Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Various Spyware/malware


  • This topic is locked This topic is locked
8 replies to this topic

#1 soly

soly

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 18 April 2007 - 09:42 AM

Hello all!

I was just wondering if someone could help me in my pesky spyware situation. I have scanned with both Ad-Aware SE and Spybot Search and Destroy and both times various spyware/malware/etc. have shown up. After cleaning them up, I did another scan and similar files were shown again. I'm sure that this computer, being 4 years old, is not completely up to date on some programs and safety measures.

Thanks in advance for any help!!

Here is my HijackThis logfile:



Logfile of HijackThis v1.99.1
Scan saved at 9:33:32 AM, on 4/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\aim\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Soly\My Documents\My Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/03b72529fa56b8...ip/RdxIE601.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:33 PM

Posted 19 April 2007 - 05:10 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

I'm not seeing anything malicious from your log. Let's run a scan and see what we can turn up.

Download and scan with the free 15 day trial of Counterspy
Save the report when it's finished:
  • Once Counterspy has done scanning,the 'Scan Results' box will appear.
  • Click on 'View Results'.
  • Under (Recommended Action),using the drop down menus at the side of each entry found,set EVERYTHING to Remove.
  • Then click on Take Action.
  • Once everything has been removed,click on View Details.
  • Copy and Paste those details into your next reply here.
Also post a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 soly

soly
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 21 April 2007 - 08:30 AM

Hi, Sam! :thumbsup: Thanks for the reply and sorry for being a bit slow to reply myself. I'll get right on this.

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:33 PM

Posted 21 April 2007 - 08:35 AM

No worries on the delay. I'm happy to work at your pace. :thumbsup:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 soly

soly
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 24 April 2007 - 12:01 AM

Hi Sam :thumbsup: Sorry for the delay, and thanks for being patient with me! Here are my logfiles:


Scan History Details
Start Date: 4/23/2007 11:10:15 PM
End Date: 4/23/2007 11:48:19 PM
Total Time: 38 Min 4 Sec
Detected security risks

Cookie: AdKnowledge.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\soly\cookies\soly@adknowledge[1].txt


Cookie: ATDMT.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\soly\cookies\soly@atdmt[2].txt


Cookie: BurstNet.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\soly\cookies\soly@burstnet[1].txt


Cookie: CGI-Bin Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\soly\cookies\soly@cgi-bin[2].txt


Cookie: Com.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\soly\cookies\soly@com[1].txt


Cookie: DoubleClick Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\soly\cookies\soly@doubleclick[1].txt


Cookie: GeoCities Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\soly\cookies\soly@geocities[1].txt


Weatherbug Low Risk Adware more information...
Details: Weatherbug is an ad supported desktop weather applicaton that provides updates on weather conditions and displays real time temperatures in the taskbar icon.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Control
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Implemented Categories
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\MiscStatus
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\MiscStatus
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\MiscStatus\1
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\MiscStatus\1
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Programmable
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\ToolboxBitmap32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\ToolboxBitmap32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Version
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Version
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX.1
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX.1
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0\0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0\0\win32
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0\0\win32
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0\FLAGS
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0\FLAGS
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0\HELPDIR
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Command
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Command
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Command
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Command
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Command
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Command
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Command
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Command
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\CurrentStation
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Links
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Links
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Links
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Links
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Links
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Links
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Links
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Links
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Links
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Links
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Links
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Links
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Local
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Options
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Options
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Options
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Options
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Options
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Options
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Options
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Options
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Options
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Options
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Options
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\PWSWxData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\PWSWxData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Setup
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Setup
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Setup
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Setup
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Setup
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Setup
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Setup
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Setup
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Warning
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Warning
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\Warning
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\AWS\Weather\WeatherData


Cookie: Advertising.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\soly\cookies\soly@advertising[1].txt


MyWebSearch Toolbar Potentially Unwanted Program more information...
Details: MyWebSearch Toolbar is a customizable Internet Explorer search toolbar with various other tools.
Status: Deleted

Files detected
C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}\TreatAs


FunWebProducts Potentially Unwanted Program more information...
Details: Fun Web Products bundles adware software in its products.
Status: Deleted

Registry entries detected
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\FUNWEBPRODUCTS
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\FUNWEBPRODUCTS\Settings
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\FUNWEBPRODUCTS\Settings\AIM
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\FUNWEBPRODUCTS\Settings\AIM\BuddyIcons
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\FUNWEBPRODUCTS\Settings\AIM\BuddyIcons\michelle1033
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\FUNWEBPRODUCTS\Settings\AIM\BuddyIcons\michelle1033\michelle1033
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\FUNWEBPRODUCTS\Settings\AIM\BuddyIcons\michelle1033\michelle1033
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\FUNWEBPRODUCTS\Settings\AIM\Friends
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\FUNWEBPRODUCTS\Settings\AIM\Friends\cleric171
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\FUNWEBPRODUCTS\Settings\AIM\Friends\cleric171
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\FUNWEBPRODUCTS\Settings\AIM\Friends\craz3dsk8r
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\FUNWEBPRODUCTS\Settings\AIM\Friends\craz3dsk8r
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\FUNWEBPRODUCTS\Settings\AIM\Friends\crispechick3n
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\FUNWEBPRODUCTS\Settings\AIM\Friends\crispechick3n
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\FUNWEBPRODUCTS\Settings\AIM\Friends\dragushx324
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\FUNWEBPRODUCTS\Settings\AIM\Friends\dragushx324
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\FUNWEBPRODUCTS\Settings\AIM\Friends\tightitztoan
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\FUNWEBPRODUCTS\Settings\AIM\Friends\tightitztoan
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\FUNWEBPRODUCTS\Settings\AIM
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\FUNWEBPRODUCTS\Settings\AIM
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\FUNWEBPRODUCTS\Settings\AIM
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\FUNWEBPRODUCTS\Settings\AIM
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\FUNWEBPRODUCTS\Settings
HKEY_USERS\S-1-5-21-2447259245-212580986-3133978997-1005\SOFTWARE\FUNWEBPRODUCTS\Settings


Cookie: Claria.DashBar Cookie Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\soly\cookies\soly@belnk[1].txt


Cookie: ABetterInternet.Aurora Cookie Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\soly\cookies\soly@a[1].txt


Cookie: a.websponsors Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\soly\cookies\soly@a.websponsors[1].txt



Logfile of HijackThis v1.99.1
Scan saved at 11:57:48 PM, on 4/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Soly\Desktop\X12-30263.exe
C:\DOCUME~1\Soly\LOCALS~1\Temp\OWPF.tmp\setup.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Soly\My Documents\My Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/03b72529fa56b8...ip/RdxIE601.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:33 PM

Posted 24 April 2007 - 07:56 AM

Counterspy didn't come up with anything that overly concerns me. Mostly just cookies and low risk adware.
There are some programs that you have running at startup that aren't necessary. Fixing this will improve your overall performance and startup time.

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe



Reboot your computer and you should notice a difference.


Review with me any problems that you continue to have.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 soly

soly
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 24 April 2007 - 10:03 AM

Okay, thanks a bunch. I'll get right on that when I get home after noon :thumbsup:

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:33 PM

Posted 24 April 2007 - 08:05 PM

Sounds good. Just post back when you can.
I'll be around. :thumbsup:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:33 PM

Posted 06 May 2007 - 08:17 AM

Unfortunately there has been no response. :thumbsup:
This thread will now be closed.

If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users