Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Lost start menu and system restore

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Lost start menu and system restore

Unread postby ashdav » August 2nd, 2008, 7:54 am

Start menu has disappeared and IE homepage has been hijacked to ucleaner site.
System restore is accessible by drilling down through the Windows files but restore points have been removed although the files still exist as they show as system volume/restore during a file scan.
Did have popups saying your computer is infected etc. but this has stopped after running Superantispyware in safe mode.
Subsequent runs using Dr Web and Superantispyware still return trojan/adware results each time so the infection is reinstalling each time.
HJT log below. Thanks in advance.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:46: VIRUS ALERT!, on 02/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:80
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {98101aa9-4170-4385-a9f0-2e20db92cdce} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sys2.exe] C:\Windows\Sys2.exe
O4 - HKCU\..\Run: [Sys1.exe] C:\Windows\Sys1.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... R_ZZzer000
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk/
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.15-3.exe
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\guard32.dll
O21 - SSODL: eqvwamkl - {2E7C8E12-909F-4112-B69E-64CC27BD3FB8} - (no file)
O21 - SSODL: wnslvxtf - {CCD3E14E-ECF1-4771-8520-BAF46B95C70A} - (no file)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6004 bytes
ashdav
Active Member
 
Posts: 7
Joined: August 2nd, 2008, 7:12 am
Advertisement
Register to Remove

Re: Lost start menu and system restore

Unread postby Shaba » August 3rd, 2008, 4:44 am

Hi ashdav

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Lost start menu and system restore

Unread postby ashdav » August 3rd, 2008, 5:44 am

logfile after running SDfix


SDFix: Version 1.212
Run by Bob on 03/08/2008 at 11:33

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value
Restoring Windows ProductId To Remove Fake Virus Alert
Restoring Time Format To Remove Fake Virus Alert

Rebooting


Checking Files :

Trojan Files Found:

C:\Documents and Settings\Bob\Application Data\TmpRecentIcons\Vista Antivirus 2008.lnk - Deleted
C:\Documents and Settings\Anonymous\Desktop\Error Cleaner.url - Deleted
C:\Documents and Settings\Anonymous\Favorites\Error Cleaner.url - Deleted
C:\Documents and Settings\Jill\Favorites\Error Cleaner.url - Deleted
C:\Documents and Settings\Anonymous\Desktop\Privacy Protector.url - Deleted
C:\Documents and Settings\Anonymous\Favorites\Privacy Protector.url - Deleted
C:\Documents and Settings\Jill\Favorites\Privacy Protector.url - Deleted
C:\Documents and Settings\Anonymous\Desktop\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\Anonymous\Favorites\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\Jill\Favorites\Spyware&Malware Protection.url - Deleted
C:\Program Files\PCHealthCenter\0.gif - Deleted
C:\Program Files\PCHealthCenter\2.gif - Deleted
C:\Program Files\PCHealthCenter\3.gif - Deleted
C:\Program Files\PCHealthCenter\sex1.ico - Deleted
C:\Program Files\PCHealthCenter\sex2.ico - Deleted
C:\Program Files\PCHealthCenter\Thumbs.db - Deleted
C:\Documents and Settings\Bob\Application Data\TmpRecentIcons\Vista Antivirus 2008.lnk - Deleted
C:\WINDOWS\system32\nvrsul32.dll - Deleted



Folder C:\Program Files\PCHealthCenter - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-03 11:42:06
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\WinMX\\WinMX.exe"="C:\\Program Files\\WinMX\\WinMX.exe:*:Enabled:WinMX Application"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 7 Jul 2008 2,156,368 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 4 Aug 2004 4,639 A.SH. --- "C:\Program Files\Windows Media Player\mplayer2.exe"
Wed 18 Oct 2006 64,000 A.SH. --- "C:\Program Files\Windows Media Player\wmplayer.exe"
Thu 17 Jul 2008 848 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sun 11 Dec 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 7 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BIT1.tmp"
Sun 11 Dec 2005 4,348 ...H. --- "C:\Documents and Settings\Anonymous\My Documents\My Music\License Backup\drmv1key.bak"
Wed 27 Dec 2006 20 A..H. --- "C:\Documents and Settings\Anonymous\My Documents\My Music\License Backup\drmv1lic.bak"
Sat 15 Oct 2005 312 A.SH. --- "C:\Documents and Settings\Anonymous\My Documents\My Music\License Backup\drmv2key.bak"
Sat 4 Aug 2007 8 A..H. --- "C:\Documents and Settings\Anonymous\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Sat 4 Aug 2007 8 A..H. --- "C:\Documents and Settings\Anonymous\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Sat 4 Aug 2007 8 A..H. --- "C:\Documents and Settings\Anonymous\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Thu 20 Dec 2007 8 A..H. --- "C:\Documents and Settings\Anonymous\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Jill\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Jill\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Jill\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Jill\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"

Finished!

HJT logfile after running SDfix

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:59, on 03/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:80
O2 - BHO: {0d7b2a5f-ae95-a619-3634-bc24cda82ba1} - {1ab28adc-42cb-4363-916a-59eaf5a2b7d0} - (no file)
O2 - BHO: (no name) - {28030FA8-2428-4DE6-B0F3-CE9494E1A412} - (no file)
O2 - BHO: (no name) - {6DD57275-202B-43DD-A788-B46EA9978ED9} - (no file)
O2 - BHO: (no name) - {73984FE0-9702-4C55-9C7B-9BA3C5861F25} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... R_ZZzer000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk/
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.15-3.exe
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: khfGvvtu - khfGvvtu.dll (file missing)
O20 - Winlogon Notify: qoMdATlj - qoMdATlj.dll (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5534 bytes
ashdav
Active Member
 
Posts: 7
Joined: August 2nd, 2008, 7:12 am

Re: Lost start menu and system restore

Unread postby Shaba » August 3rd, 2008, 5:55 am

We'll continue with this:

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Lost start menu and system restore

Unread postby ashdav » August 3rd, 2008, 5:11 pm

Contents of "Save List" from HJT

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player 11
Adobe® Photoshop® Album Starter Edition 3.2
ARTEuro
AVG Free 8.0
Bejeweled 2
Belkin 54g USB Network Adapter
BroadJump Client Foundation
CCleaner (remove only)
Classic PhoneTools
COMODO Firewall Pro
Conexant D850 56K V.9x DFVc Modem
Corel Photo Album 6
Dell Driver Reset Tool
Dell Media Experience
Dell Photo Printer 720
Dell Photo Printer 720 Logger
Dell Picture Studio v3.0
Dell Support Center
DellSupport
Digital Line Detect
FUJIFILM USB Driver
Google Earth
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Extended Capabilities 5.3
HP Image Zone Express
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Software v9.2.4.11
Intel(R) PROSafe for Wired Connections
Intel(R) PROSafe for Wired Connections
Internet Explorer Default Page
iPod for Windows 2005-03-23
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 7
Jewel Quest 2
K-Lite Mega Codec Pack 4.1.0
Lanceur Club Internet v6
LE COMPAGNON CLUB
Learn2 Player (Uninstall Only)
Mahjong Escape - Ancient Japan
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Picture It! Express 9
Microsoft Picture It! Library 9
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
MioTransfer
Modem Helper
Mozilla Firefox (2.0.0.16)
MSN
MSN Encarta Plus Support Files
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
NetWaiting
Outils Club Internet
PerfectDisk
PowerDVD 5.5
QuickTime Alternative 2.6.0
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
SmartShopper
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Tweak UI
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
VGA Dual Camera
Viewpoint Media Player
WinASO Registry Optimizer 4.0.5
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB893086
Zune Desktop Theme
ashdav
Active Member
 
Posts: 7
Joined: August 2nd, 2008, 7:12 am

Re: Lost start menu and system restore

Unread postby Shaba » August 4th, 2008, 1:32 am

Uninstall this:

SmartShopper

After that:

If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofi ... e-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once Recovery Console is installed, you should see a blue screen prompt like the one below:

Image

Click Yes to allow Combofix to continue scanning for malware.

When done, a log will be produced. Please post that log and a new HijackThis log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Lost start menu and system restore

Unread postby ashdav » August 4th, 2008, 2:35 am

ComboFix 08-08-03.03 - Bob 2008-08-04 8:26:05.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.541 [GMT 2:00]
Running from: C:\Documents and Settings\Bob\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bob\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Anonymous\Application Data\Starware
C:\Documents and Settings\Anonymous\Application Data\Starware\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\Anonymous\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\Anonymous\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\Anonymous\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\Anonymous\Application Data\Starware\Games\GamesOptions.xml
C:\Documents and Settings\Anonymous\Application Data\Starware\Games\GamesOptions.xml.backup
C:\Documents and Settings\Anonymous\Application Data\Starware\Layouts\PreferencesLayout.xml
C:\Documents and Settings\Anonymous\Application Data\Starware\Layouts\PreferencesLayout.xml.backup
C:\Documents and Settings\Anonymous\Application Data\Starware\Layouts\ToolbarLayout.xml
C:\Documents and Settings\Anonymous\Application Data\Starware\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\Anonymous\Application Data\Starware\Manager\ManagerOptions.xml
C:\Documents and Settings\Anonymous\Application Data\Starware\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\Anonymous\Application Data\Starware\Movies\MoviesOptions.xml
C:\Documents and Settings\Anonymous\Application Data\Starware\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\Anonymous\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml
C:\Documents and Settings\Anonymous\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml.backup
C:\Documents and Settings\Anonymous\Application Data\Starware\Recipes\RecipesOptions.xml
C:\Documents and Settings\Anonymous\Application Data\Starware\Recipes\RecipesOptions.xml.backup
C:\Documents and Settings\Anonymous\Application Data\Starware\Reference\ReferenceOptions.xml
C:\Documents and Settings\Anonymous\Application Data\Starware\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\Anonymous\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\Anonymous\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\Anonymous\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\Anonymous\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\Anonymous\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\Anonymous\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\Anonymous\Application Data\Starware\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\Anonymous\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\Anonymous\Application Data\Starware\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\Anonymous\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\Anonymous\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\Anonymous\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\Anonymous\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\Anonymous\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\Anonymous\Application Data\Starware\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\Anonymous\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\Anonymous\Application Data\Starware\Weather\AlertArchive.xml
C:\Documents and Settings\Anonymous\Application Data\Starware\Weather\WeatherOptions.xml
C:\Documents and Settings\Anonymous\Application Data\Starware\Weather\WeatherOptions.xml.backup
C:\Documents and Settings\Anonymous\Application Data\Starware343
C:\Documents and Settings\Anonymous\Application Data\Starware343\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\Anonymous\Application Data\Starware343\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\Anonymous\Application Data\Starware343\Configurator\Configurator.xml
C:\Documents and Settings\Anonymous\Application Data\Starware343\Configurator\Configurator.xml.backup
C:\Documents and Settings\Anonymous\Application Data\Starware343\Dating\DatingOptions.xml
C:\Documents and Settings\Anonymous\Application Data\Starware343\Dating\DatingOptions.xml.backup
C:\Documents and Settings\Anonymous\Application Data\Starware343\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\Anonymous\Application Data\Starware343\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\Anonymous\Application Data\Starware343\Free_Credit_Score\Free_Credit_ScoreOptions.xml
C:\Documents and Settings\Anonymous\Application Data\Starware343\Free_Credit_Score\Free_Credit_ScoreOptions.xml.backup
C:\Documents and Settings\Anonymous\Application Data\Starware343\Layouts\ToolbarLayout.xml
C:\Documents and Settings\Anonymous\Application Data\Starware343\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\Anonymous\Application Data\Starware343\Manager\ManagerOptions.xml
C:\Documents and Settings\Anonymous\Application Data\Starware343\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\Anonymous\Application Data\Starware343\Map_It\Map_ItOptions.xml
C:\Documents and Settings\Anonymous\Application Data\Starware343\Map_It\Map_ItOptions.xml.backup
C:\Documents and Settings\Anonymous\Application Data\Starware343\Reference\ReferenceOptions.xml
C:\Documents and Settings\Anonymous\Application Data\Starware343\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\Anonymous\Application Data\Starware343\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\Anonymous\Application Data\Starware343\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\Anonymous\Application Data\Starware343\Ringtones\RingtonesOptions.xml
C:\Documents and Settings\Anonymous\Application Data\Starware343\Ringtones\RingtonesOptions.xml.backup
C:\Documents and Settings\Anonymous\Application Data\Starware343\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\Anonymous\Application Data\Starware343\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\Anonymous\Application Data\Starware343\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\Anonymous\Application Data\Starware343\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\Anonymous\Application Data\Starware343\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\Anonymous\Application Data\Starware343\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\Anonymous\Application Data\Starware343\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\Anonymous\Application Data\Starware343\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\Anonymous\Application Data\Starware343\Weather\AlertArchive.xml
C:\Documents and Settings\Anonymous\Application Data\Starware343\Weather\AlertArchive.xml.backup
C:\Documents and Settings\Anonymous\Application Data\Starware343\Weather\WeatherOptions.xml
C:\Documents and Settings\Anonymous\Application Data\Starware343\Weather\WeatherOptions.xml.backup
C:\Documents and Settings\Anonymous\Application Data\Zango
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\1.sdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\1022703.sdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\1067612.sdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\1070519.sdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\125287.sdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\130459.sdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\1360470.sdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\1375450.sdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\1376167.sdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\1383356.sdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\1383771.sdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\1384270.sdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\1384391.sdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\1385712.sdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\1386476.sdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\1391814.sdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\1399269.sdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\157837.sdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\2015042.sdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\3251993.sdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\3720808.sdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\3781353.sdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\3786171.sdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\3894099.sdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\469285.sdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\534912.sdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\555263.sdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\704065.sdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\70750.sdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\819382.sdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\820907.sdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\829749.sdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\948597.sdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\969631.sdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\domains.txt
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000030875
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000031843
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000047858
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000048356
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\10110
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\11213
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\116977
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\117718
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\117759
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\12457
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\13035
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\13129
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\13546
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\13562
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1381
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\139170
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\14570
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1458
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\15039
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\15040
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1509
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\15200
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\15202
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\159294
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\16087
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\16204
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1670
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\16998
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\17040
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\182864
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\187147
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\18906
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\193255
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\195461
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\19650
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\197039
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\198406
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\199345
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\199498
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\2020
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\2021
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20304
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20365
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20570
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\21681
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\218682
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\22254
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\22537
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\22657
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\23270
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\23315
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\23636
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\237488
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\23923
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\24341
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\247895
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\252276
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\253036
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\25469
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\25735
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\25818
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\259172
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26656
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26664
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\27414
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\27503
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\277983
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\28062
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\28207
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\286256
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\290893
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\29338
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\29642
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\297534
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\30031
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\30999
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\31947
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32024
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32122
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32137
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32148
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32290
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32980
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\3338
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\33697
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\33912
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34149
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34237
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34267
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\345676
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35000
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35018
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\350397
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35047
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\36247
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\36625
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\36639
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\367116
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\372500
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\374830
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\37827
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\388251
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\389560
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\39228
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\39245
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\393695
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\39850
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\40012
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\40256
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\402844
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41115
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41364
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\4142
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41558
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\4166
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41980
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41986
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41999
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\42013
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\42093
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\422154
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\423535
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\42437
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\432060
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\43395
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\43640
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\43979
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44228
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44306
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44320
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44458
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44878
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\475788
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\477109
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\482360
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\49587
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\4967
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\49700
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\4975
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\50973
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\51194
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\51666
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\51824
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\52253
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\52335
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\531510
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\532492
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\53481
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\534945
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\5352
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\53541
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\54189
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\54473
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\547424
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\555618
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\56815
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\576702
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\578150
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\57918
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\579718
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\58197
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\583749
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\58804
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\59221
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\59844
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\59905
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\61207
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\61212
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\61779
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\61951
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6280
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6292
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6314
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\63172
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64412
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64429
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64495
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64605
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64646
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\650494
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6558
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\65770
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\658110
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6612
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\66493
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\66836
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\66896
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\67220
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\67469
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\68370
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6853
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6873
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\68903
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\69031
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\69325
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\708497
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\70989
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\71009
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\711791
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\7142
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\72123
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\72889
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\731618
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\737665
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\743331
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\743403
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744260
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744470
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744599
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744627
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744786
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744961
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745428
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745495
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745869
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\747716
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\748176
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\748499
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\748893
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\7492
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\751223
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753197
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753224
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753299
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753335
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753366
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753372
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\75470
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\77494
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79079
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79132
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79432
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79805
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79806
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79972
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79986
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79987
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\81293
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\82287
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\83690
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\83706
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\85055
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\85062
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\85449
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\8577
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\86379
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\86419
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\87387
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\87594
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\87995
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\89240
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\90358
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\90361
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\90375
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\91204
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\92886
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93113
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93192
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93878
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93899
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93921
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93934
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\94011
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95610
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95645
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95774
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95803
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95828
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\97499
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\97524
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\98395
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\98441
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\99163
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\99742
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\dynamic\ustat\f920.dat
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\avatar.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\btntrans.idx
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\btntrans1.dat
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\buttondir.txt
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\components.cdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\cursors.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_other.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\d_icons_weather.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\default.cdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\Default_511745-514279.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-ca.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-us.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\Default_categorize.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\Default_comparison.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-people.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\Default_favorites.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\Default_Games.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\Default_Hide.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\Default_Hotmail.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\Default_hsskin.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\Default_jemster.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\Default_jemsterie.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\Default_jemsteruk.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\Default_jobsearch.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\Default_Mails.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\Default_MobileSidewalk.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\Default_new.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\Default_premium.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\Default_reun.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\Default_ringtones.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\Default_searchfor.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\Default_searchgo.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\Default_weather.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\Default_yellowpages.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\editblbuttons.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\email-t1-bg.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\icons2.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\ie_games_icon.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\ie_video.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\keywords.idx
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\keywords1.dat
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\layout.cdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\linkpathlegal.txt
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\progress.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\s_icons_buttons.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\sales_buttons.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\sdfmodifier.xml
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\t2_bg.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\theweb.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\top7.cdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\Top7_theweb.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\tsd_bg.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\zango_btn.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\1\zango_ie_menu.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\avatar.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\btntrans.idx
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\btntrans1.dat
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\buttondir.txt
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\components.cdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\cursors.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_1000.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_2000.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_3000.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_bar.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_bbar1.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_logos.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_other.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\d_icons_weather.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\default.cdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\Default_511745-514279.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-ca.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-us.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\Default_categorize.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\Default_comparison.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-Mails.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-people.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\Default_favorites.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\Default_Games.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\Default_Hide.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\Default_hotbarcom.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\Default_Hotmail.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\Default_hsskin.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\Default_jemster.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\Default_jemsterie.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\Default_jemsteruk.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\Default_jobsearch.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\Default_Mails.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\Default_MobileSidewalk.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\Default_new.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\Default_premium.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\Default_reun.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\Default_ringtones.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\Default_searchfor.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\Default_searchgo.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\Default_weather.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\Default_yellowpages.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\editblbuttons.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\email-def-511724-548964.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\email-def-511724-9595.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\email-t1-bg.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\icons2.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\ie_games_icon.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\ie_video.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\keywords.idx
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\keywords1.dat
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\layout.cdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\linkpathlegal.txt
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\progress.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\s_icons_buttons.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\sales_buttons.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\sdfmodifier.xml
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\t2_bg.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\theweb.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\top7.cdf
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\Top7_theweb.mnu
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\tsd_bg.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\zango_btn.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\2\zango_ie_menu.res
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\DownLoad\avatar.xip
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans.xip
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans1.xip
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\DownLoad\buttondir.xip
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.xip
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\DownLoad\default.xip
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\DownLoad\editblbuttons.xip
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\DownLoad\icons2.xip
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.xip
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.xip
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.xip
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords1.xip
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.xip
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\DownLoad\progress.xip
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\DownLoad\sdfmodifier.xip
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\DownLoad\top7.xip
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_btn.xip
C:\Documents and Settings\Anonymous\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_ie_menu.xip
C:\Documents and Settings\Bob\Application Data\Starware343
C:\Documents and Settings\Bob\Application Data\Starware343\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\Bob\Application Data\Starware343\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\Bob\Application Data\Starware343\Configurator\Configurator.xml
C:\Documents and Settings\Bob\Application Data\Starware343\Configurator\Configurator.xml.backup
C:\Documents and Settings\Bob\Application Data\Starware343\Dating\DatingOptions.xml
C:\Documents and Settings\Bob\Application Data\Starware343\Dating\DatingOptions.xml.backup
C:\Documents and Settings\Bob\Application Data\Starware343\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\Bob\Application Data\Starware343\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\Bob\Application Data\Starware343\Free_Credit_Score\Free_Credit_ScoreOptions.xml
C:\Documents and Settings\Bob\Application Data\Starware343\Free_Credit_Score\Free_Credit_ScoreOptions.xml.backup
C:\Documents and Settings\Bob\Application Data\Starware343\Layouts\ToolbarLayout.xml
C:\Documents and Settings\Bob\Application Data\Starware343\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\Bob\Application Data\Starware343\Manager\ManagerOptions.xml
C:\Documents and Settings\Bob\Application Data\Starware343\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\Bob\Application Data\Starware343\Map_It\Map_ItOptions.xml
C:\Documents and Settings\Bob\Application Data\Starware343\Map_It\Map_ItOptions.xml.backup
C:\Documents and Settings\Bob\Application Data\Starware343\Reference\ReferenceOptions.xml
C:\Documents and Settings\Bob\Application Data\Starware343\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\Bob\Application Data\Starware343\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\Bob\Application Data\Starware343\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\Bob\Application Data\Starware343\Ringtones\RingtonesOptions.xml
C:\Documents and Settings\Bob\Application Data\Starware343\Ringtones\RingtonesOptions.xml.backup
C:\Documents and Settings\Bob\Application Data\Starware343\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\Bob\Application Data\Starware343\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\Bob\Application Data\Starware343\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\Bob\Application Data\Starware343\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\Bob\Application Data\Starware343\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\Bob\Application Data\Starware343\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\Bob\Application Data\Starware343\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\Bob\Application Data\Starware343\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\Bob\Application Data\Starware343\Weather\AlertArchive.xml
C:\Documents and Settings\Bob\Application Data\Starware343\Weather\AlertArchive.xml.backup
C:\Documents and Settings\Bob\Application Data\Starware343\Weather\WeatherOptions.xml
C:\Documents and Settings\Bob\Application Data\Starware343\Weather\WeatherOptions.xml.backup
C:\Documents and Settings\Charlotte\Application Data\Starware
C:\Documents and Settings\Charlotte\Application Data\Starware\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\Charlotte\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\Charlotte\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\Charlotte\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\Charlotte\Application Data\Starware\Games\GamesOptions.xml
C:\Documents and Settings\Charlotte\Application Data\Starware\Games\GamesOptions.xml.backup
C:\Documents and Settings\Charlotte\Application Data\Starware\Layouts\PreferencesLayout.xml
C:\Documents and Settings\Charlotte\Application Data\Starware\Layouts\PreferencesLayout.xml.backup
C:\Documents and Settings\Charlotte\Application Data\Starware\Layouts\ToolbarLayout.xml
C:\Documents and Settings\Charlotte\Application Data\Starware\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\Charlotte\Application Data\Starware\Manager\ManagerOptions.xml
C:\Documents and Settings\Charlotte\Application Data\Starware\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\Charlotte\Application Data\Starware\Movies\MoviesOptions.xml
C:\Documents and Settings\Charlotte\Application Data\Starware\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\Charlotte\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml
C:\Documents and Settings\Charlotte\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml.backup
C:\Documents and Settings\Charlotte\Application Data\Starware\Recipes\RecipesOptions.xml
C:\Documents and Settings\Charlotte\Application Data\Starware\Recipes\RecipesOptions.xml.backup
C:\Documents and Settings\Charlotte\Application Data\Starware\Reference\ReferenceOptions.xml
C:\Documents and Settings\Charlotte\Application Data\Starware\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\Charlotte\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\Charlotte\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\Charlotte\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\Charlotte\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\Charlotte\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\Charlotte\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\Charlotte\Application Data\Starware\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\Charlotte\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\Charlotte\Application Data\Starware\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\Charlotte\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\Charlotte\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\Charlotte\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\Charlotte\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\Charlotte\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\Charlotte\Application Data\Starware\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\Charlotte\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\Charlotte\Application Data\Starware\Weather\AlertArchive.xml
C:\Documents and Settings\Charlotte\Application Data\Starware\Weather\WeatherOptions.xml
C:\Documents and Settings\Charlotte\Application Data\Starware\Weather\WeatherOptions.xml.backup
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\beKmnnpo.ini
C:\WINDOWS\system32\beKmnnpo.ini2
C:\WINDOWS\system32\cfhNoUvw.ini
C:\WINDOWS\system32\cfhNoUvw.ini2
C:\WINDOWS\system32\nolvpyyd.ini
C:\WINDOWS\system32\RYJjmnmp.ini
C:\WINDOWS\system32\RYJjmnmp.ini2
C:\WINDOWS\system32\xebwdnaq.ini
C:\WINDOWS\system32\yuawdxrc.ini

.
((((((((((((((((((((((((( Files Created from 2008-07-04 to 2008-08-04 )))))))))))))))))))))))))))))))
.

2008-08-03 11:29 . 2008-08-03 11:29 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-03 11:16 . 2008-08-03 11:43 <DIR> d-------- C:\SDFix
2008-08-03 10:52 . 2008-08-03 10:52 <DIR> d-------- C:\WINDOWS\options
2008-08-03 10:52 . 2008-08-03 10:52 <DIR> d-------- C:\Program Files\Belkin
2008-08-03 10:52 . 2008-08-03 10:52 <DIR> d-------- C:\Program Files\Bejeweled 2
2008-08-03 10:52 . 2008-08-03 10:52 <DIR> d-------- C:\Documents and Settings\Jill\DoctorWeb
2008-08-03 10:52 . 2008-08-03 10:52 <DIR> d-------- C:\Documents and Settings\Bob\DoctorWeb
2008-08-03 08:51 . 2008-08-03 08:51 21 --a------ C:\WINDOWS\kit.ini
2008-08-03 01:43 . 2008-08-03 01:43 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-08-03 01:43 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-03 01:30 . 2008-08-03 01:30 <DIR> d-------- C:\Documents and Settings\Bob\Application Data\Media Player Classic
2008-08-03 00:47 . 2008-08-03 00:47 <DIR> d-------- C:\Program Files\QuickTime Alternative
2008-08-03 00:47 . 2008-05-27 10:50 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-08-03 00:47 . 2008-05-27 10:50 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-08-03 00:45 . 2008-08-03 00:45 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-08-02 13:46 . 2008-08-02 13:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-02 13:37 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-08-02 13:37 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll
2008-08-01 19:04 . 2008-08-01 19:04 <DIR> d-------- C:\VundoFix Backups
2008-08-01 15:26 . 2008-08-01 15:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-08-01 13:49 . 2008-08-01 13:49 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-01 10:46 . 2008-08-01 11:11 <DIR> d-------- C:\Documents and Settings\Administrator\DoctorWeb
2008-07-31 11:49 . 2008-07-31 11:49 99,712 --a------ C:\WINDOWS\system32\gwcdymbc.dll
2008-07-31 01:17 . 2008-07-31 01:17 <DIR> d-------- C:\Documents and Settings\Jill\Application Data\TmpRecentIcons
2008-07-30 14:54 . 2008-07-30 14:54 <DIR> d-------- C:\Documents and Settings\Anonymous\Application Data\TmpRecentIcons
2008-07-15 16:28 . 2008-07-15 16:28 <DIR> d-------- C:\Documents and Settings\Anonymous\Application Data\Comodo
2008-07-10 12:43 . 2008-07-10 12:43 <DIR> d-------- C:\Documents and Settings\Bob\Application Data\Comodo
2008-07-10 10:54 . 2008-07-10 10:54 280 --a------ C:\WINDOWS\system32\PDBootState
2008-07-10 10:44 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-07-10 10:44 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-07-10 10:33 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-07-09 22:57 . 2008-07-09 22:57 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-09 22:53 . 2008-07-09 22:53 <DIR> d-------- C:\Program Files\Common Files\Raxco
2008-07-09 22:53 . 2008-07-09 22:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-07-09 22:52 . 2008-07-09 22:53 <DIR> d-------- C:\Program Files\RAXCO
2008-07-09 22:50 . 2008-07-09 22:50 <DIR> d-------- C:\Program Files\WinASO
2008-07-09 21:33 . 2008-07-09 21:33 <DIR> d-------- C:\Program Files\CCleaner
2008-07-09 21:27 . 2008-07-09 21:27 <DIR> d-------- C:\Program Files\COMODO
2008-07-09 21:27 . 2008-07-09 21:27 <DIR> d-------- C:\Documents and Settings\Jill\Application Data\Comodo
2008-07-09 21:27 . 2008-07-09 21:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-07-09 21:27 . 2008-07-09 21:27 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-07-09 21:27 . 2008-07-09 21:27 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-07-09 21:27 . 2008-07-09 21:27 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-07-09 21:07 . 2008-07-09 21:07 <DIR> d-------- C:\Documents and Settings\Jill\Application Data\SUPERAntiSpyware.com
2008-07-09 19:25 . 2008-08-03 09:58 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-09 19:21 . 2008-08-03 23:16 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-09 19:21 . 2008-07-09 19:21 <DIR> d-------- C:\Program Files\AVG
2008-07-09 19:21 . 2008-07-09 22:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-09 19:21 . 2008-07-09 22:57 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-09 19:21 . 2008-07-09 22:58 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-09 19:00 . 2005-07-18 20:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-07-09 19:00 . 2005-07-18 20:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-07-09 19:00 . 2005-07-18 20:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-07-09 19:00 . 2008-08-03 10:53 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-09 08:48 . 2008-07-09 08:48 <DIR> d-------- C:\SmartShopper
2008-07-08 20:17 . 2008-07-08 20:17 <DIR> d-------- C:\Documents and Settings\Jill\SmartShopper
2008-07-08 20:17 . 2008-07-08 20:17 <DIR> d-------- C:\Application Data
2008-07-05 18:51 . 2008-07-05 18:51 <DIR> d-------- C:\Documents and Settings\Anonymous\Application Data\Motive
2008-07-05 18:47 . 2008-07-05 18:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MotiveSysIDs
2008-07-05 18:47 . 2005-04-05 17:20 69,632 --a------ C:\WINDOWS\system32\MCCDevice.dll
2008-07-05 18:47 . 2005-03-25 18:27 6,048 --a------ C:\WINDOWS\system32\MCC16.dll
2008-07-05 18:27 . 2008-07-05 18:27 <DIR> d-------- C:\WINDOWS\Motive
2008-07-05 18:27 . 2003-10-22 10:54 81,920 --a------ C:\WINDOWS\system32\W32n50.dll
2008-07-05 18:27 . 2003-10-22 10:54 17,162 --a------ C:\WINDOWS\system32\Pcandis5.sys
2008-07-05 18:27 . 2003-10-22 10:54 16,848 --a------ C:\WINDOWS\system32\Pcandis4.sys
2008-07-05 18:27 . 2003-10-22 10:54 16,073 --a------ C:\WINDOWS\system32\Pcandis3.vxd
2008-07-05 18:26 . 2008-07-05 18:47 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-07-05 18:26 . 2008-07-05 18:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Motive
2008-07-05 18:25 . 2008-07-05 18:26 <DIR> d-------- C:\Program Files\Motive
2008-07-05 18:21 . 2008-07-05 18:21 <DIR> d-------- C:\Program Files\BroadJump
2008-07-05 18:21 . 2002-08-02 14:56 663,552 --a------ C:\WINDOWS\system32\libeay32_1-1-0_DDR.dll
2008-07-05 18:21 . 2001-09-23 16:30 532,594 --a------ C:\WINDOWS\system32\xerces-c_1_40_0_DDR.dll
2008-07-05 18:21 . 2001-09-23 15:41 524,377 --a------ C:\WINDOWS\system32\stlport_4_0_0_DDR.dll
2008-07-05 18:21 . 2002-10-18 11:36 307,329 --a------ C:\WINDOWS\system32\BJBase_2-2-2_DDR.dll
2008-07-05 18:21 . 2002-08-02 14:56 159,744 --a------ C:\WINDOWS\system32\ssleay32_1-1-0_DDR.dll
2008-07-05 18:20 . 2006-12-12 21:46 6,345 -ra------ C:\WINDOWS\system32\DevMngr.vxd
2008-07-05 18:19 . 2008-07-05 18:49 <DIR> d-------- C:\Program Files\Club-Internet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-03 06:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2008-08-03 06:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-02 23:43 --------- d-----w C:\Program Files\Java
2008-08-02 23:04 --------- d-----w C:\Program Files\Conduit
2008-08-02 22:40 --------- d-----w C:\Program Files\Real
2008-08-02 22:40 --------- d-----w C:\Program Files\Common Files\Real
2008-08-02 22:33 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-01 11:50 --------- d-----w C:\Documents and Settings\Bob\Application Data\SUPERAntiSpyware.com
2008-07-31 12:43 --------- d-----w C:\Program Files\MSN Messenger
2008-07-10 09:23 --------- d-----w C:\Program Files\Google
2008-07-10 09:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-10 09:20 --------- d-----w C:\Program Files\WinMX
2008-07-10 09:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-10 09:15 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-09 19:07 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-07-09 09:08 --------- d-----w C:\Documents and Settings\Bob\Application Data\Skype
2008-07-09 06:48 --------- d-----w C:\Documents and Settings\Jill\Application Data\SmartShopper
2008-07-09 06:11 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-05 16:22 155,995 ----a-w C:\WINDOWS\java\Packages\H3HBDBNV.ZIP
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2006-08-31 14:22 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-06-25 15:58 1209584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-06 03:22 94208]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-06 03:23 114688]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-09 22:58 1232152]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-07-10 10:32 1655552]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-09 22:57]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-07-09 21:27]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-07-09 21:27]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-09 22:57]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-09 22:57]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-09 22:58]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2004-07-16 12:14]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual Camera;C:\WINDOWS\system32\DRIVERS\mr97310v.sys [2004-03-17 08:54]
S3 MRVW225;802.11g/b Wireless LAN Dirver for Windows XP;C:\WINDOWS\system32\DRIVERS\MRVW225.sys [2005-12-21 11:44]
.
- - - - ORPHANS REMOVED - - - -

BHO-{1ab28adc-42cb-4363-916a-59eaf5a2b7d0} - (no file)
BHO-{28030FA8-2428-4DE6-B0F3-CE9494E1A412} - (no file)
BHO-{6DD57275-202B-43DD-A788-B46EA9978ED9} - (no file)
HKLM-Run-StandardInstall - (no file)
ShellExecuteHooks-{28030FA8-2428-4DE6-B0F3-CE9494E1A412} - (no file)
Notify-khfGvvtu - khfGvvtu.dll
Notify-qoMdATlj - qoMdATlj.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\g5tbt063.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - http://www.google.co.uk


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-04 08:33:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\g5tbt063.default\downloads.rdf 2010 bytes
C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\g5tbt063.default\history.dat 4822 bytes
C:\Documents and Settings\Bob\Local Settings\Application Data\Mozilla\Firefox\Profiles\g5tbt063.default\Cache

scan completed successfully
hidden files: 3

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\RAXCO\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\RAXCO\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-08-04 8:37:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-04 06:37:27
Combofix logfile...
Pre-Run: 218,364,628,992 bytes free
Post-Run: 218,989,604,864 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

851 --- E O F --- 2008-07-10 08:34:10

HJT logfile
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:42:58, on 04/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:80
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... R_ZZzer000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk/
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4987 bytes
ashdav
Active Member
 
Posts: 7
Joined: August 2nd, 2008, 7:12 am

Re: Lost start menu and system restore

Unread postby Shaba » August 4th, 2008, 3:23 am

Delete these folders:

C:\SmartShopper
C:\Documents and Settings\Jill\SmartShopper

Empty Recycle Bin.

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Lost start menu and system restore

Unread postby ashdav » August 4th, 2008, 5:06 am

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, August 4, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, August 04, 2008 06:22:49
Records in database: 1051288
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 65524
Threat name: 4
Infected objects: 6
Suspicious objects: 1
Duration of the scan: 01:19:26


File name / Threat name / Threats count
C:\Documents and Settings\Anonymous\Shared\06 Track 6.wma Infected: Trojan-Downloader.WMA.Wimad.k 1
C:\Documents and Settings\Anonymous\Shared\Eighties classic (woman).wma Infected: Trojan-Downloader.WMA.Wimad.k 1
C:\Documents and Settings\Anonymous\Shared\Top of Charts - 2003 (bump).wma Infected: Trojan-Downloader.WMA.Wimad.k 1
C:\Documents and Settings\Anonymous\Shared\Top of Charts - 2005 (bump).wma Infected: Trojan-Downloader.WMA.Wimad.k 1
C:\Documents and Settings\Jill\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Inbox.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\SDFix\apps\swsc.exe Infected: Backdoor.Win32.Hupigon.dckd 1
C:\WINDOWS\system32\gwcdymbc.dll Infected: Trojan.Win32.Monder.bvp 1

The selected area was scanned.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:37, on 04/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:80
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... R_ZZzer000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk/
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4933 bytes
ashdav
Active Member
 
Posts: 7
Joined: August 2nd, 2008, 7:12 am

Re: Lost start menu and system restore

Unread postby Shaba » August 4th, 2008, 5:44 am

Delete these:

C:\Documents and Settings\Anonymous\Shared\06 Track 6.wma
C:\Documents and Settings\Anonymous\Shared\Eighties classic (woman).wma
C:\Documents and Settings\Anonymous\Shared\Top of Charts - 2003 (bump).wma
C:\Documents and Settings\Anonymous\Shared\Top of Charts - 2005 (bump).wma I
C:\WINDOWS\system32\gwcdymbc.dll

Empty Recycle Bin.

Still problems?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Lost start menu and system restore

Unread postby ashdav » August 4th, 2008, 6:39 am

Files deleted.
No problems so far.
All the missing functions returned after running SDfix.
Are we done now ?
ashdav
Active Member
 
Posts: 7
Joined: August 2nd, 2008, 7:12 am

Re: Lost start menu and system restore

Unread postby Shaba » August 4th, 2008, 6:43 am

Yes, then we are :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

You can fix these:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank (only if you haven't set it)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

Now lets uninstall ComboFix:

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

Next we remove all used tools.

Please download OTCleanIt and save it to desktop.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

  • Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and re-enable system restore here:

    Windows XP System Restore Guide

Re-enable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

    Malwarebytes' Anti-Malware Setup Guide

    Malwarebytes' Anti-Malware Scanning Guide

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean! :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Lost start menu and system restore

Unread postby ashdav » August 4th, 2008, 6:58 am

All done.
The computer is not mine but I will educate the owner about updating his security.
I've not had a single infection on my own computers for 6 years but this one had me stumped.
Thankyou very much for your help Shaba.

Regards
David
ashdav
Active Member
 
Posts: 7
Joined: August 2nd, 2008, 7:12 am

Re: Lost start menu and system restore

Unread postby Shaba » August 6th, 2008, 9:14 am

ashdav this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 56 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware