Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Father In Laws Computer Locking / Freezing


  • This topic is locked This topic is locked
9 replies to this topic

#1 JimB

JimB

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Location:Fredericksburg, Va. (USA)
  • Local time:04:28 PM

Posted 16 February 2007 - 11:27 PM

Logfile of HijackThis v1.99.1
Scan saved at 11:23:01 PM, on 2/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\WinZip\WINZIP32.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\PROGRA~1\WINZIP\wzqkpick.exe
C:\Documents and Settings\Owner\Local Settings\Temp\wz8ecc\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.a...mp;bm=ho_search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PPCScamBHO Class - {7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Gateway Extended Warranty] "C:\Program Files\Gateway\GWCares\GWCares.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\Owner\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB002" /M "Stylus CX4800"
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series (Copy 1)] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P35 "EPSON Stylus CX4800 Series (Copy 1)" /O5 "LPT1:" /M "Stylus CX4800"
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series (Copy 2)] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P35 "EPSON Stylus CX4800 Series (Copy 2)" /O5 "LPT1:" /M "Stylus CX4800"
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series (] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P28 "EPSON Stylus CX4800 Series (" /O5 "LPT1:" /M "Stylus CX4800"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINNT\System32\oobe\msoobe.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_7
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINNT\Downloaded Program Files\SbCIe02a.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

BC AdBot (Login to Remove)

 


m

#2 JimB

JimB
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Location:Fredericksburg, Va. (USA)
  • Local time:04:28 PM

Posted 16 February 2007 - 11:30 PM

Guys - I am at the father in laws home trying to help him out. Windows XP. Seems to be locking up. Click on the recycle bin for example - LOCKS. Open Outlook Express -- all the mail and folders appear - click on an individual (pick any one) email - locks. Pointer of the mouse just stops moving. Frozen.

Hard OFF, turn on -- all works well... for awhile.

Click here - click there --- locks!

Ran AVG - deleted the infected files. Medium tracking cookies. Nothing significant.

Ran Hijack this - LOG IS ABOVE ..................Sorry - this note should have run first!!!

Later - Jim

#3 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 17 February 2007 - 07:59 AM

Welcome JimB :thumbsup:

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINNT\Downloaded Program Files\SbCIe02a.dll (file missing)

Exit Hijackthis.

***************************

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

Click 'Exit' on the Main menu to close the program.

***************************

Download and scan with the free 15 day trial of Counterspy
Once installed launch Counterspy.
Click on 'Spyware Scan',then click 'Updates' at the top right.
Once any available updates have been installed,click the 'Scan Now' button.
Save the report when it's finished:
1.Once Counterspy has done scanning,the 'Scan Results' box will appear.
2.Click on 'View Results'.
3.Under (Recommended Action),using the drop down menus at the side of each entry found,set EVERYTHING to 'Remove'.
4.Then click on 'Take Action'.
5.Once everything has been removed,click on 'View Details'.
6.Copy and Paste those details into a Word/Text document,then save it to your desktop.

***************************

Please run the F-Secure online virus/spyware scan using Internet Explorer:
http://support.f-secure.com/enu/home/ols3.shtml
Follow the directions in the F-Secure page for proper Installation.
Accept the License Agreement.
Once the ActiveX installs,Click ‘Custom Scan’ and be sure the following are checked:
1.Scan whole System
2.Scan all files
3.Scan whole system for rootkits
4.Scan whole system for spyware
5.Scan inside archives
6.Use advanced heuristics
Once the download completes,the scan will begin automatically.
The scan will take some time to finish,so please be patient.
When the scan completes, click the ‘I want to decide item by item’ button.
For each item found,Select ‘Disinfect’ and click ‘Next’.
Click the ‘Show Report’ button,then copy and paste the entire report into your next reply.

Reboot,post the Counterspy and F-Secure reports and a new Hijackthis log into your next reply.
Let me know how the pc is running now please.
Posted Image
Posted Image

#4 JimB

JimB
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Location:Fredericksburg, Va. (USA)
  • Local time:04:28 PM

Posted 17 February 2007 - 08:09 AM

Richie - thanks for the quick comeback. I will get rolling on your instructions and let you know.

Thanks a million in advance - Jim

#5 JimB

JimB
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Location:Fredericksburg, Va. (USA)
  • Local time:04:28 PM

Posted 17 February 2007 - 11:05 AM

Richie - Counterspy found three - I deleted and here's the log. I could not locate the F-Secure online virus/spyware scan (free) at their site. I only saw an option to purchase and plenty of help once you have the product.

Below this log is the revised HJT log.

Took the computer for a "test drive" after all this. All appears to be running OUTSTANDING. Please let me know if there is anything further you think I should do.

Many thanks in advance - Jim

---------------------------------------

Scan History Details
Start Date: 2/17/2007 8:30:07 AM
End Date: 2/17/2007 8:57:50 AM
Total Time: 27 Min 43 Sec
Detected security risks

Weatherbug Low Risk Adware more information...
Details: Weatherbug is an ad supported desktop weather applicaton that provides updates on weather conditions and displays real time temperatures in the taskbar icon.
Status: Deleted

Files detected
C:\PROGRAM FILES\MYWEBSEARCHWB\bar\History\search
C:\PROGRAM FILES\AWS
C:\PROGRAM FILES\MYWEBSEARCHWB
C:\PROGRAM FILES\MYWEBSEARCHWB\BAR
C:\PROGRAM FILES\MYWEBSEARCHWB\BAR\HISTORY
C:\PROGRAM FILES\MYWEBSEARCHWB\BAR\SETTINGS

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DC250EB2-2928-41C5-89C9-5FF86FEE1691}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DC250EB2-2928-41C5-89C9-5FF86FEE1691}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DC250EB2-2928-41C5-89C9-5FF86FEE1691}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DC250EB2-2928-41C5-89C9-5FF86FEE1691}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DC250EB2-2928-41C5-89C9-5FF86FEE1691}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DC250EB2-2928-41C5-89C9-5FF86FEE1691}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DC250EB2-2928-41C5-89C9-5FF86FEE1691}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DC250EB2-2928-41C5-89C9-5FF86FEE1691}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DC250EB2-2928-41C5-89C9-5FF86FEE1691}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\IMSIDE1EGATE.APPLICATION.1
HKEY_LOCAL_MACHINE\Software\Classes\IMSIDE1EGATE.APPLICATION.1
HKEY_LOCAL_MACHINE\Software\Classes\IMSIDE1EGATE.APPLICATION.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\IMSIDE1EGATE.APPLICATION.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX.1
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX.1
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0\0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0\0\win32
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0\0\win32
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0\FLAGS
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0\FLAGS
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\Software\Classes\WEATHERBUG.BARBUTTON
HKEY_LOCAL_MACHINE\Software\Classes\WEATHERBUG.BARBUTTON
HKEY_LOCAL_MACHINE\Software\Classes\WEATHERBUG.BARBUTTON.1
HKEY_LOCAL_MACHINE\Software\Classes\WEATHERBUG.BARBUTTON.1
HKEY_LOCAL_MACHINE\Software\Classes\WEATHERBUG.BARBUTTON.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\WEATHERBUG.BARBUTTON.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\WEATHERBUG.BARBUTTON\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\WEATHERBUG.BARBUTTON\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\WEATHERBUG.BARBUTTON\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\WEATHERBUG.BARBUTTON\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB\bar
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Command
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Command
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Command
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Command
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Command
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Command
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Command
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Command
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\CurrentStation
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\CurrentStation
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\CurrentStation
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\CurrentStation
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\CurrentStation
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Design
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\DownLoad
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\DownLoad
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\DownLoad
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\DownLoad
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\DownLoad
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\DownLoad
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\DownLoad
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\DownLoad
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\DownLoad
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\DownLoad
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\DownLoad
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\DownLoad
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Forecast
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Links
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Links
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Links
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Links
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Links
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Links
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Links
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Links
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Links
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Links
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Links
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Links
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Local
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Options
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Options
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Options
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Options
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Options
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Options
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Options
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Options
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Options
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Options
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Options
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Options
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Options
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Options
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\PWSWxData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\PWSWxData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Reg
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\setup
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\setup
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\setup
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\setup
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\setup
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\setup
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Warning
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Warning
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Warning
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Warning
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Warning
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Warning
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Warning
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Warning
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Warning
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Warning
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Warning
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Warning
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\WeatherData
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Web
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Web
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Web
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Web
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Web
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Web
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Web
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Web
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Web
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Web
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Web
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Web
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Web
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Web
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Web
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Web
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Web
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Web
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Web
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Web
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Web
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\AWS\Weather\Web
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\MYWEBSEARCHWB
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\MYWEBSEARCHWB\TemperatureBtn
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\MYWEBSEARCHWB\TemperatureBtn
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\MYWEBSEARCHWB\TemperatureBtn
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\MYWEBSEARCHWB\TemperatureBtn
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\MYWEBSEARCHWB\TemperatureBtn
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\MYWEBSEARCHWB\TemperatureBtn
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\MYWEBSEARCHWB\TemperatureBtn
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\MYWEBSEARCHWB\TemperatureBtn
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\MYWEBSEARCHWB\TemperatureBtn
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\MYWEBSEARCHWB\TemperatureBtn


My Search Bar Potentially Unwanted Program more information...
Details: My Search Bar and the variants "My Way Speedbar" and "My Way Search Assistant", are browser helper objects that allows you to search on multiple search engines.
Status: Deleted

Registry entries detected
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\NETSCAPE\NETSCAPE NAVIGATOR\AUTOMATION SHUTDOWN
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\NETSCAPE\NETSCAPE NAVIGATOR\AUTOMATION STARTUP


PeoplePal Toolbar Toolbar more information...
Details: PeoplePal Toolbar is an adware program that displays popup ads depending upon your surfing behavior.
Status: Deleted

Files detected
C:\DOCUMENTS AND SETTINGS\Owner\APPLICATION DATA\SCAMGUARD\blocklist.bin
C:\DOCUMENTS AND SETTINGS\Owner\APPLICATION DATA\SCAMGUARD\rules.bin
C:\DOCUMENTS AND SETTINGS\Owner\APPLICATION DATA\SCAMGUARD\whitelist.bin
C:\PROGRAM FILES\PeoplePC\Toolbar\block.wav
C:\PROGRAM FILES\PeoplePC\Toolbar\iplist.dat
C:\PROGRAM FILES\PeoplePC\Toolbar\peoplepal.htm
C:\PROGRAM FILES\PeoplePC\Toolbar\peoplepc.ico
C:\PROGRAM FILES\PeoplePC\Toolbar\PPCToolbar.dll
C:\PROGRAM FILES\PeoplePC\Toolbar\ScamGrd.dll
C:\PROGRAM FILES\PeoplePC\Toolbar\vssver.scc
C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\SCAMGUARD
C:\PROGRAM FILES\PEOPLEPC\TOOLBAR

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\PEOPLEPC.TOOLBAR
HKEY_LOCAL_MACHINE\Software\Classes\PEOPLEPC.TOOLBAR
HKEY_LOCAL_MACHINE\Software\Classes\PEOPLEPC.TOOLBAR.1
HKEY_LOCAL_MACHINE\Software\Classes\PEOPLEPC.TOOLBAR.1
HKEY_LOCAL_MACHINE\Software\Classes\PEOPLEPC.TOOLBAR.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\PEOPLEPC.TOOLBAR.1
HKEY_LOCAL_MACHINE\Software\Classes\PEOPLEPC.TOOLBAR\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\PEOPLEPC.TOOLBAR
HKEY_LOCAL_MACHINE\Software\Classes\PEOPLEPC.TOOLBAR\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\PEOPLEPC.TOOLBAR
HKEY_LOCAL_MACHINE\Software\Classes\PPCSCAMGUARD.PPCSCAMBHO
HKEY_LOCAL_MACHINE\Software\Classes\PPCSCAMGUARD.PPCSCAMBHO
HKEY_LOCAL_MACHINE\Software\Classes\PPCSCAMGUARD.PPCSCAMBHO.1
HKEY_LOCAL_MACHINE\Software\Classes\PPCSCAMGUARD.PPCSCAMBHO.1
HKEY_LOCAL_MACHINE\Software\Classes\PPCSCAMGUARD.PPCSCAMBHO.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\PPCSCAMGUARD.PPCSCAMBHO.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\PPCSCAMGUARD.PPCSCAMBHO\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\PPCSCAMGUARD.PPCSCAMBHO\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\PPCSCAMGUARD.PPCSCAMBHO\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\PPCSCAMGUARD.PPCSCAMBHO\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\PPCSCAMGUARD.PPCSCAMTOOLS
HKEY_LOCAL_MACHINE\Software\Classes\PPCSCAMGUARD.PPCSCAMTOOLS
HKEY_LOCAL_MACHINE\Software\Classes\PPCSCAMGUARD.PPCSCAMTOOLS.1
HKEY_LOCAL_MACHINE\Software\Classes\PPCSCAMGUARD.PPCSCAMTOOLS.1
HKEY_LOCAL_MACHINE\Software\Classes\PPCSCAMGUARD.PPCSCAMTOOLS.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\PPCSCAMGUARD.PPCSCAMTOOLS.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\PPCSCAMGUARD.PPCSCAMTOOLS\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\PPCSCAMGUARD.PPCSCAMTOOLS\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\PPCSCAMGUARD.PPCSCAMTOOLS\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\PPCSCAMGUARD.PPCSCAMTOOLS\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\PPCSCAMGUARD.PPCSCAMURLCHECKER
HKEY_LOCAL_MACHINE\Software\Classes\PPCSCAMGUARD.PPCSCAMURLCHECKER
HKEY_LOCAL_MACHINE\Software\Classes\PPCSCAMGUARD.PPCSCAMURLCHECKER.1
HKEY_LOCAL_MACHINE\Software\Classes\PPCSCAMGUARD.PPCSCAMURLCHECKER.1
HKEY_LOCAL_MACHINE\Software\Classes\PPCSCAMGUARD.PPCSCAMURLCHECKER.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\PPCSCAMGUARD.PPCSCAMURLCHECKER.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\PPCSCAMGUARD.PPCSCAMURLCHECKER\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\PPCSCAMGUARD.PPCSCAMURLCHECKER\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\PPCSCAMGUARD.PPCSCAMURLCHECKER\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\PPCSCAMGUARD.PPCSCAMURLCHECKER\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PEOPLEPC TOOLBAR
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PEOPLEPC TOOLBAR
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PEOPLEPC TOOLBAR
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PEOPLEPC TOOLBAR
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PEOPLEPC TOOLBAR
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PEOPLEPC TOOLBAR
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PEOPLEPC TOOLBAR
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PEOPLEPC TOOLBAR
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PEOPLEPC TOOLBAR
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\PEOPLEPC\TOOLBAR
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\PEOPLEPC\TOOLBAR\Allowed Addresses
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\PEOPLEPC\TOOLBAR\Allowed Addresses
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\PEOPLEPC\TOOLBAR
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\PEOPLEPC\TOOLBAR
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\PEOPLEPC\TOOLBAR
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\PEOPLEPC\TOOLBAR
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\PEOPLEPC\TOOLBAR
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\PEOPLEPC\TOOLBAR
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\PEOPLEPC\TOOLBAR
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\PEOPLEPC\TOOLBAR
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\PEOPLEPC\TOOLBAR\ScamGuard
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\PEOPLEPC\TOOLBAR\ScamGuard\Modules
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\PEOPLEPC\TOOLBAR\ScamGuard\Modules
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\PEOPLEPC\TOOLBAR\ScamGuard\Modules
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\PEOPLEPC\TOOLBAR\ScamGuard
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\PEOPLEPC\TOOLBAR\ScamGuard
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\PEOPLEPC\TOOLBAR
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\PEOPLEPC\TOOLBAR
HKEY_USERS\S-1-5-21-1548641837-2359680198-2892145863-1003\SOFTWARE\PEOPLEPC\TOOLBAR

--------------------------------------
REVISED HJT LOG FOLLOWS....
--------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 9:41:39 AM, on 2/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\na

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 17 February 2007 - 11:35 AM

Hi JimB,could you reboot your pc and post a new whole Hijackthis log into your next reply please.
Posted Image
Posted Image

#7 JimB

JimB
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Location:Fredericksburg, Va. (USA)
  • Local time:04:28 PM

Posted 17 February 2007 - 04:34 PM

Richie - here's the latest and the greatest - Jim

------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 4:30:40 PM, on 2/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.a...mp;bm=ho_search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://by108fd.bay108.hotmail.msn.com/cgi-...a432b022e73d860
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PPCScamBHO Class - {7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Gateway Extended Warranty] "C:\Program Files\Gateway\GWCares\GWCares.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\Owner\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB002" /M "Stylus CX4800"
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series (Copy 1)] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P35 "EPSON Stylus CX4800 Series (Copy 1)" /O5 "LPT1:" /M "Stylus CX4800"
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series (Copy 2)] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P35 "EPSON Stylus CX4800 Series (Copy 2)" /O5 "LPT1:" /M "Stylus CX4800"
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series (] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P28 "EPSON Stylus CX4800 Series (" /O5 "LPT1:" /M "Stylus CX4800"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINNT\System32\oobe\msoobe.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_7
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 17 February 2007 - 04:51 PM

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: PPCScamBHO Class - {7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll (file missing)
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\Owner\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].e xe -startup -product IncrediMail
Exit Hijackthis.

Your log is clean :thumbsup:
If all's ok,please do the following:

Clear your 'System Restore' points by doing the following:
Right-click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Select 'Turn Off System Restore On All Drives'.
Select 'Apply'.
You will then get the following warning:
"You have chosen to turn off System Restore.
If you continue,all existing restore points will be deleted,and you will not be able to track or undo changes to your computer.
Do you want to turn off System Restore?".
Then select 'Yes',your 'System Restore' directories will be purged.

Turn 'System Restore' back on:
Right click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Unselect 'Turn Off System Restore On All Drives'.
Select 'Apply',then click 'Ok'.

Create a new 'System Restore' point:
Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description,then click on 'Create',then click 'Close'.
The date and time is created automatically.

You should now go to Windows Update and install any available critical/high priority updates.

Read through the info found here,to help you prevent any possible future infections.
How did I get infected?
http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Posted Image
Posted Image

#9 JimB

JimB
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Location:Fredericksburg, Va. (USA)
  • Local time:04:28 PM

Posted 17 February 2007 - 05:21 PM

will do it and THANKS a million.
i really appreciate all the good help and advice I have received at this site.

All the best // Jim

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 17 February 2007 - 05:49 PM

You're most welcome Jim :thumbsup:

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users