| Hi, I have three logs to post but don't know if I should put them all in one post, but I will and see what happens. Also, my virus is on the laptop and not this pc, but I can't get on the internet on the laptop so I've had to save on a flashdrive in order to show you the logs. I am not very computer literate so please don't go mad at me for what I've done here, but thanks for your help. One other thing, the problem I had is still there. So I don't know what to do next!! Here goes:
Logfile of HijackThis v1.99.1
Scan saved at 21:39:58, on 29/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\LSAS.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\FTR\ForTheRecord\TheRecordNavigatorDetector.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\SPOOL.EXE
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBRR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {15E83E49-5B2A-4657-8DA7-2241169258A8} - (no file) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe" O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" O4 - HKLM\..\Run: [TheRecordNavigatorDetector] C:\Program Files\FTR\ForTheRecord\TheRecordNavigatorDetector.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Print Spooler] C:\WINDOWS\system32\SPOOL.EXE O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [Administrator] C:\Documents and Settings\Administrator\Administrator.exe O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: Open with Zoho Office Suite - file://c:/Program Files/zoho/zoho.htm O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing) O20 - AppInit_DLLs: APSHook.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: ddcArPFW - ddcArPFW.dll (file missing) O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: __c00BC0AE - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe O23 - Service: BGRaSvc - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
Generated 09/29/2008 at 07:27 PM
Application Version : 4.21.1004
Core Rules Database Version : 3555
Trace Rules Database Version: 1543
Scan type : Complete Scan
Total Scan Time : 00:52:03
Memory items scanned : 599
Memory threats detected : 1
Registry items scanned : 6360
Registry threats detected : 158
File items scanned : 25542
File threats detected : 223
Trojan.Downloader-Gen
C:\WINDOWS\SYSTEM32\CSRLT.EXE
C:\WINDOWS\SYSTEM32\CSRLT.EXE
[CSRLT.EXE] C:\WINDOWS\SYSTEM32\CSRLT.EXE
Trojan.Downloader-Gen/Win
[MSBLT.EXE] C:\WINDOWS\MSBLT.EXE
C:\WINDOWS\MSBLT.EXE
Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{32341E7E-C319-46DE-91D0-E30BB1A3CABA}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32341E7E-C319-46DE-91D0-E30BB1A3CABA}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{32341E7E-C319-46DE-91D0-E30BB1A3CABA}
HKCR\CLSID\{32341E7E-C319-46DE-91D0-E30BB1A3CABA}
HKCR\CLSID\{32341E7E-C319-46DE-91D0-E30BB1A3CABA}\InprocServer32
HKCR\CLSID\{32341E7E-C319-46DE-91D0-E30BB1A3CABA}\InprocServer32#ThreadingModel
Browser Hijacker.Begin2Search
HKLM\Software\Classes\CLSID\{999A06FF-10EF-4A29-8640-69E99882C26B}
HKCR\CLSID\{999A06FF-10EF-4A29-8640-69E99882C26B}
HKCR\CLSID\{999A06FF-10EF-4A29-8640-69E99882C26B}
HKCR\CLSID\{999A06FF-10EF-4A29-8640-69E99882C26B}\InprocServer32
HKCR\CLSID\{999A06FF-10EF-4A29-8640-69E99882C26B}\InprocServer32#ThreadingModel
HKCR\CLSID\{999A06FF-10EF-4A29-8640-69E99882C26B}\ProgID
HKCR\CLSID\{999A06FF-10EF-4A29-8640-69E99882C26B}\Programmable
HKCR\CLSID\{999A06FF-10EF-4A29-8640-69E99882C26B}\TypeLib
HKCR\CLSID\{999A06FF-10EF-4A29-8640-69E99882C26B}\VersionIndependentProgID
HKCR\trfdsk.ohb.1
HKCR\trfdsk.ohb.1\CLSID
HKCR\trfdsk.ohb
HKCR\trfdsk.ohb\CLSID
HKCR\trfdsk.ohb\CurVer
HKCR\TypeLib\{DA15C9A2-C30A-4761-922A-5DFE7C9A1F67}
HKCR\TypeLib\{DA15C9A2-C30A-4761-922A-5DFE7C9A1F67}\1.0
HKCR\TypeLib\{DA15C9A2-C30A-4761-922A-5DFE7C9A1F67}\1.0\0
HKCR\TypeLib\{DA15C9A2-C30A-4761-922A-5DFE7C9A1F67}\1.0\0\win32
HKCR\TypeLib\{DA15C9A2-C30A-4761-922A-5DFE7C9A1F67}\1.0\FLAGS
HKCR\TypeLib\{DA15C9A2-C30A-4761-922A-5DFE7C9A1F67}\1.0\HELPDIR
C:\WINDOWS\SYSTEM32\NSC64.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{999A06FF-10EF-4A29-8640-69E99882C26B}
HKCR\Interface\{018C5406-AEE6-4A68-980F-2CEB1E9416FB}
HKCR\Interface\{018C5406-AEE6-4A68-980F-2CEB1E9416FB}\ProxyStubClsid
HKCR\Interface\{018C5406-AEE6-4A68-980F-2CEB1E9416FB}\ProxyStubClsid32
HKCR\Interface\{018C5406-AEE6-4A68-980F-2CEB1E9416FB}\TypeLib
HKCR\Interface\{018C5406-AEE6-4A68-980F-2CEB1E9416FB}\TypeLib#Version
HKCR\Interface\{0A7FC040-F84A-4AD7-9439-798B6C0F861E}
HKCR\Interface\{0A7FC040-F84A-4AD7-9439-798B6C0F861E}\ProxyStubClsid
HKCR\Interface\{0A7FC040-F84A-4AD7-9439-798B6C0F861E}\ProxyStubClsid32
HKCR\Interface\{0A7FC040-F84A-4AD7-9439-798B6C0F861E}\TypeLib
HKCR\Interface\{0A7FC040-F84A-4AD7-9439-798B6C0F861E}\TypeLib#Version
HKCR\Interface\{32A9D21F-F510-44DC-9EA6-0456EDA04668}
HKCR\Interface\{32A9D21F-F510-44DC-9EA6-0456EDA04668}\ProxyStubClsid
HKCR\Interface\{32A9D21F-F510-44DC-9EA6-0456EDA04668}\ProxyStubClsid32
HKCR\Interface\{32A9D21F-F510-44DC-9EA6-0456EDA04668}\TypeLib
HKCR\Interface\{32A9D21F-F510-44DC-9EA6-0456EDA04668}\TypeLib#Version
HKCR\Interface\{4562B6F3-DAF8-464E-87B7-5464575F0D6A}
HKCR\Interface\{4562B6F3-DAF8-464E-87B7-5464575F0D6A}\ProxyStubClsid
HKCR\Interface\{4562B6F3-DAF8-464E-87B7-5464575F0D6A}\ProxyStubClsid32
HKCR\Interface\{4562B6F3-DAF8-464E-87B7-5464575F0D6A}\TypeLib
HKCR\Interface\{4562B6F3-DAF8-464E-87B7-5464575F0D6A}\TypeLib#Version
HKCR\Interface\{C93CC79D-02D5-45B0-BE39-7F5B0E5DDA31}
HKCR\Interface\{C93CC79D-02D5-45B0-BE39-7F5B0E5DDA31}\ProxyStubClsid
HKCR\Interface\{C93CC79D-02D5-45B0-BE39-7F5B0E5DDA31}\ProxyStubClsid32
HKCR\Interface\{C93CC79D-02D5-45B0-BE39-7F5B0E5DDA31}\TypeLib
HKCR\Interface\{C93CC79D-02D5-45B0-BE39-7F5B0E5DDA31}\TypeLib#Version
HKCR\Interface\{DA4B919F-B757-4E32-8D79-DEC5C2704C4B}
HKCR\Interface\{DA4B919F-B757-4E32-8D79-DEC5C2704C4B}\ProxyStubClsid
HKCR\Interface\{DA4B919F-B757-4E32-8D79-DEC5C2704C4B}\ProxyStubClsid32
HKCR\Interface\{DA4B919F-B757-4E32-8D79-DEC5C2704C4B}\TypeLib
HKCR\Interface\{DA4B919F-B757-4E32-8D79-DEC5C2704C4B}\TypeLib#Version
Trojan.Dropper/SVCHost-Fake
HKLM\System\ControlSet001\Services\svchost
C:\RECYCLER\S-1-5-21-606747145-1085031214-725345543-500\SVCHOST.EXE
HKLM\System\ControlSet001\Enum\Root\LEGACY_svchost
HKLM\System\ControlSet002\Services\svchost
HKLM\System\ControlSet002\Enum\Root\LEGACY_svchost
HKLM\System\ControlSet003\Services\svchost
HKLM\System\ControlSet003\Enum\Root\LEGACY_svchost
HKLM\System\CurrentControlSet\Services\svchost
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_svchost
Adware.Zango Toolbar/Hb
HKCR\CoreSrv.CoreServices
HKCR\CoreSrv.CoreServices\CurVer
HKCR\CoreSrv.CoreServices.1
HKCR\CoreSrv.LfgAx
HKCR\CoreSrv.LfgAx\CurVer
HKCR\CoreSrv.LfgAx.1
HKCR\HBMain.CommBand
HKCR\HBMain.CommBand\CurVer
HKCR\HBMain.CommBand.1
HKCR\hbr.HbMain
HKCR\hbr.HbMain\CurVer
HKCR\hbr.HbMain.1
HKCR\HostOL.MailAnim
HKCR\HostOL.MailAnim\CurVer
HKCR\HostOL.MailAnim.1
HKCR\HostOL.WebmailSend
HKCR\HostOL.WebmailSend\CurVer
HKCR\HostOL.WebmailSend.1
HKCR\Srv.CoreServices
HKCR\Srv.CoreServices\CurVer
HKCR\Srv.CoreServices.1
HKCR\Toolbar.HtmlMenuUI
HKCR\Toolbar.HtmlMenuUI\CurVer
HKCR\Toolbar.HtmlMenuUI.1
HKCR\Toolbar.ToolbarCtl
HKCR\Toolbar.ToolbarCtl\CurVer
HKCR\Toolbar.ToolbarCtl.1
HKCR\ZangoAX.ClientDetector
HKCR\ZangoAX.ClientDetector\CurVer
HKCR\ZangoAX.ClientDetector.1
HKCR\ZangoAX.UserProfiles
HKCR\ZangoAX.UserProfiles\CurVer
HKCR\ZangoAX.UserProfiles.1
HKU\S-1-5-21-3693357906-3494897100-1944452703-500\Software\zangosa
C:\Documents and Settings\Administrator\Application Data\Zango\eskin\080106TA18
C:\Documents and Settings\Administrator\Application Data\Zango\eskin
C:\Documents and Settings\Administrator\Application Data\Zango\IESkins
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\HostOI\dynamic
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\HostOI\static\1
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\HostOI\static\2
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\HostOI\static\DownLoad
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\HostOI\static
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\HostOI
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\HostOL\dynamic
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\HostOL\static
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\HostOL
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\1.sdf
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\1206583.sdf
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\2208948.sdf
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\298329.sdf
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\344stat
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\512217.sdf
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\794119.sdf
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\805478.sdf
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\890068.sdf
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\domains.txt
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000044868
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\13546
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\13863
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20517
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\23889
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\241998
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\25047
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\251438
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\27503
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\28065
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32122
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34186
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\398397
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\42208
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44228
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\4500
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\45437
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\482360
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\531510
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\55725
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\56412
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\56815
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\56829
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\578081
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\578140
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\585345
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\59340
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\61212
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\61779
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\61837
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6292
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\62936
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64434
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64646
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64747
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\66851
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\70907
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\749571
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753300
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753366
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79246
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\82292
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\85062
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\86090
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\87385
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\87410
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\90358
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95716
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\97499
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\97518
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\97524
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\ustat\36d8.dat
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic\ustat
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\dynamic
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\1
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\avatar.res
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\btntrans.idx
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\btntrans1.dat
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\buttondir.txt
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\components.cdf
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\cursors.res
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\default.cdf
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\Default_511745-514279.mnu
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-ca.mnu
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-us.mnu
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\Default_categorize.mnu
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\Default_comparison.mnu
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-Mails.mnu
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-people.mnu
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\Default_favorites.mnu
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\Default_Games.mnu
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\Default_Hide.mnu
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\Default_hotbarcom.mnu
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\Default_Hotmail.mnu
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\Default_hsskin.mnu
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\Default_jemster.mnu
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\Default_jemsterie.mnu
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\Default_jemsteruk.mnu
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\Default_jobsearch.mnu
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\Default_Mails.mnu
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\Default_MobileSidewalk.mnu
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\Default_new.mnu
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\Default_premium.mnu
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\Default_reun.mnu
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\Default_ringtones.mnu
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\Default_searchfor.mnu
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\Default_searchgo.mnu
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\Default_weather.mnu
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\Default_yellowpages.mnu
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_1000.res
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_2000.res
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_3000.res
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_bar.res
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_bbar1.res
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_logos.res
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_other.res
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\d_icons_weather.res
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\editblbuttons.res
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\email-def-511724-548964.mnu
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\email-def-511724-9595.mnu
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\email-t1-bg.res
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\icons2.res
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\ie_games_icon.res
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\ie_video.res
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\keywords.idx
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\keywords1.dat
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\layout.cdf
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\linkpathlegal.txt
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\progress.res
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\sales_buttons.res
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\sdfmodifier.xml
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\s_icons_buttons.res
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\t2_bg.res
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\theweb.mnu
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\top7.cdf
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\Top7_theweb.mnu
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\tsd_bg.res
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\zango_btn.res
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2\zango_ie_menu.res
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\2
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\DownLoad\avatar.xip
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans.xip
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans1.xip
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\DownLoad\buttondir.xip
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.xip
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\DownLoad\default.xip
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\DownLoad\editblbuttons.xip
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\DownLoad\icons2.xip
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.xip
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.xip
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.xip
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords1.xip
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.xip
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\DownLoad\sdfmodifier.xip
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\DownLoad\top7.xip
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_btn.xip
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_ie_menu.xip
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static\DownLoad
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango\static
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0\Zango
C:\Documents and Settings\Administrator\Application Data\Zango\v3.0
C:\Documents and Settings\Administrator\Application Data\Zango
Adware.WsnPoem
C:\WINDOWS\system32\wsnpoem\001836F9.uf
C:\WINDOWS\system32\wsnpoem\audio.dll.cla
C:\WINDOWS\system32\wsnpoem
Adware.Zango/ShoppingReport
HKCR\CntntCntr.CntntDic
HKCR\CntntCntr.CntntDic\CurVer
HKCR\CntntCntr.CntntDic.1
HKCR\CntntCntr.CntntDisp
HKCR\CntntCntr.CntntDisp\CurVer
HKCR\CntntCntr.CntntDisp.1
HKCR\ShoppingReport.HbAx
HKCR\ShoppingReport.HbAx\CurVer
HKCR\ShoppingReport.HbAx.1
HKCR\ShoppingReport.HbInfoBand
HKCR\ShoppingReport.HbInfoBand\CurVer
HKCR\ShoppingReport.HbInfoBand.1
HKCR\ShoppingReport.IEButton
HKCR\ShoppingReport.IEButton\CurVer
HKCR\ShoppingReport.IEButton.1
HKCR\ShoppingReport.IEButtonA
HKCR\ShoppingReport.IEButtonA\CurVer
HKCR\ShoppingReport.IEButtonA.1
HKCR\WeatherDPA.WeatherController
HKCR\WeatherDPA.WeatherController\CurVer
HKCR\WeatherDPA.WeatherController.1
HKCR\CLSID\{8C788AA2-7530-43BE-97B7-4D491F13BEA3}
HKCR\CLSID\{8C788AA2-7530-43BE-97B7-4D491F13BEA3}\Implemented Categories
HKCR\CLSID\{8C788AA2-7530-43BE-97B7-4D491F13BEA3}\Implemented Categories\{37178B8A-8779-485E-806F-AC0CE33DF4AA}
HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}
HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0
HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\0
HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\0\win32
HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\FLAGS
HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\HELPDIR
HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}
HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0
HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\0
HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\0\win32
HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\FLAGS
HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\HELPDIR
HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}
HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid
HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid32
HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib
HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib#Version
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid32
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib#Version
HKU\S-1-5-21-3693357906-3494897100-1944452703-500\Software\ShoppingReport
HKLM\Software\ShoppingReport
HKLM\Software\ShoppingReport#affid
HKLM\Software\ShoppingReport#Version
HKLM\Software\ShoppingReport#ProductName
HKLM\Software\ShoppingReport#requestor
HKLM\Software\ShoppingReport#SG_Not_Set
C:\Program Files\ShoppingReport\Bin\2.5.0
C:\Program Files\ShoppingReport\Bin
C:\Program Files\ShoppingReport
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\db
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\dwld
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\report
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\res2
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs
C:\Documents and Settings\Administrator\Application Data\ShoppingReport
C:\Documents and Settings\Administrator\Application Data\WeatherDPA\Weather\WeatherDPA\Weather_XML
C:\Documents and Settings\Administrator\Application Data\WeatherDPA\Weather\WeatherDPA
C:\Documents and Settings\Administrator\Application Data\WeatherDPA\Weather
C:\Documents and Settings\Administrator\Application Data\WeatherDPA
Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\aoprndtws
HKLM\SOFTWARE\Microsoft\FCOVM
HKLM\SOFTWARE\Microsoft\RemoveRP
HKU\S-1-5-21-3693357906-3494897100-1944452703-500\Software\Microsoft\rdfa
Rogue.VirusRemover2008
C:\Program Files\VirusRemover2008
Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@virusremover2008plus[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@paypal.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adsrevenue[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@clickarrows[1].txt
C:\Documents and Settings\LocalService\Cookies\system@mywebsearch[2].txt
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[1].txt
C:\Documents and Settings\LocalService\Cookies\system@msnportal.112.2o7[1].txt
C:\Documents and Settings\LocalService\Cookies\system@specificclick[2].txt
C:\Documents and Settings\LocalService\Cookies\system@2o7[2].txt
Adware.180solutions/Seekmo/Zango
C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS\NPCLNTAX_ZANGOSA.DLL
ComboFix 08-09-28.01 - Administrator 2008-09-29 21:16:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.397 [GMT 1:00]
Running from: F:\ComboFix.exe
* Resident AV is active
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\Documents and Settings\All Users\Application Data\ZangoSA
C:\Program Files\FunWebProducts
C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search3
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\bsc32.dll
C:\WINDOWS\system32\Setup\drona
C:\WINDOWS\system32\Setup\drona\aIRCversions.txt
C:\WINDOWS\system32\Setup\drona\aliases.ini
C:\WINDOWS\system32\Setup\drona\control.ini
C:\WINDOWS\system32\Setup\drona\id3nt.txt
C:\WINDOWS\system32\Setup\drona\IRC.ICO
C:\WINDOWS\system32\Setup\drona\mirc.exe
C:\WINDOWS\system32\Setup\drona\mirc.ini
C:\WINDOWS\system32\Setup\drona\nicks.txt
C:\WINDOWS\system32\Setup\drona\popups.txt
C:\WINDOWS\system32\Setup\drona\remote.ini
C:\WINDOWS\system32\Setup\drona\script.ini
C:\WINDOWS\system32\Setup\drona\servers.ini
C:\WINDOWS\system32\Setup\drona\Thumbs.db
C:\WINDOWS\system32\Setup\drona\users.ini
C:\WINDOWS\system32\Setup\drona\vchanger.dat
C:\WINDOWS\system32\Setup\drona\version.mrc
C:\WINDOWS\system32\spool.exe
C:\WINDOWS\system32\vwgnrcvn.ini
C:\xcrashdump.dat
E:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-29 )))))))))))))))))))))))))))))))
.
2008-09-29 20:50 . 2008-09-29 20:50 <DIR> d-------- C:\Program Files\CCleaner
2008-09-29 18:28 . 2008-09-29 18:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-29 18:27 . 2008-09-29 18:27 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-29 18:27 . 2008-09-29 18:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-09-29 18:17 . 2008-09-29 18:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-29 14:21 . 2008-09-29 14:21 <DIR> d-------- C:\Program Files\Bazooka Scanner
2008-09-29 12:44 . 2008-09-29 12:44 17,408 --a------ C:\WINDOWS\LSAS.EXE
2008-09-29 10:54 . 2008-09-29 11:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BullGuard
2008-09-29 10:54 . 2008-09-29 15:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BullGuard
2008-09-29 10:53 . 2008-09-18 10:17 234,640 --a------ C:\WINDOWS\system32\drivers\AfwCore.sys
2008-09-29 10:52 . 2008-03-13 15:27 52,560 --a------ C:\WINDOWS\system32\drivers\BdFileSpy.sys
2008-09-29 10:51 . 2008-09-29 10:51 <DIR> d-------- C:\Program Files\BullGuard Ltd
2008-09-29 03:16 . 2008-09-29 21:20 1,351 --a------ C:\WINDOWS\iexplore.html
2008-09-29 02:25 . 2008-09-29 02:41 <DIR> d-------- C:\Program Files\RegCure
2008-09-29 01:14 . 2008-09-29 01:14 <DIR> d-------- C:\Program Files\AVG
2008-09-29 01:14 . 2008-09-29 12:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-29 01:02 . 2008-09-29 01:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AdwareAlert
2008-09-28 11:24 . 2008-09-29 14:30 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-09-28 10:36 . 2007-11-27 22:56 91,328 --a------ C:\WINDOWS\system32\drivers\msfwdrv.sys
2008-09-28 10:35 . 2007-11-27 22:56 116,416 --a------ C:\WINDOWS\system32\drivers\msfwhlpr.sys
2008-09-28 10:13 . 2008-09-28 10:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\System Doctor Free
2008-09-28 10:13 . 2008-09-28 10:13 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-09-28 10:09 . 2008-09-28 10:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\VirusRemover2008
2008-09-28 01:13 . 2008-09-29 10:59 <DIR> d-------- C:\WINDOWS\system32\cache32_rtneg3
2008-09-28 01:13 . 2008-09-29 21:16 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-09-28 01:12 . 2008-09-28 01:12 <DIR> d-------- C:\Program Files\alot
2008-09-28 01:12 . 2008-09-28 01:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\alot
2008-09-28 01:11 . 2008-09-28 01:11 <DIR> d-------- C:\Program Files\GIMP-2.0
2008-09-28 01:08 . 2008-09-28 01:08 <DIR> d-------- C:\Program Files\e frontier
2008-09-28 01:08 . 2008-09-28 01:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\FunWebProducts
2008-09-27 21:52 . 2008-09-28 00:31 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-09-27 21:08 . 2004-08-04 14:00 2,549 --a------ C:\WINDOWS\system32\ftpctrs.h
2008-09-27 18:36 . 2007-04-17 10:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-09-27 18:36 . 2007-03-08 06:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-09-27 17:45 . 2001-07-21 14:23 8,002 --a------ C:\WINDOWS\system32\smtpctrs.h
2008-09-27 17:45 . 2001-07-21 14:23 773 --a------ C:\WINDOWS\system32\ntfsdrct.h
2008-09-27 16:54 . 2008-09-28 01:21 <DIR> d-------- C:\WINDOWS\system32\twain_32
2008-09-26 20:53 . 2008-09-28 01:13 <DIR> d-------- C:\Program Files\Norton 360
2008-09-26 20:50 . 2008-09-28 01:13 <DIR> d-------- C:\Program Files\Symantec
2008-09-26 17:42 . 2008-09-26 20:00 532,992 --a------ C:\WINDOWS\system32\upd01.exe
2008-09-26 17:42 . 2008-09-29 12:44 532,992 --a------ C:\WINDOWS\divxapi32.dll
2008-09-22 01:30 . 2008-09-22 01:30 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-21 19:46 . 2008-09-21 19:46 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
2008-09-21 19:46 . 2008-09-21 19:46 <DIR> d-------- C:\Documents and Settings\Administrator\.thumbnails
2008-09-21 19:34 . 2008-09-21 19:51 <DIR> d-------- C:\Documents and Settings\Administrator\.gimp-2.4
2008-09-19 14:48 . 2008-09-19 14:48 14,152 --a------ C:\WINDOWS\system32\client_cc.dll
2008-09-18 14:51 . 2008-09-18 14:51 <DIR> d-------- C:\Program Files\Eye Candy 4000
2008-09-18 14:51 . 1999-06-25 10:56 127,184 --a------ C:\Program Files\UNWISE.EXE
2008-09-18 14:38 . 2008-09-20 11:02 2,527 --a------ C:\WINDOWS\system32\mssc32.dll
2008-09-18 10:17 . 2008-09-18 10:17 30,864 --a------ C:\WINDOWS\system32\drivers\afw.sys
2008-09-18 02:29 . 2008-09-18 02:29 <DIR> d-------- C:\Eye Candy 4000
2008-09-18 02:29 . 1997-03-17 12:33 812,297 --a------ C:\EyeCandy.pdf
2008-09-18 02:29 . 2001-04-02 16:31 550,602 --a------ C:\EyeCand3.8bf
2008-09-18 02:29 . 2001-04-02 16:22 409,600 --a------ C:\EC3-ENG.8BF
2008-09-18 02:29 . 2008-09-21 22:42 374,272 --a------ C:\WINDOWS\EyeCand3.INI
2008-09-18 02:29 . 1999-06-25 10:56 127,184 --a------ C:\UNWISE.EXE
2008-09-18 02:29 . 2000-08-01 17:37 7,944 --a------ C:\Girlpill.gif
2008-09-17 18:11 . 2008-09-22 01:33 <DIR> d-------- C:\Program Files\QuickTime
2008-09-17 18:10 . 2008-09-17 18:10 <DIR> d-------- C:\Program Files\iTunes
2008-09-17 18:10 . 2008-09-17 18:10 <DIR> d-------- C:\Program Files\iPod
2008-09-12 12:42 . 2008-09-17 18:10 <DIR> d-------- C:\Program Files\iTunes(2)
2008-09-12 12:42 . 2008-09-17 18:10 <DIR> d-------- C:\Program Files\iPod(2)
2008-09-12 12:41 . 2008-09-17 18:10 <DIR> d-------- C:\Program Files\Bonjour(2)
2008-09-12 12:40 . 2008-09-17 18:11 <DIR> d-------- C:\Program Files\QuickTime(2)
2008-09-12 12:32 . 2008-09-17 18:11 <DIR> d-------- C:\Program Files\Safari
2008-09-12 12:30 . 2008-09-17 18:11 <DIR> d-------- C:\Program Files\Apple Software Update(2)
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-09-03 19:23 . 2008-09-12 10:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-03 19:23 . 2008-09-03 19:23 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-01 01:34 . 2008-09-01 01:35 <DIR> d-------- C:\Program Files\Common Files\Jasc Software Inc
2008-09-01 01:00 . 2008-09-01 20:24 136,649 --a------ C:\Vincenzo.htm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-29 20:24 17,408 ----a-w C:\WINDOWS\system32\apsrv32.exe
2008-09-29 20:05 --------- d-----w C:\Documents and Settings\Administrator\Application Data\OpenOffice.org2
2008-09-29 11:44 532,992 ----a-w C:\WINDOWS\system32\SPOOL.EXE
2008-09-29 01:03 5,820 ----a-w C:\WINDOWS\system32\tmp.reg
2008-09-29 00:46 --------- d-----w C:\Program Files\Keyfinder Advanced 2007 (Trial Version)
2008-09-28 00:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-27 23:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-19 11:26 82,944 ----a-w C:\WINDOWS\system32\o4Patch.exe
2008-09-19 11:26 82,944 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
2008-09-18 13:51 1,005 ----a-w C:\Program Files\INSTALL.LOG
2008-09-12 11:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-12 11:40 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-08 22:38 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-02 15:51 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-09-01 00:37 --------- d-----w C:\Program Files\Jasc Software Inc
2008-08-27 08:40 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Poser 7
2008-08-26 08:59 --------- d-----w C:\Program Files\Curious Labs
2008-08-26 08:10 --------- d-----w C:\Program Files\Curious Labs(2)
2008-08-21 14:47 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-08-21 14:30 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-08-21 13:51 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Jasc
2008-08-19 20:08 --------- d-----w C:\Program Files\FontTwister
2008-08-19 20:08 --------- d-----w C:\Program Files\Crystal Button 2008
2008-08-19 00:37 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Serif
2008-08-19 00:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-19 00:32 --------- d-----w C:\Program Files\Serif
2008-08-19 00:26 --------- d-----w C:\Documents and Settings\Administrator\Application Data\CrystalButton
2008-08-18 11:19 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-08-12 01:58 --------- d-----w C:\Program Files\WYSIWYG Web Builder 5
2008-08-12 01:57 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-08-10 13:25 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-08-07 17:27 --------- d-----w C:\Program Files\DivX
2008-08-01 20:18 104,416 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-08-01 18:29 164 ----a-w C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
2008-07-31 13:33 19,784 ----a-w C:\WINDOWS\system32\BgOutlookHook.dll
2008-07-31 13:33 14,152 ----a-w C:\WINDOWS\system32\lccl.dll
2008-07-29 20:58 --------- d-----w C:\Program Files\WMV9_VCM
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 21:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 21:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:26 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2004-04-09 15:13 114,688 ----a-w C:\Program Files\NETGEAR DG632 USB Driveruninstalldrv.exe
2001-04-02 15:31 550,602 ----a-w C:\Program Files\EyeCand3.8bf
2001-04-02 15:22 409,600 ----a-w C:\Program Files\EC3-ENG.8BF
2000-08-01 16:37 7,944 ----a-w C:\Program Files\Girlpill.gif
1997-03-17 11:33 812,297 ----a-w C:\Program Files\EyeCandy.pdf
2008-06-11 07:23 2,598 --sha-w C:\WINDOWS\system32\OUwaJRqr.ini2
2008-06-17 01:21 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008061720080618\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"BullGuard"="C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" [2008-09-18 304456]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [2007-05-08 331552]
"PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-03 163840]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2005-12-21 1187840]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-10 806912]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 57344]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2008-08-08 67112]
"TheRecordNavigatorDetector"="C:\Program Files\FTR\ForTheRecord\TheRecordNavigatorDetector.exe" [2007-07-13 56448]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
"Print Spooler"="C:\WINDOWS\system32\SPOOL.EXE" [2008-09-29 532992]
"BullGuard"="C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" [2008-09-18 304456]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"LocalSecurityAuthoritySubsystem"="C:\WINDOWS\LSAS.EXE" [2008-09-29 17408]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 393216]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedit.exe]
"Debugger"=0
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe]
"Debugger"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk
backup=C:\WINDOWS\pss\DVD Check.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS]
-ra------ 2003-12-22 18:12 17920 C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 01:12 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Print Spooler]
--a------ 2008-09-29 12:44 532992 C:\WINDOWS\system32\SPOOL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler]
--a------ 2006-10-09 19:23 697976 C:\WINDOWS\SMINST\Scheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-08-01 12:17 77824 C:\Program Files\Java\jre1.6.0\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 BdFileSpy;BullGuard File Monitor Driver;C:\WINDOWS\system32\drivers\BdFileSpy.sys [2008-03-13 52560]
R2 BsFileScan;BullGuard File Scan Service;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 BsFire;BullGuard Firewall Service;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 OcHealthMon;Windows Live OneCare Health Monitor;C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe [2008-08-08 28200]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe [2007-05-08 540448]
R3 afw;Agnitum firewall driver;C:\WINDOWS\system32\DRIVERS\afw.sys [2008-09-18 30864]
R3 AfwCore;Agnitum Firewall Core Driver;C:\WINDOWS\system32\Drivers\AfwCore.sys [2008-09-18 234640]
R3 EuMusDesignVirtualAudioCableWdm_s2x;Sound2x Audio Cable (WDM);C:\WINDOWS\system32\DRIVERS\vacs2xkd.sys [2007-11-01 42880]
R3 Reconn;BullGuard Email Monitor;C:\Program Files\BullGuard Ltd\BullGuard\Reconn.sys [2008-07-29 16984]
S2 ASBroker;Logon Session Broker;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
S3 BGRaSvc;BGRaSvc;C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe [2008-07-29 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Cognizance REG_MULTI_SZ ASBroker ASChannel
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy BsFire
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {09258F12-48E7-B18E-C414-1F48C215685F} /qb
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
BHO-{15E83E49-5B2A-4657-8DA7-2241169258A8} - (no file)
HKCU-Run-Administrator - C:\Documents and Settings\Administrator\Administrator.exe
Notify-ddcArPFW - ddcArPFW.dll
Notify-__c00BC0AE - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lyrrk4mv.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://uk.yahoo.com/
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-09-29 21:23:03 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????T??????????????|?M?|?????M?|&?@
scanning hidden files ...
C:\WINDOWS\system32\SPOOL.EXE 532992 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pdfcDispatcher]
"ImagePath"="C:\Program Files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\system32\Crypserv.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.bin
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2008-09-29 21:30:39 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-09-29 20:30:31
Pre-Run: 39,796,961,280 bytes free
Post-Run: 39,677,562,880 bytes free
350 --- E O F --- 2008-09-10 18:44:31
| 
|