Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have A Feeling I Amy Be Infected


  • This topic is locked This topic is locked
4 replies to this topic

#1 DCenigma32

DCenigma32

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 04 December 2006 - 06:35 PM

I have a feeling that i may be infected with some type of trojan or even more then one my computer seems to be running extremely slow. Ive tired every normalway to fix it but nothing is working help please.....

For Example the are some things on this hijackthis log that i think look funny, i have highlight them


Logfile of HijackThis v1.99.1
Scan saved at 6:21:30 PM, on 12/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\WINDOWS\ALCWZRD.EXE
D:\Program Files\PowerISO\SCDEmuApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sym\Dialers\Sexy_Hot\Sexy_Hot.exe
D:\Program Files\Winamp\winampa.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\windows\system32\wzdmg.exe
C:\program files\common files\system\dfb50a15.exe
D:\Program Files\iTunesHelper.exe
D:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Dan\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 201.36.154.35:6588:6588
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SCDEmuApp.exe] d:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sexy_Hot] C:\Program Files\Sym\Dialers\Sexy_Hot\Sexy_Hot.exe /dontdial
O4 - HKLM\..\Run: [WinampAgent] d:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [wzdmg] c:\windows\system32\wzdmg.exe /nocomm
O4 - HKLM\..\Run: [mplay64] c:\program files\common files\system\dfb50a15.exe /noerrorinfo
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunesHelper.exe"
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://www.yahoo.com/diskless/bin/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1104025560304
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1140549225843
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca12.custhelp.com/7530-b327h/rnl/java/RntX.cab
O20 - Winlogon Notify: logon16x - C:\WINDOWS\SYSTEM32\logon16x.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Desktop Utilities Service (iHCService) - Unknown owner - D:\Program Files\IDUServ.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

BC AdBot (Login to Remove)

 


m

#2 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:41 PM

Posted 05 December 2006 - 02:39 AM

Please download SUPERAntiSpyware Home Edition (free version)
  • Install it and double-click the icon on your desktop to run it.
  • It will ask if you want to update the program definitions, click Yes.
  • Under Configuration and Preferences, click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked:
    • Close browsers before scanning
    • Scan for tracking cookies
    • Terminate memory threats before quarantining.
    • Please leave the others unchecked.
    • Click the Close button to leave the control center screen.
  • On the main screen, under Scan for Harmful Software click Scan your computer.
  • On the left check C:\Fixed Drive.
  • On the right, under Complete Scan, choose Perform Complete Scan.
  • Click Next to start the scan. Please be patient while it scans your computer.
  • After the scan is complete a summary box will appear. Click OK.
  • Make sure everything in the white box has a check next to it, then click Next.
  • It will quarantine what it found and if it asks if you want to reboot, click Yes.
  • To retrieve the removal information for me please do the following:
    • After reboot, double-click the SUPERAntispyware icon on your desktop.
    • Click Preferences. Click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • It will open in your default text editor (such as Notepad/Wordpad).
    • Please highlight everything in the notepad, then right-click and choose copy.
  • Click close and close again to exit the program.
  • Please paste that information here for me with a new HijackThis log.

Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#3 DCenigma32

DCenigma32
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 05 December 2006 - 02:40 PM

Alright here it is, ive done what you said to do and here are the two logs

SUPERAntiSpyware Scan Log
Generated 12/05/2006 at 02:21 PM

Application Version : 3.3.1020

Core Rules Database Version : 3142
Trace Rules Database Version: 1158

Scan type : Complete Scan
Total Scan Time : 01:35:33

Memory items scanned : 545
Memory threats detected : 3
Registry items scanned : 5886
Registry threats detected : 62
File items scanned : 54497
File threats detected : 300

Trojan.MMLogon
C:\WINDOWS\SYSTEM32\LOGON16X.DLL
C:\WINDOWS\SYSTEM32\LOGON16X.DLL
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\logon16x
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MMLOGON
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MMLOGON#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MMLOGON\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MMLOGON\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MMLOGON\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MMLOGON\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MMLOGON\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MMLOGON\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MMLOGON\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MMLOGON\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MMLOGON\0000#Driver
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MMLOGON\0000\LogConf
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MMLOGON\0000\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MMLOGON\0000\Control#ActiveService
HKLM\SYSTEM\CurrentControlSet\Services\mmlogon
HKLM\SYSTEM\CurrentControlSet\Services\mmlogon#Type
HKLM\SYSTEM\CurrentControlSet\Services\mmlogon#Start
HKLM\SYSTEM\CurrentControlSet\Services\mmlogon#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\mmlogon#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\mmlogon#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\mmlogon\Security
HKLM\SYSTEM\CurrentControlSet\Services\mmlogon\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\mmlogon\Enum
HKLM\SYSTEM\CurrentControlSet\Services\mmlogon\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\mmlogon\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\mmlogon\Enum#NextInstance
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\logon16x
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\logon16x#DllName
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\logon16x#Startup
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\logon16x#Impersonate
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\logon16x#Asynchronous
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\logon16x#MaxWait
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\logon16x#nkbk4

Dialer.SEXY_HOT
C:\PROGRAM FILES\SYM\DIALERS\SEXY_HOT\SEXY_HOT.EXE
C:\PROGRAM FILES\SYM\DIALERS\SEXY_HOT\SEXY_HOT.EXE
[Sexy_Hot] C:\PROGRAM FILES\SYM\DIALERS\SEXY_HOT\SEXY_HOT.EXE

Trojan.Downloader-Gen
C:\WINDOWS\SYSTEM32\WZDMG.EXE
C:\WINDOWS\SYSTEM32\WZDMG.EXE
[wzdmg] C:\WINDOWS\SYSTEM32\WZDMG.EXE

Trojan.32 Bit System Bus Driver
HKLM\System\ControlSet001\Services\sysbus32
C:\WINDOWS\SYSTEM32\DRIVERS\SYSBUS32.SYS
HKLM\System\ControlSet002\Services\sysbus32
HKLM\System\CurrentControlSet\Services\sysbus32
HKLM\SYSTEM\CurrentControlSet\Services\sysbus32#Type
HKLM\SYSTEM\CurrentControlSet\Services\sysbus32#Start
HKLM\SYSTEM\CurrentControlSet\Services\sysbus32#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\sysbus32#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\sysbus32#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\sysbus32#ExtParam
HKLM\SYSTEM\CurrentControlSet\Services\sysbus32\Security
HKLM\SYSTEM\CurrentControlSet\Services\sysbus32\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\sysbus32\Enum
HKLM\SYSTEM\CurrentControlSet\Services\sysbus32\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\sysbus32\Enum#NextInstance
HKLM\SYSTEM\CurrentControlSet\Services\sysbus32\Enum#INITSTARTFAILED

Adware.Tracking Cookie
C:\Documents and Settings\Dan\Cookies\dan@optimost[1].txt
C:\Documents and Settings\Dan\Cookies\dan@adrevolver[3].txt
C:\Documents and Settings\Dan\Cookies\dan@38262[1].txt
C:\Documents and Settings\Dan\Cookies\dan@bluestreak[1].txt
C:\Documents and Settings\Dan\Cookies\dan@38290[1].txt
C:\Documents and Settings\Dan\Cookies\dan@anheuserbusch.122.2o7[1].txt
C:\Documents and Settings\Dan\Cookies\dan@network.realmedia[1].txt
C:\Documents and Settings\Dan\Cookies\dan@html[4].txt
C:\Documents and Settings\Dan\Cookies\dan@38278[1].txt
C:\Documents and Settings\Dan\Cookies\dan@winantivirus[2].txt
C:\Documents and Settings\Dan\Cookies\dan@adopt.specificclick[1].txt
C:\Documents and Settings\Dan\Cookies\dan@yadro[2].txt
C:\Documents and Settings\Dan\Cookies\dan@www.amaena[1].txt
C:\Documents and Settings\Dan\Cookies\dan@ads.expedia[1].txt
C:\Documents and Settings\Dan\Cookies\dan@publishers.clickbooth[2].txt
C:\Documents and Settings\Dan\Cookies\dan@38283[1].txt
C:\Documents and Settings\Dan\Cookies\dan@nextag[1].txt
C:\Documents and Settings\Dan\Cookies\dan@realmedia[1].txt
C:\Documents and Settings\Dan\Cookies\dan@centralmediaserver[2].txt
C:\Documents and Settings\Dan\Cookies\dan@tour.sexyboobies[2].txt
C:\Documents and Settings\Dan\Cookies\dan@microsoftwga.112.2o7[1].txt
C:\Documents and Settings\Dan\Cookies\dan@dist.belnk[2].txt
C:\Documents and Settings\Dan\Cookies\dan@lynxtrack[1].txt
C:\Documents and Settings\Dan\Cookies\dan@image.masterstats[1].txt
C:\Documents and Settings\Dan\Cookies\dan@38267[2].txt
C:\Documents and Settings\Dan\Cookies\dan@ads.glispa[2].txt
C:\Documents and Settings\Dan\Cookies\dan@icc.intellisrv[2].txt
C:\Documents and Settings\Dan\Cookies\dan@offeroptimizer[1].txt
C:\Documents and Settings\Dan\Cookies\dan@microsofteup.112.2o7[1].txt
C:\Documents and Settings\Dan\Cookies\dan@fcstats.bcentral[1].txt
C:\Documents and Settings\Dan\Cookies\dan@webpower[1].txt
C:\Documents and Settings\Dan\Cookies\dan@cpvfeed[2].txt
C:\Documents and Settings\Dan\Cookies\dan@tcompany.122.2o7[1].txt
C:\Documents and Settings\Dan\Cookies\dan@www.winantivirus[1].txt
C:\Documents and Settings\Dan\Cookies\dan@tradedoubler[1].txt
C:\Documents and Settings\Dan\Cookies\dan@questionmarket[1].txt
C:\Documents and Settings\Dan\Cookies\dan@gallery.adultlocals[1].txt
C:\Documents and Settings\Dan\Cookies\dan@a.websponsors[2].txt
C:\Documents and Settings\Dan\Cookies\dan@47093256[1].txt
C:\Documents and Settings\Dan\Cookies\dan@tacoda[2].txt
C:\Documents and Settings\Dan\Cookies\dan@doubleclick[1].txt
C:\Documents and Settings\Dan\Cookies\dan@trafficmp[2].txt
C:\Documents and Settings\Dan\Cookies\dan@media.licenseacquisition[1].txt
C:\Documents and Settings\Dan\Cookies\dan@tribalfusion[2].txt
C:\Documents and Settings\Dan\Cookies\dan@join_paycom_sb[1].txt
C:\Documents and Settings\Dan\Cookies\dan@atdmt[2].txt
C:\Documents and Settings\Dan\Cookies\dan@vtv.adultcontent.co[1].txt
C:\Documents and Settings\Dan\Cookies\dan@ad[2].txt
C:\Documents and Settings\Dan\Cookies\dan@13033152[1].txt
C:\Documents and Settings\Dan\Cookies\dan@atwola[1].txt
C:\Documents and Settings\Dan\Cookies\dan@advertising[1].txt
C:\Documents and Settings\Dan\Cookies\dan@data4.perf.overture[1].txt
C:\Documents and Settings\Dan\Cookies\dan@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Dan\Cookies\dan@www.hotxxxtv[2].txt
C:\Documents and Settings\Dan\Cookies\dan@superstats[1].txt
C:\Documents and Settings\Dan\Cookies\dan@azjmp[2].txt
C:\Documents and Settings\Dan\Cookies\dan@38271[1].txt
C:\Documents and Settings\Dan\Cookies\dan@revenue[2].txt
C:\Documents and Settings\Dan\Cookies\dan@ad.yieldmanager[1].txt
C:\Documents and Settings\Dan\Cookies\dan@fastclick[2].txt
C:\Documents and Settings\Dan\Cookies\dan@ar.atwola[2].txt
C:\Documents and Settings\Dan\Cookies\dan@adrevolver[1].txt
C:\Documents and Settings\Dan\Cookies\dan@enhance[1].txt
C:\Documents and Settings\Dan\Cookies\dan@casalemedia[2].txt
C:\Documents and Settings\Dan\Cookies\dan@edge.ru4[2].txt
C:\Documents and Settings\Dan\Cookies\dan@msnportal.112.2o7[1].txt
C:\Documents and Settings\Dan\Cookies\dan@belnk[1].txt
C:\Documents and Settings\Dan\Cookies\dan@overture[2].txt
C:\Documents and Settings\Dan\Cookies\dan@adknowledge[2].txt
C:\Documents and Settings\Dan\Cookies\dan@ads.pointroll[2].txt
C:\Documents and Settings\Dan\Cookies\dan@cts.metricsdirect[2].txt
C:\Documents and Settings\Dan\Cookies\dan@mediaplex[1].txt
C:\Documents and Settings\Dan\Cookies\dan@38279[1].txt

Adware.180solutions/Search Assistant
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll#.Owner
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll#{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll [  ]
C:\PROGRAM FILES\MICROSOFT ANTISPYWARE\QUARANTINE\2B5CEFBD-542D-4EA6-88AA-454EFC\09DA9E97-974B-4A81-9A35-82BC55
C:\PROGRAM FILES\MICROSOFT ANTISPYWARE\QUARANTINE\2B5CEFBD-542D-4EA6-88AA-454EFC\1CEB583E-88C5-44C1-8479-0D5ACF
C:\PROGRAM FILES\MICROSOFT ANTISPYWARE\QUARANTINE\2B5CEFBD-542D-4EA6-88AA-454EFC\96ED8BBD-F21A-44DE-9C0A-59331D
C:\PROGRAM FILES\MICROSOFT ANTISPYWARE\QUARANTINE\5F1B8A22-9B8E-4544-8C45-FE3C01\0F5BDA9B-C503-43B7-8EAC-78A4B7
C:\PROGRAM FILES\MICROSOFT ANTISPYWARE\QUARANTINE\9B265074-4EF7-4ACD-BF2C-010906\3D5ABC76-1B70-415E-B38F-03619B
C:\PROGRAM FILES\MICROSOFT ANTISPYWARE\QUARANTINE\9B265074-4EF7-4ACD-BF2C-010906\6AD7E299-F680-404F-BE6C-668759
C:\PROGRAM FILES\MICROSOFT ANTISPYWARE\QUARANTINE\9B265074-4EF7-4ACD-BF2C-010906\C2A9B6F7-E7C2-4255-8987-1B1FC5

Trojan.BankSteal-Gen
HKCR\ib2.CBrowserHelper
HKCR\ib2.CBrowserHelper\Clsid

Adware.Zango Toolbar/Hb
HKCR\ZbSrv.ZbCoreServices
HKCR\ZbSrv.ZbCoreServices\CLSID
HKCR\ZbSrv.ZbCoreServices\CurVer
HKCR\ZbSrv.ZbCoreServices.1
HKCR\ZbSrv.ZbCoreServices.1\CLSID
C:\Program Files\ZangoToolbar\Bin\4.8.2.0\dBenderC.dll
C:\Program Files\ZangoToolbar\Bin\4.8.2.0\ZbAds.dll
C:\Program Files\ZangoToolbar\Bin\4.8.2.0\ZbCoreSrv.dll
C:\Program Files\ZangoToolbar\Bin\4.8.2.0\ZbHostIE.dll
C:\Program Files\ZangoToolbar\Bin\4.8.2.0\ZbSrv.exe
C:\Program Files\ZangoToolbar\Bin\4.8.2.0\ZbToolbar.dll
C:\Program Files\ZangoToolbar\Bin\4.8.2.0
C:\Program Files\ZangoToolbar\Bin\ZbUninst.exe
C:\Program Files\ZangoToolbar\Bin
C:\Program Files\ZangoToolbar
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\IESkins
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoOI\dynamic
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoOI\static
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoOI
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoOL\dynamic
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoOL\static
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoOL
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1.sdf
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1043399.sdf
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1299521.sdf
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2208948.sdf
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\221540.sdf
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\2883915.sdf
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\625696.sdf
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\890068.sdf
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\ASPL1.dat
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\domains.txt
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\hstat
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\10807
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\12776
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\17409
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\19289
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\25043
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\26664
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\27503
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\34237
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\35000
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\35047
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\36598
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\37602
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\44228
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\5508
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\59844
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\64402
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\64451
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\64517
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\66493
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\66836
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\69019
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\78592
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\79329
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\80193
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\82292
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\85062
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\85547
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\89462
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\90163
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\90358
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\95200
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\98224
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\99008
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\99163
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\ustat\348c.dat
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\ustat
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\btntrans.idx
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\btntrans1.dat
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\buttondir.txt
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\components.cdf
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\default.cdf
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_511745-514279.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_bidzC_ZT_IE-ca.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_bidzC_ZT_IE-us.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_categorize.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_comparison.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_explorer-people.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_favorites.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_Games.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_Hide.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_Hotmail.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_hsskin.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_jemster.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_jemsterie.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_jemsteruk.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_jobsearch.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_Mails.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_MobileSidewalk.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_new.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_premium.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_reun.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_ringtones.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_searchfor.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_searchgo.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_weather.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_yellowpages.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_other.res
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\email-t1-bg.res
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\icons2.res
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\keywords.idx
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\keywords1.dat
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\layout.cdf
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\linkpathlegal.txt
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\progress.res
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\sales_buttons.res
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\s_icons_buttons.res
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\t2_bg.res
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\theweb.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\top7.cdf
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Top7_theweb.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\tsd_bg.res
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\zango.res
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\btntrans.idx
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\btntrans1.dat
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\buttondir.txt
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\components.cdf
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\default.cdf
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_511745-514279.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_bidzC_ZT_IE-ca.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_bidzC_ZT_IE-us.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_categorize.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_comparison.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_explorer-Mails.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_explorer-people.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_favorites.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_Games.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_Hide.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_hotbarcom.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_Hotmail.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_hsskin.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_jemster.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_jemsterie.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_jemsteruk.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_jobsearch.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_Mails.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_MobileSidewalk.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_new.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_premium.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_reun.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_ringtones.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_searchfor.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_searchgo.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_weather.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_yellowpages.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\d_icons_buttons_1000.res
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\d_icons_buttons_2000.res
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\d_icons_buttons_3000.res
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\d_icons_buttons_bar.res
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\d_icons_buttons_bbar1.res
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\d_icons_buttons_logos.res
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\d_icons_buttons_other.res
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\email-def-511724-548964.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\email-def-511724-9595.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\email-t1-bg.res
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\icons2.res
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\keywords.idx
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\keywords1.dat
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\layout.cdf
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\linkpathlegal.txt
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\progress.res
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\sales_buttons.res
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\s_icons_buttons.res
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\t2_bg.res
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\theweb.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\top7.cdf
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Top7_theweb.mnu
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\tsd_bg.res
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\zango.res
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\BtnTrans.xip
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\BtnTrans1.xip
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\buttondir.xip
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\default.xip
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\icons2.xip
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\keywords.xip
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\keywords1.xip
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\layout.xip
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\progress.xip
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\t2_bg.xip
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\top7.xip
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\zango.xip
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0\ZangoToolbar
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\v3.0
C:\Documents and Settings\Dan\Application Data\ZangoToolbar\zbar.log
C:\Documents and Settings\Dan\Application Data\ZangoToolbar

Adware.Media Gateway
C:\PROGRAM FILES\MICROSOFT ANTISPYWARE\QUARANTINE\4107B17D-BE9D-42E7-8C1D-27355B\EBC858D2-6857-4730-9F68-F83E0C
C:\PROGRAM FILES\MICROSOFT ANTISPYWARE\QUARANTINE\C13B61B1-5802-4154-9D8F-E25E8B\A664FA3D-4591-449B-BBDB-AEC036


Logfile of HijackThis v1.99.1
Scan saved at 2:36:16 PM, on 12/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\ALCWZRD.EXE
D:\Program Files\PowerISO\SCDEmuApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\iTunesHelper.exe
D:\Program Files\AIM\aim.exe
c:\program files\common files\system\dfb50a14.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\SUPERAntiSpyware.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dan\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 201.36.154.35:6588:6588
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SCDEmuApp.exe] d:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] d:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [mplay64] c:\program files\common files\system\dfb50a14.exe /noerrorinfo
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunesHelper.exe"
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://www.yahoo.com/diskless/bin/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1104025560304
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1140549225843
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca12.custhelp.com/7530-b327h/rnl/java/RntX.cab
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Desktop Utilities Service (iHCService) - Unknown owner - D:\Program Files\IDUServ.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

#4 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:41 PM

Posted 05 December 2006 - 05:49 PM

OK, do one more scan for me. Download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Post the results of the AVG Anti-Spyware report scan together with a new HijackThis log.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#5 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:41 PM

Posted 09 December 2006 - 03:51 AM

Due to inactivity this topic will be closed.

If you need this topic reopened, please email the moderating team - be sure to include the address of the thread and the name you posted under.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users