Thanks for all your help.
Logfile of HijackThis v1.99.1
Scan saved at 10:45:39 PM, on 6/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Documents and Settings\Michael\Desktop\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\QuickTime\qttask.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Seekmo Toolbar - {53E0B6E8-A51D-448B-B692-40B67B285543} - C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IVPServiceMgr] C:\toshiba\ivp\ism\ivpsvmgr.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O5 "epson" /M "Stylus CX5400"
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [Auto EPSON Stylus CX5400 on janet] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P33 "Auto EPSON Stylus CX5400 on janet" /O15 "\\JANET\printer" /M "Stylus CX5400"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Auto EPSON Stylus CX5400 on YOUR-DA794E3795] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P43 "Auto EPSON Stylus CX5400 on YOUR-DA794E3795" /O26 "\\YOUR-DA794E3795\EPSONSty" /M "Stylus CX5400"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search -
res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Michael\Desktop\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeSmitFraudFix v2.190
Scan done at 19:15:53.79, Fri 06/01/2007
Run from C:\Documents and Settings\Michael\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\indwvm.dll Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\DOCUME~1\Michael\FAVORI~1\Online Security Test.url Deleted
C:\Program Files\Video ActiveX Access\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8D1FF560-75CD-40EA-8237-5974AF55F468}: DhcpNameServer=64.233.217.2 64.233.217.3
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E7405A2B-7459-4FFC-810F-C45AC3D4315C}: DhcpNameServer=64.233.217.2 64.233.217.3
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8D1FF560-75CD-40EA-8237-5974AF55F468}: DhcpNameServer=64.233.217.2 64.233.217.3
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E7405A2B-7459-4FFC-810F-C45AC3D4315C}: DhcpNameServer=64.233.217.2 64.233.217.3
HKLM\SYSTEM\CS2\Services\Tcpip\..\{8D1FF560-75CD-40EA-8237-5974AF55F468}: DhcpNameServer=64.233.217.2 64.233.217.3
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E7405A2B-7459-4FFC-810F-C45AC3D4315C}: DhcpNameServer=64.233.217.2 64.233.217.3
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8D1FF560-75CD-40EA-8237-5974AF55F468}: DhcpNameServer=64.233.217.2 64.233.217.3
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E7405A2B-7459-4FFC-810F-C45AC3D4315C}: DhcpNameServer=64.233.217.2 64.233.217.3
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=64.233.217.2 64.233.217.3
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=64.233.217.2 64.233.217.3
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=64.233.217.2 64.233.217.3
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=64.233.217.2 64.233.217.3
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 10:38:33 PM 6/1/2007
+ Scan result:
HKU\S-1-5-21-1823865233-412237521-3693393098-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-1823865233-412237521-3693393098-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA0D26BD-9029-431A-86E0-83152D67828A} -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTBUninstaller.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP423\A0276881.dll -> Adware.Agent : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Softomate.IEToolbar -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Softomate.IEToolbar.1 -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Softomate.IEToolbar\CLSID -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Softomate.IEToolbar\CurVer -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-1823865233-412237521-3693393098-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31615D5C-5126-448A-818A-A7CDFEE85A9B} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\ZangoToolbar\Bin\4.8.2.0\ZbSrv.exe -> Adware.Hotbar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp.1 -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp\CLSID -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp\CurVer -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1823865233-412237521-3693393098-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B8C5186E-EC37-4889-9C2E-F73649FFB7BB} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
C:\Program Files\Zango\zangohook.dll -> Adware.Solution : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP423\A0276900.dll -> Adware.Solution : Cleaned with backup (quarantined).
C:\Program Files\Zango\zango.exe/Plugins\npclntax.dll -> Adware.Zango : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP423\A0276879.dll -> Downloader.Agent.bkd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP423\A0276889.exe -> Downloader.Zlob.azc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP423\A0276882.exe -> Downloader.Zlob.bgs : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP423\A0276886.exe -> Downloader.Zlob.btj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP418\A0271755.dll -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP418\A0271756.exe -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP418\A0271757.exe -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP418\A0272696.dll -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP418\A0272697.exe -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP418\A0272698.exe -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP419\A0273696.dll -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP419\A0273697.exe -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP419\A0273698.exe -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP420\A0273725.dll -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP420\A0273726.exe -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP420\A0273727.exe -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP420\A0274725.dll -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP420\A0274726.exe -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP420\A0274727.exe -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP421\A0274747.exe -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP421\A0274748.exe -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP421\A0274749.dll -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP422\A0274782.exe -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP422\A0274783.exe -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP422\A0274784.dll -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP423\A0274812.exe -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP423\A0274813.exe -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP423\A0274814.dll -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP423\A0274828.dll -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP423\A0274829.exe -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP423\A0274830.exe -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP423\A0274843.dll -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP423\A0274844.exe -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP423\A0274845.exe -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP423\A0274862.dll -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP423\A0274863.exe -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP423\A0274864.exe -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP423\A0275862.dll -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP423\A0275863.exe -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP423\A0275864.exe -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP423\A0276883.exe -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP423\A0276884.exe -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP423\A0276885.dll -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP423\A0276887.exe -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP423\A0276888.exe -> Downloader.Zlob.btq : Cleaned with backup (quarantined).
::Report end