Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

blackbird & worm.win32.netbooster


  • Please log in to reply

#1
wtfine

wtfine

    New Member

  • Member
  • Pip
  • 9 posts
I have icons on my desktop - blackbird, fkwp2.0, fpwp1.5, fwebdr. I keep getting pop-ups that I have a virus - worm.win32.blackbird and another pop-ups saying I have a virus, system alert messages with exclamation point. The system hangs up at times and is very slow. Below is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:13:20 PM, on 5/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\1187496584\ee\AOLSoftware.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Adapter\WMP54Gv4.exe
C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe
C:\Program Files\WUSB54G Wireless-G Adapter\WUSB54G.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\AOL\1187496584\ee\anotify.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AOL9~1.1\waol.exe
C:\PROGRA~1\AOL9~1.1\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1187496584\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [rfbffwfi] C:\WINDOWS\system32\qpwlutyd.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AOL9~1.1\AOL.EXE" -b
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1145562740421
O21 - SSODL: qadovnel - {7ADDFB5E-3965-4250-93B8-CB83DECB70A7} - C:\WINDOWS\qadovnel.dll
O21 - SSODL: bdkpfxqw - {F23C76A3-C4F7-4AD6-92D9-6A3635095B67} - C:\WINDOWS\bdkpfxqw.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: F-Secure Anti-Virus 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Safety Settings Service - America Online, Inc. - C:\WINDOWS\system32\tdiins.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe
O23 - Service: WUSB54GSVC - GEMTEKS - C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 7263 bytes

I do not know what to do next.
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello wtfine

Welcome to G2Go. :)
=====================
(Note::If you are alerted to any malware as we are doing this please ignore it many Antivirus programs will detect tools we use as malware)

Please download SmitfraudFix (by S!Ri) to your Desktop.
Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 will remove your Desktop background.
==============================================================
Then:
Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
wtfine

wtfine

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thank you for your quick reply! Below is the rapport.txt:

SmitFraudFix v2.319

Scan done at 20:03:21.34, Sat 05/03/2008
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

127.0.0.1 sds-qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 www.qoolaid.com
127.0.0.1 www.qoologic.com
127.0.0.1 www.CLKPrecision.com
127.0.0.1 www.urllogic.com
127.0.0.1 www.clkoptimizer.com
127.0.0.1 www.isearch.com
127.0.0.1 isearch.com
127.0.0.1 www.idownload.com
127.0.0.1 idownload.com
127.0.0.1 www.mytotalsearch.com
127.0.0.1 mytotalsearch.com
127.0.0.1 www.lop.com
127.0.0.1 lop.com
127.0.0.1 www.websearch.com
127.0.0.1 websearch.com
127.0.0.1 www.page-not-found.net
127.0.0.1 page-not-found.net
127.0.0.1 www.isearchhere.com
127.0.0.1 isearchhere.com
127.0.0.1 as.adwave.com
127.0.0.1 sr.adwave.com
127.0.0.1 www.adwave.com
127.0.0.1 adwave.com EVENT:HOST:127.0.0.1
127.0.0.1 www.pacimedia.com
127.0.0.1 www.exactsearch.net
127.0.0.1 www.contextplus.net
127.0.0.1 www.contextplus.net
127.0.0.1 www.contextplus.net

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
C:\WINDOWS\qadovnel.dll deleted.
C:\WINDOWS\bdkpfxqw.dll deleted.


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\drsmartloadb1.dat Deleted
C:\WINDOWS\privacy_danger\ Deleted
C:\WINDOWS\spwoqbmv.exe Deleted
C:\WINDOWS\timessquare1.dat Deleted
C:\WINDOWS\xbaqktfv.exe Deleted
C:\DOCUME~1\ADMINI~1\Desktop\Error Cleaner.url Deleted
C:\DOCUME~1\ADMINI~1\Desktop\Privacy Protector.url Deleted
C:\DOCUME~1\ADMINI~1\Desktop\Spyware?Malware Protection.url Deleted
C:\DOCUME~1\ADMINI~1\FAVORI~1\Error Cleaner.url Deleted
C:\DOCUME~1\ADMINI~1\FAVORI~1\Privacy Protector.url Deleted
C:\DOCUME~1\ADMINI~1\FAVORI~1\Spyware?Malware Protection.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A4AC3E72-A3F3-4C40-AD3C-19FA13CCB9DA}: DhcpNameServer=68.87.64.146 68.87.75.194
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A4AC3E72-A3F3-4C40-AD3C-19FA13CCB9DA}: DhcpNameServer=68.87.64.146 68.87.75.194
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A4AC3E72-A3F3-4C40-AD3C-19FA13CCB9DA}: DhcpNameServer=68.87.64.146 68.87.75.194
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.64.146 68.87.75.194
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.64.146 68.87.75.194
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.64.146 68.87.75.194


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Next is Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:52:34 PM, on 5/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\AOL\1187496584\ee\AOLSoftware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\system32\qpwlutyd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Adapter\WMP54Gv4.exe
C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe
C:\Program Files\WUSB54G Wireless-G Adapter\WUSB54G.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1187496584\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [rfbffwfi] C:\WINDOWS\system32\qpwlutyd.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AOL9~1.1\AOL.EXE" -b
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: F-Secure Anti-Virus 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1145562740421
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: F-Secure Anti-Virus 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Safety Settings Service - America Online, Inc. - C:\WINDOWS\system32\tdiins.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe
O23 - Service: WUSB54GSVC - GEMTEKS - C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe

--
End of file - 7582 bytes


Lastly, here is the cpmbofix log:

ComboFix 08-05-01.3 - Administrator 2008-05-03 20:32:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.228 [GMT -4:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Desktop\blackbird.jpg
C:\Documents and Settings\Administrator\Desktop\EditorFKWP1.5.exe
C:\Documents and Settings\Administrator\Desktop\EditorFKWP2.0.exe
C:\Documents and Settings\Administrator\Desktop\filemanagerclient.exe
C:\Documents and Settings\Administrator\Desktop\fkwp1.5.exe
C:\Documents and Settings\Administrator\Desktop\fkwp2.0.exe
C:\Documents and Settings\Administrator\Desktop\fwebd.exe
C:\Documents and Settings\Administrator\Desktop\FWebdEditor.exe
C:\Documents and Settings\Administrator\Desktop\Trojan.Win32.BlackBird.exe
C:\Program Files\Common Files\uninstall information
C:\Redemption.ECF
C:\WINDOWS\enewsletterpro.exe
C:\WINDOWS\enewsletterpro1.dat
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\ybeeg.bak2
C:\WINDOWS\system32\ybeeg.ini
C:\WINDOWS\wxdbpfvo.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4


((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 )))))))))))))))))))))))))))))))
.

2008-05-03 20:03 . 2008-05-03 20:03 2,434 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-03 20:02 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-03 20:02 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-03 20:02 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-03 20:02 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-03 20:02 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-03 20:02 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-03 20:02 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-03 20:02 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-02 09:21 . 2008-05-02 09:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-28 18:39 . 2008-04-29 09:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\TmpRecentIcons
2008-04-28 17:22 . 2008-04-28 17:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\gtedifql
2008-04-28 17:22 . 2008-04-28 17:22 102,400 --a------ C:\WINDOWS\system32\qpwlutyd.exe
2008-04-26 16:24 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-04-26 16:24 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-26 16:24 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-26 16:24 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 03:31 --------- d-----w C:\Program Files\Common Files\aolshare
2008-04-29 03:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-04-29 03:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-29 01:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-28 21:22 4,096 ----a-w C:\WINDOWS\system32\WINWGPX.EXE
2008-04-04 17:43 --------- d-----w C:\Program Files\Java
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-11 22:14 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ZangoToolbar
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:32 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2007-03-23 17:45 722,176 ----a-w C:\Documents and Settings\Administrator\gotomypc_428.exe
2007-01-07 00:59 56,968 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"AIM"="C:\Program Files\AIM95\aim.exe" [2004-03-12 16:22 61440]
"rfbffwfi"="C:\WINDOWS\system32\qpwlutyd.exe" [2008-04-28 17:22 102400]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"AOL Fast Start"="C:\PROGRA~1\AOL9~1.1\AOL.exe" [2007-10-27 13:44 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2002-10-16 02:18 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-10-16 02:05 114688]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2006-06-29 12:18 77824]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 07:46 622592]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 12:18 77824]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 21:21 28672]
"HostManager"="C:\Program Files\Common Files\AOL\1187496584\ee\AOLSoftware.exe" [2007-05-25 13:16 42032]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 00:56 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
F-Secure Anti-Virus 2006.lnk - C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe [2006-04-20 12:43:28 36903]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 04:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.rhetorex"= rhetorex.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\acsd.exe"=
"C:\\Program Files\\AIM95\\aim.exe"=
"C:\\Program Files\\F-Secure Internet Security\\backweb\\4476822\\Program\\fspex.exe"=
"C:\\Program Files\\Freeview Pro\\FreeviewPro.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\DropChute\\dcl.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1187496584\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\AOL 9.1\\waol.exe"=

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-06-05 19:07]
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-08-29 10:12]
R2 BackWeb Plug-in - 4476822;F-Secure Anti-Virus 2006;C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE [2006-04-20 12:43]
R2 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2002-09-13 08:35]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 11:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSgk.sys [2005-02-21 13:49]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2004-06-01 05:03]
R2 WUSB54GSVC;WUSB54GSVC;"C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe" "WUSB54G.exe" []
S3 NAL;Nal Service ;C:\WINDOWS\System32\Drivers\iqvw32.sys [2002-10-16 03:11]
S3 RIOXDRV;SONICblue Rio generic driver XP+;C:\WINDOWS\system32\Drivers\RIOXDRV.sys [2003-02-06 15:46]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-27 15:24:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-25 04:03:29 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\F-SECU~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\F-SECU~1\ANTI-V~1\report.txt
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-03 20:39:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ATWPKT2]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\ATWPKT2.SYS"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AOL9~1.1\waol.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Adapter\WMP54Gv4.exe
C:\Program Files\WUSB54G Wireless-G Adapter\WUSB54G.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AOL9~1.1\shellmon.exe
.
**************************************************************************
.
Completion time: 2008-05-03 20:48:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-04 00:48:33

Pre-Run: 21,220,130,816 bytes free
Post-Run: 21,909,278,720 bytes free

177 --- E O F --- 2008-04-10 03:26:15


The icons are gopne on my desktop and I do not seem to have the popups appearing!! Thank YOu!!! Does everthing else look OK?!
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
A bit left to go. :)

We now suggest that you install the Windows Recovery Console. The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System.


Posted Image


Download the file & save it as it's originally named, next to ComboFix.exe.



Posted Image


Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When prompted to scan for infected files chose no, when done a log named CF_RC.txt will open. Please post the contents of that log.


Please do not reboot your machine until we have reviewed the log.
  • 0

#5
wtfine

wtfine

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Here is the log. I had to rename it to CF_RC.txt Was that right?

ComboFix 08-05-01.3 - Administrator 2008-05-04 10:39:15.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.251 [GMT -4:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 )))))))))))))))))))))))))))))))
.

2008-05-03 20:03 . 2008-05-03 20:03 2,434 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-03 20:02 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-03 20:02 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-03 20:02 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-03 20:02 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-03 20:02 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-03 20:02 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-03 20:02 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-03 20:02 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-02 09:21 . 2008-05-02 09:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-28 18:39 . 2008-04-29 09:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\TmpRecentIcons
2008-04-28 17:22 . 2008-04-28 17:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\gtedifql
2008-04-28 17:22 . 2008-04-28 17:22 102,400 --a------ C:\WINDOWS\system32\qpwlutyd.exe
2008-04-26 16:24 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-04-26 16:24 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-26 16:24 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-26 16:24 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 03:31 --------- d-----w C:\Program Files\Common Files\aolshare
2008-04-29 03:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-04-29 03:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-29 01:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-28 21:22 4,096 ----a-w C:\WINDOWS\system32\WINWGPX.EXE
2008-04-04 17:43 --------- d-----w C:\Program Files\Java
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-11 22:14 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ZangoToolbar
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:32 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2007-03-23 17:45 722,176 ----a-w C:\Documents and Settings\Administrator\gotomypc_428.exe
2007-01-07 00:59 56,968 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( [email protected]_20.48.13.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-04 00:38:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-04 14:25:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-04 00:16:57 59,984 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-04 00:44:51 59,984 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-04 00:16:57 397,890 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-04 00:44:51 397,890 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"AIM"="C:\Program Files\AIM95\aim.exe" [2004-03-12 16:22 61440]
"rfbffwfi"="C:\WINDOWS\system32\qpwlutyd.exe" [2008-04-28 17:22 102400]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"AOL Fast Start"="C:\PROGRA~1\AOL9~1.1\AOL.exe" [2007-10-27 13:44 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2002-10-16 02:18 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-10-16 02:05 114688]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2006-06-29 12:18 77824]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 07:46 622592]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 12:18 77824]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 21:21 28672]
"HostManager"="C:\Program Files\Common Files\AOL\1187496584\ee\AOLSoftware.exe" [2007-05-25 13:16 42032]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 00:56 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 04:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.rhetorex"= rhetorex.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\acsd.exe"=
"C:\\Program Files\\AIM95\\aim.exe"=
"C:\\Program Files\\F-Secure Internet Security\\backweb\\4476822\\Program\\fspex.exe"=
"C:\\Program Files\\Freeview Pro\\FreeviewPro.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\DropChute\\dcl.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1187496584\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\AOL 9.1\\waol.exe"=

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-06-05 19:07]
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-08-29 10:12]
R2 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2002-09-13 08:35]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 11:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSgk.sys [2005-02-21 13:49]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2004-06-01 05:03]
R2 WUSB54GSVC;WUSB54GSVC;"C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe" "WUSB54G.exe" []
S2 BackWeb Plug-in - 4476822;F-Secure Anti-Virus 2006;C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE [2006-04-20 12:43]
S3 NAL;Nal Service ;C:\WINDOWS\System32\Drivers\iqvw32.sys [2002-10-16 03:11]
S3 RIOXDRV;SONICblue Rio generic driver XP+;C:\WINDOWS\system32\Drivers\RIOXDRV.sys [2003-02-06 15:46]
S4 fsbl;F-Secure BlackLight Engine Driver;C:\Program Files\F-Secure Internet Security\Anti-Virus\fsbl3062.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-04-27 15:24:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-25 04:03:29 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\F-SECU~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\F-SECU~1\ANTI-V~1\report.txt
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-04 10:42:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-04 10:44:25
ComboFix-quarantined-files.txt 2008-05-04 14:43:58
ComboFix2.txt 2008-05-04 00:48:44

Pre-Run: 22,396,497,920 bytes free
Post-Run: 22,373,859,328 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

137 --- E O F --- 2008-04-10 03:26:15
  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
No it usually pops up as that log name.
Either way it is installed.
================
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\qpwlutyd.exe
C:\WINDOWS\system32\WINWGPX.EXE
C:\Documents and Settings\Administrator\gotomypc_428.exe
Folder::
C:\Documents and Settings\All Users\Application Data\gtedifql
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"rfbffwfi"=-


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#7
wtfine

wtfine

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Here is the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:35 PM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\AOL\1187496584\ee\AOLSoftware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\system32\qpwlutyd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe
C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Adapter\WMP54Gv4.exe
C:\Program Files\WUSB54G Wireless-G Adapter\WUSB54G.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\PROGRA~1\AOL9~1.1\waol.exe
C:\PROGRA~1\AOL9~1.1\shellmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1187496584\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AOL9~1.1\AOL.EXE" -b
O4 - HKCU\..\Run: [rfbffwfi] C:\WINDOWS\system32\qpwlutyd.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1145562740421
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: F-Secure Anti-Virus 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Safety Settings Service - America Online, Inc. - C:\WINDOWS\system32\tdiins.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe
O23 - Service: WUSB54GSVC - GEMTEKS - C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe

--
End of file - 7383 bytes


Combofix log:

ComboFix 08-05-01.3 - Administrator 2008-05-04 12:12:54.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.185 [GMT -4:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Application Data\ZangoToolbar
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\eskin\empty_bg_st.htm
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\eskin\FileManager.txt
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1000279.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1014165.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1015165.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1022703.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1031292.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\103639.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1042049.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1042547.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1043399.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1055622.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1055669.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1055993.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1056004.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1056052.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1056521.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1057079.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1057101.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1057313.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1058131.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1058183.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1058283.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1058634.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1059014.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1061682.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1062909.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1063425.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1065005.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1066790.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1067113.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1070542.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1070595.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1102037.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1106029.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1110709.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1111000.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1120955.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\113715.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1139319.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1156197.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1176844.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1181594.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1187036.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\118843.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1195378.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1206578.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1206583.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1221362.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1231895.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1255412.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1262262.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1271868.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1383468.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1383752.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1383771.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1384357.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1385043.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1385373.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1385382.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1385437.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1385452.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1385455.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1385626.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1386116.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1386475.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1386522.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1387181.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1387898.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1391571.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1393062.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1393669.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1395435.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1399280.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1399715.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1399774.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1400158.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1400602.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1402299.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1402555.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1403591.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1404857.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1405538.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1405661.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1407681.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1410604.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1425543.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\151198.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1540706.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\158649.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\166294.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\180182.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1840276.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1930871.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\216615.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2208948.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\221480.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\221540.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2219279.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2282086.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2315897.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2343786.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2363825.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2434546.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2442450.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\247956.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2483593.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\250175.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\253629.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2607208.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\261828.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2645725.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2669708.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\27195.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2736400.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\274694.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\278723.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\280585.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2820603.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2823375.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2855777.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2881352.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2884290.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2884305.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2884308.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2884426.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2884484.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2885061.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2885069.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2894190.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\292213.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\306782.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\310462.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3251993.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3262999.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3270185.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3270243.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3290587.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\331578.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3316271.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3321008.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3329115.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3339025.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3340762.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3366100.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3402382.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3404705.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3425829.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3425831.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3428171.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3429068.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\346907.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\34760.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\348282.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\351210.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\352601.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\368333.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3692970.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3695213.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3753072.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3781259.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3812108.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3852189.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3852215.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3852296.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3852348.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3852370.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3852400.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3853061.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3855980.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3858118.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3858577.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3859864.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3861439.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3863955.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\386444.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3865451.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3866044.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3866451.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\387979.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3893180.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3893203.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3893227.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3894100.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\394626.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\411399.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\428527.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\438897.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\456868.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\46864.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\470333.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\47168.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\475389.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\501475.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\531138.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\535922.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\537156.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\541708.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\54535.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\560589.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\586139.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\59264.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\600583.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\602323.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\608910.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\616606.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\616625.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\617202.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\617806.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\620184.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\625696.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\626504.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\632511.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\632810.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\633574.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\634725.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\657151.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\676929.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\677706.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\682798.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\690129.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\698191.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\700767.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\717651.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\724427.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\726098.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\737654.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\740855.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\766692.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\76724.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\770302.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\775501.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\777882.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\792128.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\798029.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\802682.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\805478.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\806451.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\81408.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\819382.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\821735.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\834689.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\835135.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\838280.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\842421.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\868678.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\880604.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\896324.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\922751.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\924955.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\929314.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\935926.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\937822.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\938163.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\943429.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\948597.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\951083.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\952211.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\962412.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\989413.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\991772.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\993823.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\domains.txt
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000012280
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000029251
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000029475
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000029502
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000029935
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000031843
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000037403
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000044868
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000047523
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000047623
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000047626
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000047858
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000048356
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000052173
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000067411
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000067972
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000068046
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000068378
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000068409
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\10052
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\104622
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1050
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1058
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\10587
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1062
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\10685
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\10756
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\10793
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\10807
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\10858
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\10915
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\11082
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1120
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\11208
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\11213
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\11297
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1130
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\113269
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\11345
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\11390
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\115183
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\115464
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\115541
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\11595
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\11605
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\116250
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\11631
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\11637
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\11653
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\11692
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\116977
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\117759
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\117970
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\118207
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\11833
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\11891
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\118964
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\120800
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1235
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\12459
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\12486
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\12581
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\12583
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\126694
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\12772
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\12776
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\127887
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\130726
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\13129
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\13227
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\13262
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1337
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\13524
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\13546
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\13562
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\13578
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\13596
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\13608
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\13611
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\13634
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\13637
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1369
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1382
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\13863
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\13925
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\13939
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1395
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\14039
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1411
C:\Documents

Edited by wtfine, 04 May 2008 - 10:35 AM.

  • 0

#8
wtfine

wtfine

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I think my previous post of the combofix log was not complete. Here it is:

ComboFix 08-05-01.3 - Administrator 2008-05-04 12:12:54.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.185 [GMT -4:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Application Data\ZangoToolbar
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\eskin\empty_bg_st.htm
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\eskin\FileManager.txt
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1000279.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1014165.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1015165.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1022703.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1031292.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\103639.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1042049.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1042547.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1043399.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1055622.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1055669.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1055993.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1056004.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1056052.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1056521.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1057079.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1057101.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1057313.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1058131.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1058183.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1058283.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1058634.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1059014.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1061682.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1062909.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1063425.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1065005.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1066790.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1067113.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1070542.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1070595.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1102037.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1106029.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1110709.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1111000.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1120955.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\113715.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1139319.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1156197.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1176844.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1181594.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1187036.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\118843.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1195378.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1206578.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1206583.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1221362.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1231895.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1255412.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1262262.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1271868.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1383468.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1383752.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1383771.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1384357.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1385043.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1385373.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1385382.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1385437.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1385452.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1385455.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1385626.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1386116.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1386475.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1386522.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1387181.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1387898.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1391571.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1393062.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1393669.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1395435.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1399280.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1399715.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1399774.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1400158.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1400602.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1402299.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1402555.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1403591.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1404857.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1405538.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1405661.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1407681.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1410604.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1425543.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\151198.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1540706.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\158649.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\166294.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\180182.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1840276.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1930871.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\216615.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2208948.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\221480.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\221540.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2219279.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2282086.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2315897.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2343786.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2363825.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2434546.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2442450.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\247956.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2483593.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\250175.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\253629.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2607208.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\261828.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2645725.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2669708.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\27195.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2736400.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\274694.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\278723.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\280585.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2820603.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2823375.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2855777.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2881352.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2884290.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2884305.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2884308.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2884426.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2884484.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2885061.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2885069.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2894190.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\292213.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\306782.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\310462.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3251993.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3262999.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3270185.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3270243.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3290587.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\331578.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3316271.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3321008.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3329115.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3339025.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3340762.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3366100.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3402382.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3404705.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3425829.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3425831.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3428171.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3429068.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\346907.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\34760.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\348282.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\351210.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\352601.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\368333.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3692970.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3695213.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3753072.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3781259.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3812108.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3852189.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3852215.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3852296.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3852348.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3852370.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3852400.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3853061.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3855980.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3858118.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3858577.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3859864.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3861439.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3863955.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\386444.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3865451.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3866044.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3866451.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\387979.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3893180.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3893203.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3893227.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\3894100.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\394626.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\411399.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\428527.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\438897.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\456868.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\46864.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\470333.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\47168.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\475389.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\501475.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\531138.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\535922.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\537156.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\541708.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\54535.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\560589.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\586139.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\59264.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\600583.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\602323.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\608910.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\616606.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\616625.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\617202.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\617806.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\620184.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\625696.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\626504.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\632511.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\632810.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\633574.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\634725.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\657151.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\676929.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\677706.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\682798.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\690129.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\698191.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\700767.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\717651.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\724427.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\726098.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\737654.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\740855.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\766692.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\76724.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\770302.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\775501.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\777882.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\792128.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\798029.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\802682.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\805478.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\806451.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\81408.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\819382.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\821735.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\834689.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\835135.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\838280.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\842421.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\868678.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\880604.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\896324.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\922751.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\924955.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\929314.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\935926.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\937822.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\938163.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\943429.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\948597.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\951083.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\952211.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\962412.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\989413.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\991772.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\993823.sdf
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\domains.txt
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000012280
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000029251
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000029475
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000029502
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000029935
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000031843
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000037403
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000044868
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000047523
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000047623
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000047626
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000047858
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000048356
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000052173
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000067411
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000067972
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000068046
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000068378
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1000068409
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\10052
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\104622
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1050
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1058
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\10587
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1062
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\10685
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\10756
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\10793
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\10807
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\10858
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\10915
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\11082
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1120
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\11208
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\11213
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\11297
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1130
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\113269
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\11345
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\11390
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\115183
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\115464
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\115541
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\11595
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\11605
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\116250
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\11631
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\11637
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\11653
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\11692
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\116977
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\117759
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\117970
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\118207
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\11833
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\11891
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\118964
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\120800
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1235
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\12459
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\12486
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\12581
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\12583
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\126694
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\12772
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\12776
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\127887
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\130726
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\13129
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\13227
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\13262
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1337
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\13524
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\13546
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\13562
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\13578
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\13596
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\13608
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\13611
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\13634
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\13637
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1369
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1382
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\13863
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\13925
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\13939
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1395
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\14039
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1411
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\14142
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\14171
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\14184
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\14271
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\14272
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\143830
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\144181
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\14435
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\14437
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\14440
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\144676
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\14500
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\14570
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\14575
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1458
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\14593
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\14633
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\14716
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\14747
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\148687
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1489
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1491
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\150213
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\15024
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\15026
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\15039
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\15040
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\15046
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1509
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\15090
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\15135
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\15162
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\15165
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\15166
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\15171
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\153363
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1543
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\15432
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\15473
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\15532
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\15541
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\155411
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1557
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1558
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\15622
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\15643
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\156814
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\15831
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\158839
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\15907
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\159294
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\159328
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\15955
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\16072
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\16087
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\16173
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\161965
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\16197
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\16204
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\16210
C:\Documents and Settings\Administrator\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\16211
C:\Documents and Settings\Ad
  • 0

#9
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#10
wtfine

wtfine

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I ran dss and it encountered an error and would not continue. I recevied the msg asking if I wanted to send the error report to Windows. I am still gettiing a red box security system warning c:\windows\wml.exe - threat:Abebot. Thanks for all your help.
  • 0

Advertisements


#11
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
  • 0

#12
wtfine

wtfine

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
MBAM log:

Malwarebytes' Anti-Malware 1.12
Database version: 729

Scan type: Quick Scan
Objects scanned: 39934
Time elapsed: 9 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 18
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 40

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{4e493e24-27f2-4749-8f73-5e775a238ee3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f4626dc1-0af5-433a-a016-9b9c35d5d405} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{40ca3d09-9abb-4038-967e-7b2933168902} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480b1a9b-6ac6-43d9-a6ef-4a9410f74426} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{2d61e3da-5106-489b-8282-a28f1197cdd6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wxdbpfvo.btbv (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1b2b64b-e123-4a7a-98d7-c51065df3249} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{85e06077-c824-43d0-a8dc-5efb17bc348a} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0ac49246-419b-4ee0-8917-8818daad6a4e} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{0ebacaf2-e0f9-47a9-98cf-0ecce30b654c} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99410cde-6f16-42ce-9d49-3807f78f0287} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f31a5d11-bf0b-4a4e-90af-274f2090aaa6} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\pcsd.dll (Rogue.PCAntispyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\pcsd.dll (Rogue.PCAntispyware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VirusIsolator (Rogue.VirusIsolator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchsearchassistant.auxiliary (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchsearchassistant.auxiliary.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ZangoToolbar 4.8.3 (Adware.Zango) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Administrator\Local Settings\Tempmjiwep0.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusIsolator.lnk (Rogue.VirusIsolator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
  • 0

#13
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
=======================================
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as button:
  • Save the file in txt format to your desktop.
  • Post that information in your next post.

  • 0

#14
wtfine

wtfine

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OK -here it is:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, May 07, 2008 8:27:32 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/05/2008
Kaspersky Anti-Virus database records: 745180
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 66387
Number of viruses found: 16
Number of infected objects: 28
Number of suspicious objects: 0
Duration of the scan process: 01:30:39

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\Aim\mikeponts21lax\cert8.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Aim\mikeponts21lax\key3.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\AOL\C_AOL 9.1\IDB\Apps.Lst Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\AOL\C_AOL 9.1\IDB\art.idx Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\AOL\C_AOL 9.1\IDB\sap.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\AOL\C_AOL 9.1\IDB\spool.lst Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\AOL\C_AOL 9.1\IDB\sysnews.lst Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe RAR: infected - 1 skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.1\aolusers.fus Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.1\idb\Pontori\mydb.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.1\idb\Pontori\style.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.1\idb\Pontori\toolbar.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.1\idb\SNMaster.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.1\organize\CACHE\ponto01 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.1\organize\pontori Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.1\organize\pontori.abi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.1\organize\pontori.aby Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\aolstderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\aolstdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\ncoc Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\server.lock Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\The Fairly OddParents - Timmy`s Roach Rampage\bfgt_silent_en.exe/data0000.cab/nickarcade.dll Infected: not-a-virus:AdWare.Win32.BHO.w skipped
C:\Program Files\The Fairly OddParents - Timmy`s Roach Rampage\bfgt_silent_en.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.BHO.w skipped
C:\Program Files\The Fairly OddParents - Timmy`s Roach Rampage\bfgt_silent_en.exe Rsrc-Package: infected - 2 skipped
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\gtedifql\mvmjsjal.exe.vir Infected: Trojan.Win32.Obfuscated.gx skipped
C:\QooBox\Quarantine\C\WINDOWS\wxdbpfvo.dll.vir Infected: Trojan.Win32.Vapsup.enl skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{AB1BF42B-37AE-49DD-A932-145211B4C027}\RP980\A0174093.dll Infected: not-a-virus:AdWare.Win32.HotBar.ca skipped
C:\System Volume Information\_restore{AB1BF42B-37AE-49DD-A932-145211B4C027}\RP980\A0174094.exe/data0012 Infected: not-a-virus:AdWare.Win32.180Solutions.ba skipped
C:\System Volume Information\_restore{AB1BF42B-37AE-49DD-A932-145211B4C027}\RP980\A0174094.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{AB1BF42B-37AE-49DD-A932-145211B4C027}\RP980\A0174104.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.if skipped
C:\System Volume Information\_restore{AB1BF42B-37AE-49DD-A932-145211B4C027}\RP980\A0174118.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{AB1BF42B-37AE-49DD-A932-145211B4C027}\RP981\A0174461.dll Infected: Trojan.Win32.Vapsup.enn skipped
C:\System Volume Information\_restore{AB1BF42B-37AE-49DD-A932-145211B4C027}\RP981\A0174837.dll Infected: Trojan.Win32.Vapsup.enp skipped
C:\System Volume Information\_restore{AB1BF42B-37AE-49DD-A932-145211B4C027}\RP981\A0174838.dll Infected: Trojan.Win32.Vapsup.enq skipped
C:\System Volume Information\_restore{AB1BF42B-37AE-49DD-A932-145211B4C027}\RP981\A0174839.exe Infected: Trojan.Win32.Vapsup.enf skipped
C:\System Volume Information\_restore{AB1BF42B-37AE-49DD-A932-145211B4C027}\RP981\A0174840.exe Infected: Trojan.Win32.Vapsup.enm skipped
C:\System Volume Information\_restore{AB1BF42B-37AE-49DD-A932-145211B4C027}\RP982\A0174895.dll Infected: Trojan.Win32.Vapsup.enl skipped
C:\System Volume Information\_restore{AB1BF42B-37AE-49DD-A932-145211B4C027}\RP982\A0174938.exe Infected: not-a-virus:FraudTool.Win32.VirusIsolator.e skipped
C:\System Volume Information\_restore{AB1BF42B-37AE-49DD-A932-145211B4C027}\RP982\A0174972.dll Infected: not-a-virus:AdWare.Win32.HotBar.ca skipped
C:\System Volume Information\_restore{AB1BF42B-37AE-49DD-A932-145211B4C027}\RP982\A0174980.dll Infected: Trojan.Win32.Vapsup.enn skipped
C:\System Volume Information\_restore{AB1BF42B-37AE-49DD-A932-145211B4C027}\RP982\A0174983.dll Infected: Trojan.Win32.Vapsup.enn skipped
C:\System Volume Information\_restore{AB1BF42B-37AE-49DD-A932-145211B4C027}\RP982\A0174986.dll Infected: not-a-virus:AdWare.Win32.HotBar.bz skipped
C:\System Volume Information\_restore{AB1BF42B-37AE-49DD-A932-145211B4C027}\RP982\A0174987.dll Infected: not-a-virus:AdWare.Win32.HotBar.ca skipped
C:\System Volume Information\_restore{AB1BF42B-37AE-49DD-A932-145211B4C027}\RP984\A0175178.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{AB1BF42B-37AE-49DD-A932-145211B4C027}\RP985\A0175253.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{AB1BF42B-37AE-49DD-A932-145211B4C027}\RP987\change.log Object is locked skipped
C:\temp\EzRLib.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{21B81057-325B-4889-89E4-2D2CA9F6A729}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\spool\PRINTERS\00002.SPL Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
  • 0

#15
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please delete the Smitfraudfix folder from off of your desktop and the icon as well.
If you did not install a program called Freeview or some kind of winvnc type of program the delete this file as well >C:\temp\EzRLib.dll
Also find and delete this file >C:\Program Files\The Fairly OddParents - Timmy`s Roach Rampage\bfgt_silent_en.exe

After that empty your recycle bin and post back with a Final Hijackthis log and let me know how things are running?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP