutmoxk(*5((!A(!5rCzs2noillxg3Zoillxg3Zus2i{mxhnkgz}k~2q}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabTop10 200
HKEY_CURRENT_USER\Software\AWS\Weather\Design LeftTabBottom10 220
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopNavTabCount 7
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopNavImageURL b54mpvt2kkKxje{tXukexkeJg|v#Zuk3gmos43z:{rlgjk~3q}ky3jus2i{mxhnkgz}k42t:omky2Hsm3M>3zvnz6
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopNavImageFileName f54mpvt2kkKxje{tXukexkeJg|v#ZumbF{kxznkgb]zgHgt$ougzoivrEvxbrkZOybtmzokz$Ytj$gzykt{suibHG>6
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopNavImageSize 28269
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabTip0 `54%jy$g#Un$oz$}ky{xgzlks$o{ksVx6
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabName0 L54!eE!Y"Ye![eVIZeKEFeZ6
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabAction0 P54eU#ZM\EZMEGUeVX#eMUGZeE[KeF6
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabURL0 \54(*H(E#(XA(tj*x86A8iO*e86A;i~Cev~gyt2ougzo|izyEr{3V{yVrs3ium2h{kxznkg2}rm~jq}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabLeft0 0
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabRight0 63
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabTip1 c542xkzu$ytkroutx$u{t$$ouvYn6
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabName1 M54e!!"EeYXIZUeYEFeZ6
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabAction1 Q54eMI#eMUGZeE[KeF6
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabURL1 a544544A=ojCiv~gyk2us3n{yvrs3ium2h{kxznkg2}xkzu3y>3zvnz6
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabLeft1 63
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabRight1 105
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabTip2 g54kyoix|yky$kykrox$}{zhu$gxk"u6
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabName2 K54!eE!Y"YeIYI!MXe]EFeZ6
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabAction2 Q54eMI#eMUGZeE[KeF6
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabURL2 ^54*69jAyo(*I(UHVG`M((vAPoxzrkzgz~(*H(KMXI((jAeokmCxv~gyt2ougzzxoykmkXtyvukyzXkiox3Hus2i{mxhnkgz}kv2sv2ykh3}>3zvnz6
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabLeft2 105
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabRight2 160
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabTip3 Z54G$V{xOuq$kiGn6
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabName3 I54!eE!Y"GeeVG LIeGEFeZ6
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabAction3 Q54eMI#eMUGZeE[KeF6
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabURL3 g543xm2ukx{zsviu{xOuiqnk3i>3zvnz6
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabLeft3 167
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabRight3 246
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabTip4 h54xOzukiox$jtzzkut$irrJ{6
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabName4 X54rrsgeYEVI"MZeYEFeZ6
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabAction4 S54eZYK[#eMUGZeE[KeF6
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabURL4 V54(G((VA(jkiu*P(*H(E#(XA(tj*x((\!(!A(|rCrsrnz~2jkMtt3suus3Gus2i{mxhnkgz}k~2q}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabLeft4 246
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabRight4 304
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabTip5 g542myotzzykj$gty$utzouvk$oPusyzG{6
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabName5 U54rrsgeYIY#GXIJIXIeVEFeZ6
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabAction5 M54eUKE!HMYeGII#IXIJVX#eMUGZeE[KeF6
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabURL5 U54(*H(E#(XA(tj*x(((\A(kx*|((VG((kAujPi(*!(!\((rAr|rCzs2nkxrjnuikrg3vus2i{mxhnkgz}k~2q}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabLeft5 304
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabRight5 376
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabTip6 _54z2uxvvy{k$ottr$utj$gWyJE0$rvLk6
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabName6 P54VeI!eLEFeZ6
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabAction6 Q54eMI#eMUGZeE[KeF6
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabURL6 Q54(*G((VA(jkiu*P((\!(!A(|r*r(((\A(utyokx*|((MHIK(XA(oj*x((HIGUMV(`A(ov*P((#HXE((jAxt(*\(((xA|k~Cyv2grvLkv3kr3Lus2i{mxhnkgz}k~2q}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabLeft6 376
HKEY_CURRENT_USER\Software\AWS\Weather\Design TopTabRight6 416
HKEY_CURRENT_USER\Software\AWS\Weather\Design StartCount 65424492
HKEY_CURRENT_USER\Software\AWS\Weather\Design EndCount 65458162
HKEY_CURRENT_USER\Software\AWS\Weather\Design ShreBugText e54{mxFnkgz]kk$gxYn6
HKEY_CURRENT_USER\Software\AWS\Weather\Design DownloadText n54ygjru}tHu6
HKEY_CURRENT_USER\Software\AWS\Weather\Design MoreObs Y54(*\(((xA|k(*H(#MMUEZYZ((zAzgCysrnzy2xzrkOE3"zykxEr"Oy3r{3Vus2i{mxhnkgz}k~2q}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\Weather\Design StatClks X54eZYK[#eMUGZeE[KeFZAKIEXeZ(*\(((xA|k(*Z(#M([A(zyto*{((HIGUMV(`A(ov*P((MHU#ZMZE(YA(gzyzrCzs2ntyougzx|ykUhy3utzo|gkxhy3Uus2i{mxhnkgz}k~2q}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\Weather\Design LocMan _547*9=OAei7*:<~Aei~Cyv2gutzoig!ux3mktg"gutzoig!us3ium2h{kxznkg2}rm~jq}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\Weather\Design InsWiz f54Cv~gy~2jkotj3gxoPr]gryzMts3ium2h{kxznkg2}rm~jq}ky3j>3zvnz6
HKEY_CURRENT_USER\Software\AWS\Weather\Design Zone @54:44GZ6
HKEY_CURRENT_USER\Software\AWS\Weather\Design PMClicks 0
HKEY_CURRENT_USER\Software\AWS\Weather\Design PMDeclined 1
HKEY_CURRENT_USER\Software\AWS\Weather\Design PMTime 1108556325
HKEY_CURRENT_USER\Software\AWS\Weather\Design UA4 55456
HKEY_CURRENT_USER\Software\AWS\Weather\Forecast Title0 n54zmntoZu6
HKEY_CURRENT_USER\Software\AWS\Weather\Forecast Hi0 154116
HKEY_CURRENT_USER\Software\AWS\Weather\Forecast Low0 654946
HKEY_CURRENT_USER\Software\AWS\Weather\Forecast Cond0 14
HKEY_CURRENT_USER\Software\AWS\Weather\Forecast CondText1_0 a54xy}knu$YO2{jru$irOyz"u6
HKEY_CURRENT_USER\Software\AWS\Weather\Forecast CondText2_0 W54222rOqkro6
HKEY_CURRENT_USER\Software\AWS\Weather\Forecast Title1 \54gOtj"u6
HKEY_CURRENT_USER\Software\AWS\Weather\Forecast Hi1 754;46
HKEY_CURRENT_USER\Software\AWS\Weather\Forecast Low1 754866
HKEY_CURRENT_USER\Software\AWS\Weather\Forecast Cond1 3
HKEY_CURRENT_USER\Software\AWS

#15 fr0sTbytE

fr0sTbytE
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 04 December 2006 - 04:28 PM

SpySheriff Rogue Security Program more information...
Details: SpySheriff is a purported anti-spyware application to scan for and remove spyware from users' computers.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer ForceActiveDesktopOn


C2.Lop Hijacker more information...
Details: Lop is a group of spyware and hijacker programs that set your Internet Explorer start page and search features to use the site lop.com ('Live Online Portal') or one of its clone sites.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow dns-look-up.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow www.dns-look-up.com


VirusBurst Rogue Security Program more information...
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\VirusBurster
HKEY_LOCAL_MACHINE\SOFTWARE\VirusBurster refid 0
HKEY_CLASSES_ROOT\TypeLib\{A569F6C9-29F0-43BC-80CF-6BA138C66108}
HKEY_CLASSES_ROOT\TypeLib\{A569F6C9-29F0-43BC-80CF-6BA138C66108}\1.0\0\win32 C:\Program Files\VirusBurster\virusburster.exe
HKEY_CLASSES_ROOT\TypeLib\{A569F6C9-29F0-43BC-80CF-6BA138C66108}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{A569F6C9-29F0-43BC-80CF-6BA138C66108}\1.0\HELPDIR C:\Program Files\VirusBurster\
HKEY_CLASSES_ROOT\TypeLib\{A569F6C9-29F0-43BC-80CF-6BA138C66108}\1.0 AVG 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virusburster.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virusburster.exe C:\Program Files\VirusBurster\virusburster.exe


Backdoor.Win32.Rbot.adf Backdoor more information...
Details: Rbot is the name of a family of backdoor trojans, also known as worms, used by hackers to control a machine without the owner's knowledge.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\OLE


Backdoor.SdBot.aad Backdoor more information...
Details: SdBot is the name of a family of trojans, also known as backdoors or worms, used by hackers to control a machine without the owner's knowledge.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\OLE


Backdoor.Win32.IRCBot.az Backdoor more information...
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\OLE


Backdoor.Win32.EggDrop.v Backdoor more information...
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\OLE


Backdoor.Win32.Agobot.zo Backdoor more information...
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\OLE


Backdoor.Win32.Rbot.bis Backdoor more information...
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\OLE


Trojan-Downloader.Win32.Banload.bkm Trojan Downloader more information...
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations


Backdoor.Win32.Rbot.bjm Backdoor more information...
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\OLE


Backdoor.Win32.Rbot.aeu Backdoor more information...
Details: Rbot is the name of a family of backdoor trojans, also known as worms, used by hackers to control a machine without the owner's knowledge.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\OLE


W32.IRCBot Backdoor more information...
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\OLE


Cookie: 247RealMedia.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@247realmedia[1].txt


Cookie: a.websponsors Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@a.websponsors[1].txt


Cookie: Ad Logics Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@ad-logics[1].txt


Cookie: ad.yieldmanager Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@ad.yieldmanager[2].txt


Cookie: AdKnowledge.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@adknowledge[2].txt


Cookie: adrevolver Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@adrevolver[1].txt
c:\documents and settings\tyler\cookies\tyler@adrevolver[2].txt


Cookie: adriver Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@adriver[1].txt


Cookie: PointRoll.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@ads.pointroll[2].txt


Cookie: ads.x10 Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@ads.x10[1].txt


Cookie: Adserver Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@adserver[1].txt


Cookie: Advertising.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@advertising[1].txt


Cookie: PriceBandit Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@apmebf[2].txt


Cookie: as-us.falkag Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@as-us.falkag[2].txt


Cookie: ATDMT.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@atdmt[2].txt


Cookie: ABetterInternet.Aurora Cookie Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@a[1].txt


Cookie: BannerSpace.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@bannerspace[2].txt


Cookie: Claria.DashBar Cookie Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@belnk[1].txt


Cookie: BFast.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@bfast[2].txt


Cookie: Bizrate Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@bizrate[1].txt


Cookie: Bluestreak.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@bluestreak[2].txt


Cookie: Bravenet.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@bravenet[1].txt


Cookie: BS.Serving-Sys Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@bs.serving-sys[1].txt
c:\documents and settings\tyler\cookies\tyler@serving-sys[1].txt


Cookie: BurstNet.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@burstnet[2].txt


Cookie: casalemedia.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@casalemedia[1].txt


Cookie: Centrport.net Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@centrport[1].txt


Cookie: CGI-Bin Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@cgi-bin[1].txt
c:\documents and settings\tyler\cookies\tyler@cgi-bin[2].txt
c:\documents and settings\tyler\cookies\tyler@cgi-bin[3].txt
c:\documents and settings\tyler\cookies\tyler@cgi-bin[4].txt
c:\documents and settings\tyler\cookies\tyler@cgi-bin[5].txt
c:\documents and settings\tyler\cookies\tyler@cgi-bin[6].txt
c:\documents and settings\tyler\cookies\tyler@cgi-bin[7].txt
c:\documents and settings\tyler\cookies\tyler@cgi-bin[8].txt


Cookie: Com.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@com[2].txt


Cookie: cookie.monster Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@cookie.monster[2].txt


Cookie: tickle Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@cookie.tickle[1].txt
c:\documents and settings\tyler\cookies\tyler@tickle[2].txt


Cookie: CoreMetrics.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@data.coremetrics[1].txt


Cookie: DealTime Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@dealtime[2].txt


Cookie: DomainSponsor.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@domainsponsor[2].txt


Cookie: DoubleClick Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@doubleclick[2].txt


Cookie: DriveCleaner Cookie (General) more information...
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@drivecleaner[1].txt


Cookie: Ru4.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@edge.ru4[1].txt


Cookie: euniverse.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@euniverseads[2].txt


Cookie: FastClick.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@fastclick[2].txt


Cookie: Findwhat Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@findwhat[1].txt


Cookie: GeoCities Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@geocities[1].txt


Cookie: GoToMyPC.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@gotomypc[1].txt


Cookie: HC2.HumanClick Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@hc2.humanclick[1].txt


Cookie: Hitbox.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@hg1.hitbox[1].txt
c:\documents and settings\tyler\cookies\tyler@hitbox[1].txt
c:\documents and settings\tyler\cookies\tyler@phg.hitbox[1].txt


Cookie: HotLog.ru Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@hotlog[1].txt


Cookie: IndexTools.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@indextools[1].txt


Cookie: Radar Spy Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@landing.domainsponsor[2].txt
c:\documents and settings\tyler\cookies\tyler@tradedoubler[2].txt


Cookie: Desktop Spy Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@list[1].txt


Cookie: Lop.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@lop[2].txt


Cookie: maxserving Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@maxserving[2].txt


Cookie: Mediaplex.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@mediaplex[2].txt


Cookie: Overture.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@overture[1].txt


Cookie: PopupTraffic.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@popuptraffic[1].txt


Cookie: PriceGrabber Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@pricegrabber[1].txt


Cookie: QuestionMarket.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@questionmarket[2].txt


Cookie: RealMedia.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@realmedia[2].txt


Cookie: RedEye.Willhill.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@redeye.willhill[2].txt


Cookie: Revenue.net Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@revenue[2].txt


Cookie: KeyCaptor Keylogger 1.0 Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@rightmedia[1].txt


Cookie: SageAnalyst Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@sageanalyst[1].txt


Cookie: SexList.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@sexlist[2].txt


Cookie: SpyLog.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@spylog[2].txt


Cookie: Stat.Onestat Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@stat.onestat[1].txt


Cookie: statcounter.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@statcounter[2].txt


Cookie: Targetnet.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@targetnet[1].txt


Cookie: Tracking.ThunderDownloads.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@tracking.thunderdownloads[2].txt


Cookie: Trafficmp.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@trafficmp[2].txt


Cookie: TribalFusion.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@tribalfusion[2].txt


Cookie: Tripod Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@tripod[2].txt


Cookie: ValueClick.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@valueclick[1].txt
c:\documents and settings\tyler\cookies\tyler@valueclick[3].txt


Cookie: Project KX 1.0 Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@versiontracker[1].txt


Cookie: WindowsMedia Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@windowsmedia[2].txt


Cookie: Messenger Plus! 3.40 Beta Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@www.empirepoker[1].txt
c:\documents and settings\tyler\cookies\tyler@www.entercasino[2].txt


Cookie: AdminMagic Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@www.regnow[1].txt


Cookie: Ajan 1.0 Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@xiti[1].txt


Cookie: xzoomy.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@xzoomy[2].txt


Cookie: SearchMiracle.AdDownloader Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@z1.adserver[2].txt


Cookie: Zedo Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\tyler\cookies\tyler@zedo[1].txt

:thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users