Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop Ups On Websites


  • Please log in to reply
9 replies to this topic

#1 Vince86

Vince86

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 05 May 2007 - 11:55 AM

usually i don't get any popups, and suddenly i get popups in websites i would never get them, ie. gmail, kaplan websites. heres the log , i scanned for spyware already but the popup came up again.

Logfile of HijackThis v1.99.1
Scan saved at 12:50:49 PM, on 5/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\AOL\1137888590\ee\AOLSoftware.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
C:\Documents and Settings\Vincent Lee\Desktop\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137888590\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) - https://resnet.verify.binghamton.edu:8443/r.../CAT/CNICAT.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...424/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

thanks

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 05 May 2007 - 02:07 PM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Vince86 :thumbsup:

Please download Combofix and save to your desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.


********************************

Please download Sophos Anti-Rootkit,and save it on your desktop.
1. Double-click sarsfx.exe to extract the files and leave the default settings.
2. Open the folder C:\SOPHTEMP and double-click sargui.exe to start the program.
3. Make sure the following are checked:
- Running processes
- Windows Registry
- Local Hard Drives
4. Click the "Start Scan" button.
5. Click the "OK" button after you get the notification that the scan has finished and close the program.
6. Click on Start>Run and type, or copy and paste: %temp%\sarscan.log then press Enter.
7. This should open the log from the rootkit scan.
Post this log into your next reply.

Note:
If the scan is performed while the computer is in use, false positives may appear in the scan results.
This is caused by files or registry entries being deleted,including temporary files being deleted automatically.
It has also been reported that Trojan Hunter is detecting Sophos Anti-rootkit as Trojan.Dropper.Interlac.100
So if you have Trojan Hunter installed you will need to disable it prior to running a scan.
Posted Image
Posted Image

#3 Vince86

Vince86
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 06 May 2007 - 12:52 PM

Sophos Anti-Rootkit Version 1.3RC (data 1.06) © 2006 Sophos Plc
Started logging on 5/6/2007 at 13:39:08 PM
Stopped logging on 5/6/2007 at 13:47:20 PM

"Vincent Lee" - 2007-05-06 2:57:04 Service Pack 2
ComboFix 07-05.06.1.V - Running from: "C:\Documents and Settings\Vincent Lee\Desktop\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-06 to 2007-05-06 ))))))))))))))))))))))))))))))))))


2007-04-09 23:52 <DIR> d-------- C:\Program Files\Kap.MCAT


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-05 03:58:50 -------- d-----w C:\Program Files\SpywareBlaster
2007-05-03 18:58:03 -------- d-----w C:\Program Files\Google
2007-04-26 23:33:17 -------- d-----w C:\Program Files\WinBoard
2007-04-22 03:48:05 -------- d-----w C:\DOCUME~1\VINCEN~1\APPLIC~1.\LimeWire
2007-04-03 18:22:53 -------- d-----w C:\Program Files\Viewpoint
2007-04-02 18:41:35 -------- d-----w C:\Program Files\America Online 9.0
2007-03-31 01:48:51 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
2007-03-22 04:17:41 -------- d-----w C:\Program Files\LimeWire
2007-03-19 23:41:36 -------- d-----w C:\Program Files\iTunes
2007-03-19 23:41:32 -------- d-----w C:\Program Files\iPod
2007-03-19 23:40:53 -------- d-----w C:\Program Files\QuickTime
2007-03-19 23:39:36 -------- d-----w C:\Program Files\Apple Software Update
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-17 05:22:01 -------- d-----w C:\Program Files\Starcraft
2007-03-09 04:02:00 75,512 ----a-w C:\WINDOWS\zllsputility.exe
2007-03-09 04:01:42 1,087,216 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-07 23:32:08 -------- d-----w C:\Program Files\Yahoo!


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{53707962-6F74-2D53-2644-206D7942484F}"="C:\PROGRA~1\SPYBOT~1\SDHelper.dll"
"{5CA3D70E-1895-11CF-8E15-001234567890}"="C:\WINDOWS\system32\dla\tfswshx.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll"
"{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}"="C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"IntelWireless"="C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless"
"SbUsb AudCtrl"="RunDll32 sbusbdll.dll,RCMonitor"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1137888590\\ee\\AOLSoftware.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^america online 9.0 tray icon.lnk
C:\PROGRA~1\AMERIC~1.0\aoltray.exe -check

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hostmanager
C:\Program Files\Common Files\AOL\1137888590\ee\AOLSoftware.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ituneshelper
"C:\Program Files\iTunes\iTunesHelper.exe"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
WudfServiceGroup WUDFSvc\0\0
Usnsvc usnsvc\0\0

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*




[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbc7bd72-b32a-11db-a982-00038a000015}]
Shell\AutoRun\command F:\SETUP.EXE


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-06 03:01:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-06 3:01:09
C:\ComboFix-quarantined-files.txt ... 2007-05-06 03:01


all done thanks

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 06 May 2007 - 03:54 PM

Please Note:
Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u1'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u1-windows-i586-p.exe to install the newest version.

**********************************

Click on Start>Run and type Services.msc then hit Ok.
Scroll down and find the service called:
Messenger
When you find it, double-click on it.
In the next window that opens, click the 'Stop' button.
Then change the 'Startup Type:' to 'Disabled'.
Now press Apply and then Ok and close any open windows.

**********************************

Download and scan with the free 15 day trial of Counterspy V2
Save the report when it's finished:
1.Once Counterspy has done scanning,the 'Scan Results' box will appear.
2.Click on 'View Results'.
3.Under (Recommended Action),using the drop down menus at the side of each entry found,set EVERYTHING to 'Remove'.
4.Then click on 'Take Action'.
5.Once everything has been removed,click on 'View Details'.
6.Copy and Paste those details into a Word/Text document,then save it to your desktop.

Restart your pc,post the Counterspy report and a new Hijackthis log please.
Let me know whats happening now please.
Posted Image
Posted Image

#5 Vince86

Vince86
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 09 May 2007 - 06:14 PM

Scan History Details
Start Date: 5/9/2007 4:22:33 PM
End Date: 5/9/2007 5:15:51 PM
Total Time: 53 Min 18 Sec
Detected security risks

Cookie: AdKnowledge.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\vincent lee\cookies\vincent lee@adknowledge[2].txt


Weatherbug Low Risk Adware more information...
Details: Weatherbug is an ad supported desktop weather applicaton that provides updates on weather conditions and displays real time temperatures in the taskbar icon.
Status: Ignored

Files detected
C:\PROGRAM FILES\AWS\WeatherBug\REMOVE.EXE
C:\PROGRAM FILES\MYWEBSEARCHWB\bar\History\search
C:\PROGRAM FILES\AWS
C:\PROGRAM FILES\AWS\WEATHERBUG
C:\PROGRAM FILES\MYWEBSEARCHWB
C:\PROGRAM FILES\MYWEBSEARCHWB\BAR
C:\PROGRAM FILES\MYWEBSEARCHWB\BAR\HISTORY
C:\PROGRAM FILES\MYWEBSEARCHWB\BAR\SETTINGS

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Control
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Implemented Categories
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\MiscStatus
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\MiscStatus
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\MiscStatus\1
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\MiscStatus\1
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Programmable
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\ToolboxBitmap32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\ToolboxBitmap32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Version
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Version
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\IMSIDE1EGATE.APPLICATION.1
HKEY_LOCAL_MACHINE\Software\Classes\IMSIDE1EGATE.APPLICATION.1
HKEY_LOCAL_MACHINE\Software\Classes\IMSIDE1EGATE.APPLICATION.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\IMSIDE1EGATE.APPLICATION.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX.1
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX.1
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\MINIBUGTRANSPORTER.MINIBUGTRANSPORTERX\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0\0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0\0\win32
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0\0\win32
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0\FLAGS
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0\FLAGS
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{3C2D2A1E-031F-4397-9614-87C932A848E0}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYWEBSEARCHWB\bar
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Command
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Command
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Command
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Command
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Command
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Command
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Command
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Command
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\CurrentStation
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\CurrentStation
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\CurrentStation
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\CurrentStation
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\CurrentStation
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Design
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\DownLoad
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\DownLoad
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\DownLoad
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\DownLoad
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\DownLoad
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\DownLoad
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\DownLoad
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\DownLoad
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\DownLoad
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\DownLoad
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\DownLoad
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Forecast
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Forecast
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Forecast
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Forecast
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Forecast
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Forecast
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Forecast
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Forecast
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Forecast
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Forecast
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Forecast
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Forecast
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Forecast
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Forecast
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Forecast
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Forecast
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Forecast
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Forecast
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Forecast
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Forecast
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Forecast
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Links
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Links
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Links
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Links
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Links
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Links
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Links
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Links
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Links
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Links
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Links
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Links
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Local
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Options
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\PWSWxData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\PWSWxData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\PWSWxData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Reg
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\setup
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\setup
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\setup
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\setup
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\setup
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\setup
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\setup
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Warning
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Warning
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Warning
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Warning
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Warning
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Warning
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Warning
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Warning
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Warning
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Warning
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Warning
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Warning
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Warning
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Warning
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\WeatherData
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Web
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Web
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Web
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Web
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Web
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Web
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Web
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Web
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Web
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Web
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Web
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Web
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Web
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Web
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Web
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Web
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Web
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\AWS\weather\Web
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\MYWEBSEARCHWB
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\MYWEBSEARCHWB\TemperatureBtn
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\MYWEBSEARCHWB\TemperatureBtn
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\MYWEBSEARCHWB\TemperatureBtn
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\MYWEBSEARCHWB\TemperatureBtn
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\MYWEBSEARCHWB\TemperatureBtn
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\MYWEBSEARCHWB\TemperatureBtn
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\MYWEBSEARCHWB\TemperatureBtn
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\MYWEBSEARCHWB\TemperatureBtn
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\MYWEBSEARCHWB\TemperatureBtn
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\MYWEBSEARCHWB\TemperatureBtn


My Way Speedbar Potentially Unwanted Program more information...
Details: MyWay Speedbar is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking.
Status: Ignored

Files detected
C:\Documents and Settings\Vincent Lee\Desktop\HijackThis\backups\backup-20060812-223722-211.dll


Desktop Weather Potentially Unwanted Program more information...
Status: Ignored

Registry entries detected
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\THE WEATHER CHANNEL
HKEY_USERS\S-1-5-21-192930704-50244355-1207564641-1006\SOFTWARE\THE WEATHER CHANNEL\DW3

Logfile of HijackThis v1.99.1
Scan saved at 7:11:02 PM, on 5/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\AOL\1137888590\ee\AOLSoftware.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOW

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 09 May 2007 - 06:32 PM

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,on the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.
Posted Image
Posted Image

#7 Vince86

Vince86
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 11 May 2007 - 09:45 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/11/2007 at 10:36 PM

Application Version : 3.7.1018

Core Rules Database Version : 3237
Trace Rules Database Version: 1248

Scan type : Complete Scan
Total Scan Time : 00:55:48

Memory items scanned : 615
Memory threats detected : 0
Registry items scanned : 5900
Registry threats detected : 0
File items scanned : 38506
File threats detected : 8

Adware.Tracking Cookie
C:\Documents and Settings\Vincent Lee\Cookies\vincent_lee@partner2profit[1].txt
C:\Documents and Settings\Vincent Lee\Cookies\vincent lee@nextag[2].txt
C:\Documents and Settings\Vincent Lee\Cookies\vincent_lee@ads.web.aol[2].txt
C:\Documents and Settings\Vincent Lee\Cookies\vincent_lee@ar.atwola[1].txt
C:\Documents and Settings\Vincent Lee\Cookies\vincent_lee@revsci[1].txt
C:\Documents and Settings\Vincent Lee\Cookies\vincent lee@adknowledge[2].txt
C:\Documents and Settings\Vincent Lee\Cookies\vincent_lee@atwola[2].txt

MyWay Search Assistant Computers
C:\DOCUMENTS AND SETTINGS\VINCENT LEE\DESKTOP\HIJACKTHIS\BACKUPS\BACKUP-20060812-223722-211.DLL

Logfile of HijackThis v1.99.1
Scan saved at 10:41:27 PM, on 5/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\AOL\1137888590\ee\AOLSoftware.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Vincent Lee\Desktop\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137888590\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) - https://resnet.verify.binghamton.edu:8443/r.../CAT/CNICAT.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...424/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

computer hasn't had another popup on normal sites.

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 12 May 2007 - 01:30 AM

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

Exit Hijackthis.

******************

Your log is clean :thumbsup:
If all's ok,please do the following:

Find and delete: C:\QooBox

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
Posted Image
Posted Image

#9 Vince86

Vince86
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 13 May 2007 - 12:06 AM

hey i couldn't find QooBox on local drive C... but other than that i can do, thanks!

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 13 May 2007 - 03:44 AM

You've nothing to be concerned about,you're good to go :thumbsup:
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users