3 replies to this topic

[Phillip@GCMComputers]

I had a computer come in the shop today where the customer had put about a dozen rogue programs on it.

Cleaned it with MBAM and a bench batch scanner, still acting up.

We are a registered reseller now, and I will definitely try to sell him MBAM, but I need to get him up and running again.
Just finished a combofix, attached is a the log and a HJT log.

Attached Files

•  combofix.txt   54.28K   11 downloads
•  hijackthis.txt   8.79K   10 downloads

[Phillip@GCMComputers]

Phillip@GCMComputers, on Apr 27 2009, 02:37 PM, said:

I had a computer come in the shop today where the customer had put about a dozen rogue programs on it.

Cleaned it with MBAM and a bench batch scanner, still acting up.

We are a registered reseller now, and I will definitely try to sell him MBAM, but I need to get him up and running again.
Just finished a combofix, attached is a the log and a HJT log.

ComboFix 09-04-25.A3 - Owner 04/27/2009 9:06.1 - NTFSx86
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\Zango
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\1.sdf
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\1055604.sdf
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\1064423.sdf
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\1407182.sdf
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\2763070.sdf
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\2883915.sdf
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\3696004.sdf
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\3852296.sdf
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\387979.sdf
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\3893180.sdf
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\3893642.sdf
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\3894068.sdf
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\625696.sdf
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\890068.sdf
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\923086.sdf
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\domains.txt
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000021559
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000024131
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000032081
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000041060
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000048356
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\11891
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\128338
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1491
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\15535
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\15541
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\16179
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\16210
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\18906
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\18991
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\194105
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20119
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\217149
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\218712
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\228229
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\241998
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26340
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26656
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26869
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\279564
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\29115
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\297534
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\306449
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32122
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32415
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\324616
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34120
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34134
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34267
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35006
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35017
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35804
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\39197
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\4157
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\423530
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\43120
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44228
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44789
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44878
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\50578
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\516057
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\52335
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\532492
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\53923
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\540999
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\54473
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\552212
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\572898
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\57904
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\579123
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\580792
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\585345
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\58804
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\59598
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\63232
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\63245
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\63254
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\63806
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64364
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\65770
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\66109
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6635
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\69263
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\69325
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\70449
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\71340
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\71999
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\7228
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\72807
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\733331
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744370
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744479
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744513
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745112
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745175
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\746529
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\746718
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\747254
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\747928
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\748052
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\748176
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\751230
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\751231
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\752626
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753366
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753378
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753437
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753438
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753446
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753580
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753593
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753610
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\78600
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79246
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79257
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79264
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79972
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\81010
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\81392
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\82292
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\83137
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\873
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\90453
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93110
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93845
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93899
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95678
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95740
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95803
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95825
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95828
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\97524
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\97734
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\98248
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\dynamic\ustat\37bd.dat
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\avatar.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\btntrans.idx
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\btntrans1.dat
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\buttondir.txt
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\components.cdf
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\cursors.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_1000.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_2000.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_3000.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bar.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bbar1.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_logos.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_other.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\d_icons_weather.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\default.cdf
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\Default_511745-514279.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-ca.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-us.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\Default_categorize.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\Default_comparison.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-Mails.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-people.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\Default_favorites.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\Default_Games.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\Default_Hide.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\Default_hotbarcom.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\Default_Hotmail.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\Default_hsskin.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\Default_jemster.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\Default_jemsterie.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\Default_jemsteruk.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\Default_jobsearch.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\Default_Mails.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\Default_MobileSidewalk.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\Default_new.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\Default_premium.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\Default_reun.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\Default_ringtones.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\Default_SearchBoxTrapper.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\Default_searchfor.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\Default_searchgo.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\Default_weather.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\Default_yellowpages.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\editblbuttons.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-548964.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-9595.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\email-t1-bg.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\icons2.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\ie_games_icon.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\ie_video.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\keywords.idx
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\keywords1.dat
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\layout.cdf
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\linkpathlegal.txt
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\progress.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\s_icons_buttons.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\sales_buttons.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\sdfmodifier.xml
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\t2_bg.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\theweb.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\top7.cdf
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\Top7_theweb.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\tsd_bg.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\zango_btn.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\1\zango_ie_menu.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\avatar.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\btntrans.idx
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\btntrans1.dat
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\buttondir.txt
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\components.cdf
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\cursors.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_1000.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_2000.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_3000.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_bar.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_bbar1.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_logos.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_other.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\d_icons_weather.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\default.cdf
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_511745-514279.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-ca.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-us.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_categorize.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_comparison.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-Mails.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-people.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_favorites.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_Games.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_Hide.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_hotbarcom.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_Hotmail.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_hsskin.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_jemster.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_jemsterie.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_jemsteruk.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_jobsearch.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_Mails.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_MobileSidewalk.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_new.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_premium.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_reun.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_ringtones.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_SearchBoxTrapper.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_searchfor.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_searchgo.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_weather.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Default_yellowpages.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\editblbuttons.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\email-def-511724-548964.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\email-def-511724-9595.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\email-t1-bg.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\icons2.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\ie_games_icon.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\ie_video.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\keywords.idx
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\keywords1.dat
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\layout.cdf
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\linkpathlegal.txt
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\progress.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\s_icons_buttons.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\sales_buttons.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\sdfmodifier.xml
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\t2_bg.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\theweb.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\top7.cdf
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\Top7_theweb.mnu
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\tsd_bg.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\zango_btn.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\2\zango_ie_menu.res
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\avatar.xip
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans.xip
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans1.xip
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\buttondir.xip
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.xip
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_1000.xip
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_2000.xip
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_3000.xip
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.xip
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bbar1.xip
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.xip
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.xip
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.xip
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\default.xip
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\editblbuttons.xip
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\icons2.xip
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.xip
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.xip
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.xip
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords1.xip
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.xip
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\linkpathlegal.xip
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\progress.xip
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.xip
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_buttons.xip
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.txt
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.xip
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\sdfmodifier.xip
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\top7.xip
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_btn.xip
c:\documents and settings\Owner\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_ie_menu.xip
c:\windows\system32\_005277_.tmp.dll
c:\windows\system32\_005278_.tmp.dll
c:\windows\system32\_005279_.tmp.dll
c:\windows\system32\_005280_.tmp.dll
c:\windows\system32\_005287_.tmp.dll
c:\windows\system32\_005288_.tmp.dll
c:\windows\system32\_005289_.tmp.dll
c:\windows\system32\_005290_.tmp.dll
c:\windows\system32\_005292_.tmp.dll
c:\windows\system32\_005293_.tmp.dll
c:\windows\system32\_005296_.tmp.dll
c:\windows\system32\_005297_.tmp.dll
c:\windows\system32\_005299_.tmp.dll
c:\windows\system32\_005300_.tmp.dll
c:\windows\system32\_005303_.tmp.dll
c:\windows\system32\_005306_.tmp.dll
c:\windows\system32\_005307_.tmp.dll
c:\windows\system32\_005311_.tmp.dll
c:\windows\system32\_005312_.tmp.dll
c:\windows\system32\_005314_.tmp.dll
c:\windows\system32\_005317_.tmp.dll
c:\windows\system32\_005319_.tmp.dll
c:\windows\system32\_005320_.tmp.dll
c:\windows\system32\_005321_.tmp.dll
c:\windows\system32\_005322_.tmp.dll
c:\windows\system32\_005323_.tmp.dll
c:\windows\system32\_005326_.tmp.dll
c:\windows\system32\_005327_.tmp.dll
c:\windows\system32\_005328_.tmp.dll
c:\windows\system32\_005329_.tmp.dll
c:\windows\system32\_005330_.tmp.dll
c:\windows\system32\_005335_.tmp.dll
c:\windows\system32\_005337_.tmp.dll
c:\windows\system32\_005338_.tmp.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE


((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-4-27 )))))))))))))))))))))))))))))))
.

2009-04-24 22:05 . 2008-04-14 10:42 1306624 -c----w c:\windows\system32\dllcache\msxml6.dll
2009-04-24 22:05 . 2008-04-14 03:57 79872 -c----w c:\windows\system32\dllcache\msxml6r.dll
2009-04-24 22:04 . 2008-04-14 10:41 81920 ------w c:\windows\system32\ieencode.dll
2009-04-24 22:04 . 2008-04-14 10:40 177152 ----a-w c:\windows\system32\SET1168.tmp
2009-04-24 22:04 . 2008-04-14 10:42 80896 ----a-w c:\windows\system32\SET1149.tmp
2009-04-24 22:04 . 2008-04-14 10:42 354304 ----a-w c:\windows\system32\SET114C.tmp
2009-04-24 22:04 . 2008-04-14 10:42 6656 ----a-w c:\windows\system32\SET1144.tmp
2009-04-24 21:58 . 2008-04-14 10:41 95744 ----a-w c:\windows\system32\SET594.tmp
2009-04-24 21:58 . 2008-04-14 10:42 471552 ----a-w c:\windows\system32\SET58E.tmp
2009-04-24 21:55 . 2008-04-14 10:41 451584 ----a-w c:\windows\system32\SET34A.tmp
2009-04-24 21:54 . 2008-04-14 10:42 118784 ----a-w c:\windows\system32\SET254.tmp
2009-04-24 21:53 . 2008-04-14 10:42 18944 ----a-w c:\windows\system32\SET164.tmp
2009-04-24 21:50 . 2006-12-29 05:31 19569 ----a-w c:\windows\003646_.tmp
2009-04-24 20:41 . 2009-04-24 20:41 -------- d-----w c:\program files\Windows Installer Clean Up
2009-04-24 20:18 . 2008-04-14 10:41 86073 -c--a-w c:\windows\system32\dllcache\voicesub.dll
2009-04-24 20:17 . 2008-04-14 10:42 226816 -c--a-w c:\windows\system32\dllcache\npdrmv2.dll
2009-04-24 20:16 . 2008-04-14 10:39 13463552 -c--a-w c:\windows\system32\dllcache\hwxjpn.dll
2009-04-24 20:15 . 2001-08-18 03:36 5632 -c--a-w c:\windows\system32\dllcache\EXCH_adsiisex.dll
2009-04-24 20:12 . 2009-04-24 20:12 488 ---ha-r c:\windows\system32\logonui.exe.manifest
2009-04-24 20:11 . 2009-04-24 20:11 749 ---ha-r c:\windows\WindowsShell.Manifest
2009-04-24 20:11 . 2009-04-24 20:11 749 ---ha-r c:\windows\system32\wuaucpl.cpl.manifest
2009-04-24 20:11 . 2009-04-24 20:11 749 ---ha-r c:\windows\system32\sapi.cpl.manifest
2009-04-24 20:11 . 2009-04-24 20:11 749 ---ha-r c:\windows\system32\nwc.cpl.manifest
2009-04-24 20:11 . 2009-04-24 20:11 749 ---ha-r c:\windows\system32\ncpa.cpl.manifest
2009-04-24 20:11 . 2001-08-18 00:36 16384 -c--a-w c:\windows\system32\dllcache\isignup.exe
2009-04-24 19:14 . 2006-12-29 05:31 19569 ----a-w c:\windows\001605_.tmp
2009-04-24 18:53 . 2009-04-24 18:53 -------- d-sh--w c:\documents and settings\Administrator\IECompatCache
2009-04-24 18:51 . 2009-04-24 18:51 -------- d-sh--w c:\documents and settings\Administrator\PrivacIE
2009-04-24 18:50 . 2009-04-24 18:51 -------- d-----w c:\documents and settings\Administrator\Application Data\AVGTOOLBAR
2009-04-24 18:50 . 2009-04-24 18:50 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Google
2009-04-24 18:49 . 2009-04-24 18:49 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\HP
2009-04-24 18:49 . 2009-04-24 18:49 136 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2009-04-24 18:49 . 2009-04-24 18:49 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2009-04-24 18:49 . 2009-04-24 18:49 -------- d-sh--w c:\documents and settings\Administrator\IETldCache
2009-04-24 18:17 . 2009-04-24 18:17 -------- d--h--w c:\windows\system32\GroupPolicy
2009-04-24 17:48 . 2006-12-29 05:31 19569 ----a-w c:\windows\000002_.tmp
2009-04-24 17:37 . 2009-04-27 14:06 -------- d-----w c:\windows\system32\CatRoot2
2009-04-24 17:31 . 2009-04-24 17:31 -------- d-sh--w c:\documents and settings\Owner\IECompatCache
2009-04-24 17:30 . 2009-04-24 17:30 -------- d-sh--w c:\documents and settings\Owner\PrivacIE
2009-04-24 17:25 . 2009-04-24 17:25 -------- d-sh--w c:\documents and settings\Owner\IETldCache
2009-04-24 17:16 . 2009-04-24 21:25 -------- dc-h--w c:\windows\ie8
2009-04-24 17:00 . 2009-04-24 21:26 1374 ----a-w c:\windows\imsins.BAK
2009-04-24 16:32 . 2006-12-29 05:31 19569 ----a-w c:\windows\000001_.tmp
2009-04-24 16:25 . 2009-04-24 22:07 -------- d-----w c:\windows\system32\CatRoot_bak
2009-04-24 15:37 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-24 15:37 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-24 15:15 . 2009-04-24 15:15 12598 ----a-w c:\windows\system32\wpa.bak
2009-04-24 15:09 . 2009-04-24 15:09 -------- d-----w c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft
2009-04-24 15:09 . 2009-04-24 15:09 -------- d-sh--w c:\documents and settings\LocalService.NT AUTHORITY
2009-04-24 15:08 . 2009-04-24 20:25 -------- d-----w c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft
2009-04-24 15:08 . 2009-04-24 15:15 -------- d-sh--w c:\documents and settings\NetworkService.NT AUTHORITY
2009-04-24 14:23 . 2004-08-10 06:33 17916 -c--a-w c:\windows\system32\dllcache\sonic.cat
2009-04-24 13:49 . 2009-04-24 13:49 -------- d--h--w c:\windows\PIF
2009-04-24 13:39 . 2009-04-24 15:37 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-23 20:27 . 2009-04-23 20:27 -------- d-sh--w C:\found.000
2009-04-23 16:19 . 2009-03-27 00:14 2906216 ----a-w C:\mbam-setup.exe
2009-04-20 20:56 . 2009-04-24 16:15 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\PCHealth
2009-04-18 04:41 . 2009-04-18 04:41 -------- d-----w c:\program files\iPod
2009-04-18 04:41 . 2009-04-18 04:41 -------- d-----w c:\program files\iTunes
2009-04-18 01:39 . 2009-04-18 01:40 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-17 02:50 . 2008-05-03 11:55 2560 ----a-w c:\windows\system32\xpsp4res.dll
2009-04-13 23:37 . 2009-04-13 23:53 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-13 23:37 . 2009-04-13 23:37 -------- d-----w c:\program files\Virtual Villagers - The Secret City
2009-04-13 23:30 . 2009-04-13 23:30 -------- d-----w c:\program files\bfgclient
2009-04-13 23:29 . 2009-04-13 23:53 -------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-04-11 18:20 . 2009-04-11 18:20 -------- d-----w c:\documents and settings\Owner\Application Data\vlc
2009-04-11 17:58 . 2009-04-11 17:58 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Mozilla
2009-04-11 01:43 . 2009-04-11 01:43 -------- d-----w c:\program files\Safari
2009-04-08 08:00 . 2009-04-24 13:44 -------- d--h--w C:\$AVG8.VAULT$
2009-04-08 00:34 . 2009-04-08 00:34 70 ----a-w c:\windows\st_affiliate.ini
2009-04-08 00:31 . 2009-04-08 00:31 60 ----a-w c:\windows\av_affiliate.ini
2009-04-08 00:31 . 2009-04-08 00:31 60 ----a-w c:\windows\as_affiliate.ini
2009-04-08 00:29 . 2009-04-08 00:28 67424 ----a-w c:\windows\system32\drivers\CDAVFS.sys
2009-04-08 00:28 . 2009-04-24 15:32 -------- d-----w c:\program files\CyberDefender
2009-04-08 00:15 . 2009-04-08 00:15 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-08 00:15 . 2009-04-08 00:15 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-08 00:15 . 2009-04-08 00:15 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-08 00:15 . 2009-04-20 14:46 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-08 00:15 . 2009-04-08 23:43 -------- d-----w c:\documents and settings\Owner\Application Data\AVGTOOLBAR
2009-04-08 00:14 . 2009-04-09 17:48 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-08 00:14 . 2009-04-08 00:14 -------- d-----w c:\program files\AVG
2009-04-07 13:07 . 2009-04-07 13:07 -------- d-----w c:\windows\system32\XPSViewer
2009-04-07 13:07 . 2009-04-07 13:07 -------- d-----w c:\program files\MSBuild
2009-04-07 13:07 . 2009-04-07 13:07 -------- d-----w c:\program files\Reference Assemblies
2009-04-07 13:06 . 2008-07-06 12:06 575488 ----a-w c:\windows\system32\xpsshhdr.dll
2009-04-07 13:06 . 2008-07-06 12:06 1676288 ----a-w c:\windows\system32\xpssvcs.dll
2009-04-07 13:06 . 2008-07-06 12:06 117760 ----a-w c:\windows\system32\prntvpt.dll
2009-04-07 13:06 . 2009-04-07 13:07 -------- d-----w C:\319ac877abe878c76179
2009-04-07 13:06 . 2009-04-07 13:20 -------- d-----w c:\windows\SxsCaPendDel
2009-04-07 00:15 . 2009-04-24 19:14 53850 ----a-w c:\windows\setupapi.old
2009-04-06 03:00 . 2009-04-24 16:12 -------- d-sh--w c:\documents and settings\All Users\Application Data\aaaec9e

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-27 13:37 . 2009-04-24 20:12 86811 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-24 20:40 . 2007-10-21 20:55 -------- d-----w c:\program files\MSECache
2009-04-24 20:28 . 2005-10-31 21:05 84768 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-24 20:02 . 2005-04-13 17:14 34380 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-24 20:02 . 2009-04-24 20:02 1663 ----a-w c:\windows\Inf\COM1A3.tmp
2009-04-24 18:49 . 2009-01-25 23:02 84768 ----a-w c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-04-24 16:07 . 2007-12-11 02:14 -------- d-----w c:\program files\Freeze.com Toolbar
2009-04-24 16:03 . 2007-08-09 16:10 -------- d-----w c:\documents and settings\All Users\Application Data\F-Secure
2009-04-24 16:01 . 2005-08-06 03:05 -------- d-----w c:\program files\BigFix
2009-04-24 15:57 . 2009-04-08 00:28 24528 ----a-w C:\CybDefInstallInfo.log
2009-04-24 15:23 . 2009-04-24 15:11 11389 ----a-w C:\action.log
2009-04-24 15:21 . 2009-04-08 00:31 127 ----a-w C:\CDAVFSuser.log
2009-04-24 15:17 . 2009-04-24 15:17 1585152 ----a-w C:\alert.log
2009-04-24 14:53 . 2009-04-24 14:52 873 ----a-w c:\windows\Inf\COM1D7.tmp
2009-04-24 13:43 . 2009-04-08 00:31 18719 ----a-w C:\CDAVFSuserBackup.log
2009-04-20 19:26 . 2008-03-16 02:55 -------- d-----w c:\program files\vghd
2009-04-18 19:40 . 2005-11-26 14:47 16924 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-04-18 04:41 . 2008-11-16 01:36 -------- d-----w c:\program files\Common Files\Apple
2009-04-18 04:23 . 2009-03-21 03:59 -------- d-----w c:\program files\QuickTime
2009-04-13 17:31 . 2008-11-16 01:51 -------- d-----w c:\documents and settings\Owner\Application Data\Apple Computer
2009-04-10 20:38 . 2008-07-27 06:28 -------- d-----w c:\program files\Virtual Earth 3D
2009-04-06 18:39 . 2009-03-15 22:30 -------- d-----w c:\documents and settings\Owner\Application Data\PrivacyControl
2009-04-05 02:02 . 2009-01-02 02:34 -------- d-----w c:\documents and settings\Owner\Application Data\Move Networks
2009-03-22 01:50 . 2009-03-22 01:50 -------- d-----w c:\program files\Common Files\NSV
2009-03-21 04:00 . 2009-03-21 04:00 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-19 21:32 . 2008-11-16 01:51 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-18 13:00 . 2006-06-23 20:26 -------- d-----w c:\program files\MSN Messenger
2009-03-18 03:23 . 2007-08-15 12:06 -------- d-----w c:\program files\AWS
2009-03-18 03:21 . 2007-12-11 02:14 -------- d-----w c:\program files\Free Offers from Freeze.com
2009-03-15 23:09 . 2005-08-06 03:00 -------- d-----w c:\documents and settings\All Users\Application Data\QuickTime
2009-03-08 09:34 . 2004-08-04 02:56 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 09:34 . 2004-08-04 02:56 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 09:33 . 2004-08-04 02:56 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 09:33 . 2004-08-04 02:56 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 09:32 . 2004-08-04 02:56 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 09:32 . 2004-08-04 02:56 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 09:31 . 2004-08-04 02:56 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 09:31 . 2004-08-04 02:56 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 09:31 . 2004-08-04 02:56 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 09:22 . 2001-08-18 00:33 156160 ----a-w c:\windows\system32\msls31.dll
2009-02-09 10:20 . 2004-08-04 02:56 399360 ------w c:\windows\system32\rpcss.dll
2009-02-06 16:54 . 2001-08-18 00:36 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 20:08 . 2004-08-04 02:56 55808 ------w c:\windows\system32\secur32.dll
2006-08-26 13:19 . 2006-08-26 13:19 774144 ----a-w c:\program files\RngInterstitial.dll
2005-10-31 21:04 . 2005-10-31 21:04 128 -c--a-w c:\documents and settings\Owner\Local Settings\Application Data\fusioncache.dat
2003-08-27 19:19 . 2005-11-12 16:14 36963 ----a-r c:\program files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-18 339968]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-12-01 77824]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-08 00:15 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^bigfix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\bigfix.lnk
backup=c:\windows\pss\bigfix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 9.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SnagIt 9.lnk
backup=c:\windows\pss\SnagIt 9.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^YourScreen.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\YourScreen.lnk
backup=c:\windows\pss\YourScreen.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FreezeScreenSaver"=2 (0x2)
"gusvc"=3 (0x3)
"GoogleDesktopManager-061008-081103"=3 (0x3)
"FSMA"=2 (0x2)
"FSDFWD"=3 (0x3)
"FSAUA"=3 (0x3)
"F-Secure Gatekeeper Handler Starter"=2 (0x2)
"avg8wd"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-27 29183504]
R2 ygfpmm;ygfpmm;c:\windows\system32\SVCHOST.EXE [2004-08-04 14336]
R2 ygfpmmwi;ygfpmmwi; [x]
R3 CDAVFS;CDAVFS;c:\windows\system32\DRIVERS\CDAVFS.sys [2009-04-08 67424]
R3 Winxf30;Winxf30; [x]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-08 298264]
R4 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-05 29744]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-08 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-08 108552]


--- Other Services/Drivers In Memory ---

*Deregistered* - abp480n5
*Deregistered* - adpu160m
*Deregistered* - AFD
*Deregistered* - agp440
*Deregistered* - agpCPQ
*Deregistered* - Aha154x
*Deregistered* - aic78u2
*Deregistered* - aic78xx
*Deregistered* - ALG
*Deregistered* - AliIde
*Deregistered* - alim1541
*Deregistered* - amdagp
*Deregistered* - amsint
*Deregistered* - Apple Mobile Device
*Deregistered* - Arp1394
*Deregistered* - asc
*Deregistered* - asc3350p
*Deregistered* - asc3550
*Deregistered* - Ati HotKey Poller
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - AvgLdx86
*Deregistered* - AvgMfx86
*Deregistered* - AvgTdiX
*Deregistered* - Beep
*Deregistered* - BITS
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - cbidf
*Deregistered* - cd20xrnt
*Deregistered* - Cdfs
*Deregistered* - CmdIde
*Deregistered* - Cpqarray
*Deregistered* - CryptSvc
*Deregistered* - CyberPowerUPS
*Deregistered* - dac2w2k
*Deregistered* - dac960nt
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - dpti2o
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fax
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - hpn
*Deregistered* - i2omgmt
*Deregistered* - i2omp
*Deregistered* - ini910u
*Deregistered* - IntelIde
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - MDM
*Deregistered* - mdmxsdk
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - mraid35x
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - MSSQL$MSSMLBIZ
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - perc2
*Deregistered* - perc2hib
*Deregistered* - Pml Driver HPZ12
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - PrismXL
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - ql1080
*Deregistered* - Ql10wnt
*Deregistered* - ql12160
*Deregistered* - ql1240
*Deregistered* - ql1280
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - sisagp
*Deregistered* - Sparrow
*Deregistered* - Spooler
*Deregistered* - SQLBrowser
*Deregistered* - SQLWriter
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - sym_hi
*Deregistered* - sym_u3
*Deregistered* - symc8xx
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TosIde
*Deregistered* - TrkWks
*Deregistered* - ultra
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - viaagp
*Deregistered* - ViaIde
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WS2IFSL
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
*Deregistered* - ygfpmm

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ygfpmm REG_MULTI_SZ ygfpmm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ef20c80-55f2-11da-914e-0013d3513b7e}]
\Shell\AutoRun\command - reg.bat

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-04-27 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 20:54]

2009-04-27 c:\windows\Tasks\User_Feed_Synchronization-{E49A5DBB-FB02-4649-8F93-565166752319}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
SafeBoot-Winxf30.sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: amsouth.com\www
Trusted Zone: live.com\local
Trusted Zone: revival.com\www
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game10.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\on43mhn8.default\
FF - plugin: c:\documents and settings\Owner\Application Data\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF - plugin: c:\program files\Common Files\mpDRM\NPMPDRM.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-27 09:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\mpDRM\LicenseStore*]
@DACL=
"CheckValue"=dword:ba3464ba
"DA39A3EE"="E5E6B4B0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(588)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1776)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\geeksquad\upssrv.exe
c:\geeksquad\upsio.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-27 9:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-27 14:16

Pre-Run: 168,136,409,088 bytes free
Post-Run: 168,057,737,216 bytes free

795

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:34 AM, on 4/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\GeekSquad\upssrv.exe
C:\GeekSquad\upsio.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: BiblePro Toolbar Helper - {6A3EBAF8-C030-4E10-9D09-DB76740E85B1} - C:\Program Files\BiblePro Toolbar\v3.2.0.0\BiblePro_Toolbar.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: BiblePro Toolbar - {4D053320-23CF-417F-B498-0DCF8EBF49C3} - C:\Program Files\BiblePro Toolbar\v3.2.0.0\BiblePro_Toolbar.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1489113617-1686838869-2676571250-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.amsouth.com
O15 - Trusted Zone: http://local.live.com
O15 - Trusted Zone: http://www.revival.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17....es/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165632758609
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom....gamesplayer.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://www.streamingfaith.com/common/mbrow...MINIBrowser.CAB
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft....ayx_vp3_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by118fd.bay11...ex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: UPS Service (CyberPowerUPS) - Unknown owner - C:\GeekSquad\upssrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 9002 bytes

[Phillip@GCMComputers]

No ideas from anyone?

[Phillip@GCMComputers]

Well thanks again for all the help. I don't know why I bother coming here.