CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

Donation/Premium
spacer
Donations. Become Premium Today! Premium Icon
block bottom
Security Central
spacer
· Home
· PIRT/Fried Phish
· MIRT
· SIRT
· Deutsch
· Wiki
· Newsletter
· O16/ActiveX
· CLSID List
· Contest2007
· Downloads
· Feedback (send)
· Forums
· HijackThis
· Hijacktrend
· LSPs
· My Downloads
· O18
· O20
· O21
· O22
· O23
· O9
· Premium
· Private Messages
· Proxomitron
· Reviews
· Search
· StartupList
· Stories Archive
· Submit News
· WsIRT
· Your Account
· Acceptable Use Policy
block bottom
spacer spacer
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin   Your Favorite ForumsSelect FavForums 

[IN PROGRESS]In need of URGENT help!
Goto page Previous  1, 2, 3  Next
 
Post new topic   Reply to topic       All -> FavForums -> Trend Micro HijackThis Logs [del.icio.us!] [digg it!] [reddit!]
View previous topic :: View next topic  
Author Message
sjpritch25

1st Responder
Premium Member

Joined: Mar 31, 2005
Posts: 5163
Location: West Coast of Florida, USA
1st Responder Mentors 1st Responders MVP Premium Rootkit Responders

PostPosted: Sun May 25, 2008 10:21 am    Post subject:
Reply with quote

Welcome to Castlecops!!!! Hello


Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Download SDFix and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(this is the drive that contains the Windows Directory, typically C:\SDFix). DO NOT use it just yet.

Reboot your computer in SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.

  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Finally copy and paste the contents of the results file Report.txt in your next reply




================================


Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


_________________
Microsoft Valuable Professional--Consumer Security 2007-2009 image
image
http://geekfox26.blogspot.com/
Back to top
View users profile Send private message Visit posters website
PCBruiser

SRT Team Lead
SRT Team Lead
Forums Admin

Joined: May 11, 2005
Posts: 11723

1st Responder Mentors 1st Responders Forums Admin MIRT Moderators Premium Rootkit Experts Security Experts SRT Team CC Committee

PostPosted: Sun May 25, 2008 4:24 pm    Post subject:
Reply with quote

Hi, Beastolizer,

I have reset your password to a temporary one and sent an email to you with the temporary password. The email was sent to the email address you registered here with. Please let me know if you have any problems.

Once you log into your account successfully, please change the temporary password to one of your choice. Then post here while logged in and one of the Moderators will move this topic to the HJT forum.

Regards,
PCB


_________________
Don't read? Can't learn!
Back to top
View users profile Send private message
Beastolizer

Guest
IP: 67.161.*.*
PostPosted: Mon May 26, 2008 10:59 pm    Post subject:
Reply with quote

PCB, I was able to successfully login with the new password but as soon as I click on anything else on the site, it logs me out. I don't think I will be able to login as long as my computer is down.


Anyway, here is my report from the SDFix:

SDFix: Version 1.119

Run by peter engquist on Sun 05/25/2008 at 07:47 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
cmdService
Network Monitor

Path:
C:\WINDOWS\d2VuZHkgZW5ncXVpc3Q\command.exe
C:\Program Files\Network Monitor\netmon.exe service

cmdService - Deleted
Network Monitor - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\d2VuZHkgZW5ncXVpc3Q\asappsrv.dll - Deleted
C:\WINDOWS\d2VuZHkgZW5ncXVpc3Q\command.exe - Deleted
C:\WINDOWS\d2VuZHkgZW5ncXVpc3Q\xZpRtJ40tqcBwrpDwak.vbs - Deleted
C:\WINDOWS\SYSTEM32\AOOHEUPH.EXE - Deleted
C:\WINDOWS\SYSTEM32\EIMXLALX.EXE - Deleted
C:\WINDOWS\SYSTEM32\GTVEWAPN.EXE - Deleted
C:\WINDOWS\SYSTEM32\JRQRCOWW.EXE - Deleted
C:\WINDOWS\SYSTEM32\MAACLJKC.EXE - Deleted
C:\WINDOWS\SYSTEM32\OECIEGJE.EXE - Deleted
C:\WINDOWS\SYSTEM32\XIUAIRUJ.EXE - Deleted
C:\WINDOWS\SYSTEM32\BXQTFLHD.DLL - Deleted
C:\WINDOWS\SYSTEM32\GEXXLQTS.DLL - Deleted
C:\WINDOWS\SYSTEM32\HRVDUHTP.DLL - Deleted
C:\WINDOWS\SYSTEM32\JIHTJVIR.DLL - Deleted
C:\WINDOWS\SYSTEM32\LDJMDIOX.DLL - Deleted
C:\WINDOWS\SYSTEM32\LLFXTIWR.DLL - Deleted
C:\WINDOWS\SYSTEM32\LXFPJMQP.DLL - Deleted
C:\WINDOWS\SYSTEM32\MCLKNNTQ.DLL - Deleted
C:\WINDOWS\SYSTEM32\MTFTDIUJ.DLL - Deleted
C:\WINDOWS\SYSTEM32\NKYNDLCQ.DLL - Deleted
C:\WINDOWS\SYSTEM32\QOMFCDWX.DLL - Deleted
C:\WINDOWS\SYSTEM32\RXOAXQUK.DLL - Deleted
C:\WINDOWS\SYSTEM32\VTKCBRCB.DLL - Deleted
C:\WINDOWS\SYSTEM32\XXYXWOII.DLL - Deleted
C:\HIJACK~1.EXE - Deleted
C:\Temp\1cb\syscheck.log - Deleted
C:\Program Files\InetGet2\sacatapo821058.exe - Deleted
C:\Program Files\Network Monitor\netmon.exe - Deleted
C:\DOCUME~1\PETERE~1\LOCALS~1\Temp\cmdinst.exe - Deleted
C:\WINDOWS\17PHolmes1188.exe - Deleted
C:\WINDOWS\b149.exe - Deleted
C:\WINDOWS\Fonts\Setup.exe - Deleted
C:\WINDOWS\Fonts\svchost.exe - Deleted
C:\WINDOWS\mrofinu1000106.exe - Deleted
C:\WINDOWS\mrofinu1188.exe - Deleted
C:\WINDOWS\system32\atmtd.dll - Deleted
C:\WINDOWS\system32\atmtd.dll._ - Deleted
C:\WINDOWS\system32\msnav32.ax - Deleted
C:\WINDOWS\system32\pac.txt - Deleted
C:\WINDOWS\system32\zxdnt3d.cfg - Deleted
C:\WINDOWS\uninstall_nmon.vbs - Deleted
C:\WINDOWS\Fonts\*.zip - 1 File(s) 113,234 bytes - Deleted
C:\WINDOWS\Fonts\'\*.zip - 17314 File(s) 1,017,982,650 bytes - Deleted


Could Not Remove C:\WINDOWS\system32\drivers\core.cache.dsk

Folder C:\Program Files\InetGet2 - Removed
Folder C:\Program Files\Network Monitor - Removed
Folder C:\Temp\1cb - Removed
Folder C:\WINDOWS\Fonts\' - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-25 20:17:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HPFECP20]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HPFECP20\0000]
"BaseDevicePath"="HTREE\ROOT\0"
"Class"="Unknown"
"ClassGUID"="{4D36E97E-E325-11CE-BFC1-08002BE10318}"
"DeviceDesc"="Parallel Device"
"FoundAtEnum"=dword:00000001
"Problem"=dword:00000000
"Service"="HPFECP20"
"StatusFlags"=dword:00000008
"Capabilities"=dword:00000000
"ConfigFlags"=dword:00000040
"Driver"="{4D36E97E-E325-11CE-BFC1-08002BE10318}\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HPFECP20\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0050f2e189da]
"0050f2e402ef"=hex:03,f2,1e,13,2b,5a,75,82,4b,21,ee,de,fa,6b,ae,77
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch]
"Epoch"=dword:0000a98f
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Lsa]
"LsaPid"=dword:000002f4
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Watchdog\Display]
"ShutdownCount"=dword:000005a9
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000]
"Service"="cmdService"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="Command Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_HPFECP20]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_HPFECP20\0000]
"BaseDevicePath"="HTREE\ROOT\0"
"Class"="Unknown"
"ClassGUID"="{4D36E97E-E325-11CE-BFC1-08002BE10318}"
"DeviceDesc"="Parallel Device"
"FoundAtEnum"=dword:00000001
"Problem"=dword:00000000
"Service"="HPFECP20"
"StatusFlags"=dword:00000008
"Capabilities"=dword:00000000
"ConfigFlags"=dword:00000040
"Driver"="{4D36E97E-E325-11CE-BFC1-08002BE10318}\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_HPFECP20\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000]
"Service"="Network Monitor"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="Network Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0050f2e189da]
"0050f2e402ef"=hex:03,f2,1e,13,2b,5a,75,82,4b,21,ee,de,fa,6b,ae,77
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService]
"Type"=dword:00000110
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"C:\WINDOWS\d2VuZHkgZW5ncXVpc3Q\command.exe"
"DisplayName"="Command Service"
"ObjectName"="LocalSystem"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\ESENT]
"EventMessageFile"=str(2):"C:\WINDOWS\system32\ESENT.dll"
"CategoryMessageFile"=str(2):"C:\WINDOWS\system32\ESENT.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mchInjDrv]
"Type"=dword:00000001
"ErrorControl"=dword:00000000
"Start"=dword:00000004
"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
"DeleteFlag"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Network Monitor]
"Type"=dword:00000010
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=str(2):"C:\Program Files\Network Monitor\netmon.exe service"
"DisplayName"="Network Monitor"
"ObjectName"="LocalSystem"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Network Monitor\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Epoch]
"Epoch"=dword:0000a97c
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{D0EA2E1D-7A1A-428A-A0E0-D3CA22808842}]
"LeaseObtainedTime"=dword:4838b7e2
"T1"=dword:483960a2
"T2"=dword:4839df32
"LeaseTerminatesTime"=dword:483a0962
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{D0EA2E1D-7A1A-428A-A0E0-D3CA22808842}\Parameters\Tcpip]
"LeaseObtainedTime"=dword:4838b7e2
"T1"=dword:483960a2
"T2"=dword:4839df32
"LeaseTerminatesTime"=dword:483a0962

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\XP\23]
"DisplayName"="\x3e98\23\x40d0\23"
"DeviceDesc"="\x3e98\23\x40d0\23"
"ProviderName"=""
"MFG"="\x435c\x616c\x7373\"
"ReinstallString"="C:\WINDOWS\System32\ReinstallBackups\\x5058\23\DriverFiles\.INF"
"DeviceInstanceIds"=str(7):"er\xp_inf\cx_08174.inf"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"D:\\download\\Music download\\Morpheus\\LimeWire\\LimeWire.exe"="D:\\download\\Music download\\Morpheus\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"D:\\iTunes\\iTunes.exe"="D:\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"D:\\Morpheus File\\Morpheus\\Morpheus.exe"="D:\\Morpheus File\\Morpheus\\Morpheus.exe:*:Enabled:Morpheus"
"D:\\Downloads\\Office12\\ONENOTE.EXE"="D:\\Downloads\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\\download\\Music download\\LimeWire\\LimeWire.exe"="D:\\download\\Music download\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\!KillBox\\tgcmd.exe"="C:\\!KillBox\\tgcmd.exe:*:Enabled:tgcmd Module"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------
C:\WINDOWS\system32\drivers\core.cache.dsk Found

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Tue 20 May 2008 86,016 ..SH. --- "C:\Documents and Settings\peter engquist\lsass.exe"
Tue 20 May 2008 86,016 ..SH. --- "C:\Documents and Settings\wendy engquist\lsass.exe"
Sun 2 Nov 2003 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 2 Nov 2003 401 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv12.bak"
Sat 15 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 25 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT9.tmp"
Tue 25 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT6.tmp"
Tue 25 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BITD.tmp"
Tue 25 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5109d0f8b0dee9fab84906813\BITC.tmp"
Tue 25 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BITF.tmp"
Tue 25 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa6c916bb150f8a929e7a4ffdfbc120f\BIT8.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BIT2.tmp"
Sun 2 Nov 2003 4,348 A..H. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv1key.bak"
Fri 26 Jan 2007 401 A..H. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv1lic.bak"
Fri 18 Aug 2006 488 A.SH. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak"
Sun 2 Nov 2003 4,348 ...H. --- "C:\Documents and Settings\wendy engquist\Application Data\Real\Rhapsody\wmlicbackup\drmv1key.bak"
Fri 24 Mar 2006 401 A..H. --- "C:\Documents and Settings\wendy engquist\Application Data\Real\Rhapsody\wmlicbackup\drmv1lic.bak"
Fri 17 Dec 2004 400 ...H. --- "C:\Documents and Settings\wendy engquist\Application Data\Real\Rhapsody\wmlicbackup\drmv2key.bak"
Fri 24 Mar 2006 14,848 A..H. --- "C:\Documents and Settings\wendy engquist\Application Data\Real\Rhapsody\wmlicbackup\drmv2lic.bak"
Wed 13 Aug 2003 0 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"

Finished!
Back to top
sjpritch25

1st Responder
Premium Member

Joined: Mar 31, 2005
Posts: 5163
Location: West Coast of Florida, USA
1st Responder Mentors 1st Responders MVP Premium Rootkit Responders

PostPosted: Tue May 27, 2008 12:04 am    Post subject:
Reply with quote

You need to follow the rest of my instructions please!!! Smile

Thanks.

This is going to take quite a few step to get clean. Please be patient.


_________________
Microsoft Valuable Professional--Consumer Security 2007-2009 image
image
http://geekfox26.blogspot.com/
Back to top
View users profile Send private message Visit posters website
PCBruiser

SRT Team Lead
SRT Team Lead
Forums Admin

Joined: May 11, 2005
Posts: 11723

1st Responder Mentors 1st Responders Forums Admin MIRT Moderators Premium Rootkit Experts Security Experts SRT Team CC Committee

PostPosted: Tue May 27, 2008 1:07 am    Post subject:
Reply with quote

I will leave this topic here until you are able to log in and stay logged in.

@sjpritch25: let either MR2 or me know when this topic can be moved and we'll take care of it for you.


_________________
Don't read? Can't learn!
Back to top
View users profile Send private message
sjpritch25

1st Responder
Premium Member

Joined: Mar 31, 2005
Posts: 5163
Location: West Coast of Florida, USA
1st Responder Mentors 1st Responders MVP Premium Rootkit Responders

PostPosted: Tue May 27, 2008 1:38 am    Post subject:
Reply with quote

PCB, i guess once he can stay logged on. That would be the time to move it.


_________________
Microsoft Valuable Professional--Consumer Security 2007-2009 image
image
http://geekfox26.blogspot.com/
Back to top
View users profile Send private message Visit posters website
Beastolizer

Guest
IP: 67.161.*.*
PostPosted: Tue May 27, 2008 4:06 am    Post subject:
Reply with quote

Ok I', sorry, I didn't know if those other parts were steps or not. I will get on that right now. And I will let you know once I can stay logged in.
Back to top
Beastoliz

Guest
IP: 67.161.*.*
PostPosted: Tue May 27, 2008 10:36 pm    Post subject:
Reply with quote

Sorry it took me a while, here is my Combofix report:

ComboFix 08-05-26.2 - peter engquist 2008-05-26 21:20:52.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.648 [GMT -7:00]
Running from: C:\Documents and Settings\peter engquist\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\Documents and Settings\All Users\Application Data\Rabio
C:\Documents and Settings\All Users\Application Data\ZangoSA
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA.dat
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA_kyf.dat
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAau.dat
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\peter engquist\Application Data\Adssite Advanced Toolbar
C:\Documents and Settings\peter engquist\Application Data\Adssite Advanced Toolbar\advertbuttons.xml
C:\Documents and Settings\peter engquist\Application Data\Adssite Advanced Toolbar\selected.xml
C:\Documents and Settings\peter engquist\Application Data\Zango
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\dynamic\1.sdf
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\dynamic\1556859.sdf
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\dynamic\3695962.sdf
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\dynamic\770824.sdf
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\dynamic\777882.sdf
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\dynamic\domains.txt
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\13738
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\21069
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26664
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\27505
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\29115
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\31391
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\31409
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\36079
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\43395
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44228
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44323
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44458
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\57878
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\60429
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64424
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\70463
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\7887
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\7894
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79805
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\82278
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\83743
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\85062
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\85064
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\89075
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93899
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\94789
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\98351
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\dynamic\ustat\357d.dat
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\btntrans.idx
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\btntrans1.dat
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\buttondir.txt
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\components.cdf
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\cursors.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_other.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\d_icons_weather.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\default.cdf
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\Default_511745-514279.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-ca.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-us.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\Default_categorize.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\Default_comparison.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-people.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\Default_favorites.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\Default_Games.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\Default_Hide.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\Default_Hotmail.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\Default_hsskin.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\Default_jemster.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\Default_jemsterie.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\Default_jemsteruk.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\Default_jobsearch.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\Default_Mails.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\Default_MobileSidewalk.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\Default_new.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\Default_premium.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\Default_reun.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\Default_ringtones.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\Default_searchfor.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\Default_searchgo.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\Default_weather.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\Default_yellowpages.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\email-t1-bg.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\icons2.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\ie_games_icon.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\ie_video.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\keywords.idx
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\keywords1.dat
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\layout.cdf
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\linkpathlegal.txt
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\progress.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\s_icons_buttons.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\sales_buttons.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\t2_bg.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\theweb.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\top7.cdf
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\Top7_theweb.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\tsd_bg.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\zango.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\zango_ie_menu.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\1\zango1.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\btntrans.idx
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\btntrans1.dat
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\buttondir.txt
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\components.cdf
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\cursors.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_1000.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_2000.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_3000.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_bar.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_bbar1.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_logos.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_other.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\d_icons_weather.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\default.cdf
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\Default_511745-514279.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-ca.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-us.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\Default_categorize.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\Default_comparison.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-Mails.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-people.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\Default_favorites.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\Default_Games.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\Default_Hide.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\Default_hotbarcom.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\Default_Hotmail.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\Default_hsskin.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\Default_jemster.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\Default_jemsterie.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\Default_jemsteruk.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\Default_jobsearch.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\Default_Mails.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\Default_MobileSidewalk.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\Default_new.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\Default_premium.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\Default_reun.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\Default_ringtones.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\Default_searchfor.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\Default_searchgo.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\Default_weather.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\Default_yellowpages.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\email-def-511724-548964.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\email-def-511724-9595.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\email-t1-bg.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\icons2.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\ie_games_icon.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\ie_video.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\keywords1.dat
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\layout.cdf
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\linkpathlegal.txt
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\progress.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\s_icons_buttons.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\sales_buttons.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\t2_bg.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\theweb.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\top7.cdf
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\Top7_theweb.mnu
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\tsd_bg.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\zango.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\zango_ie_menu.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\2\zango1.res
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans.xip
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans1.xip
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\buttondir.xip
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.xip
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\default.xip
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\icons2.xip
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.xip
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.xip
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.xip
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords1.xip
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.xip
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\top7.xip
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\zango.xip
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_ie_menu.xip
C:\Documents and Settings\peter engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\zango1.xip
C:\Documents and Settings\wendy engquist\Application Data\Zango
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\dynamic\1.sdf
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\dynamic\1383602.sdf
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\dynamic\144984.sdf
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\dynamic\domains.txt
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\13939
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\246310
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\29642
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\54189
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\60495
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\61779
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\68040
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\78228
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\78237
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\81551
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\90358
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\91224
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93899
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95610
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95615
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\dynamic\ustat\357e.dat
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\btntrans.idx
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\btntrans1.dat
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\buttondir.txt
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\components.cdf
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\cursors.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_other.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\d_icons_weather.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\default.cdf
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\Default_511745-514279.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-ca.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-us.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\Default_categorize.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\Default_comparison.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-people.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\Default_favorites.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\Default_Games.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\Default_Hide.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\Default_Hotmail.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\Default_hsskin.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\Default_jemster.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\Default_jemsterie.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\Default_jemsteruk.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\Default_jobsearch.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\Default_Mails.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\Default_MobileSidewalk.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\Default_new.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\Default_premium.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\Default_reun.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\Default_ringtones.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\Default_searchfor.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\Default_searchgo.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\Default_weather.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\Default_yellowpages.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\email-t1-bg.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\icons2.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\ie_games_icon.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\ie_video.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\keywords.idx
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\keywords1.dat
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\layout.cdf
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\linkpathlegal.txt
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\progress.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\s_icons_buttons.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\sales_buttons.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\t2_bg.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\theweb.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\top7.cdf
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\Top7_theweb.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\tsd_bg.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\zango.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\zango_ie_menu.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\1\zango1.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\btntrans.idx
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\btntrans1.dat
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\buttondir.txt
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\components.cdf
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\cursors.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_1000.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_2000.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_3000.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_bar.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_bbar1.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_logos.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_other.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\d_icons_weather.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\default.cdf
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\Default_511745-514279.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-ca.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-us.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\Default_categorize.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\Default_comparison.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-Mails.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-people.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\Default_favorites.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\Default_Games.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\Default_Hide.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\Default_hotbarcom.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\Default_Hotmail.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\Default_hsskin.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\Default_jemster.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\Default_jemsterie.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\Default_jemsteruk.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\Default_jobsearch.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\Default_Mails.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\Default_MobileSidewalk.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\Default_new.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\Default_premium.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\Default_reun.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\Default_ringtones.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\Default_searchfor.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\Default_searchgo.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\Default_weather.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\Default_yellowpages.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\email-def-511724-548964.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\email-def-511724-9595.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\email-t1-bg.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\icons2.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\ie_games_icon.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\ie_video.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\keywords.idx
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\keywords1.dat
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\layout.cdf
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\linkpathlegal.txt
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\progress.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\s_icons_buttons.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\sales_buttons.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\t2_bg.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\theweb.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\top7.cdf
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\Top7_theweb.mnu
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\tsd_bg.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\zango.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\zango_ie_menu.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\2\zango1.res
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans.xip
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans1.xip
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\buttondir.xip
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.xip
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\default.xip
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\icons2.xip
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.xip
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.xip
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.xip
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords1.xip
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.xip
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\top7.xip
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\zango.xip
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_ie_menu.xip
C:\Documents and Settings\wendy engquist\Application Data\Zango\v3.0\Zango\static\DownLoad\zango1.xip
C:\Program Files\dbar
C:\Program Files\dbar\basis.xml
C:\Program Files\dbar\channel.tmpl
C:\Program Files\dbar\content.tmpl
C:\Program Files\dbar\dbaruninst.exe
C:\Program Files\dbar\deskbar.crc
C:\Program Files\dbar\deskbar.dll
C:\Program Files\dbar\deskbar.inf
C:\Program Files\dbar\edit_rss.tmpl
C:\Program Files\dbar\local.xml
C:\Program Files\dbar\nav1.bmp
C:\Program Files\dbar\nav2.bmp
C:\Program Files\dbar\new_alert.tmpl
C:\Program Files\dbar\version.ini
C:\Program Files\dbar\version.txt
C:\Program Files\winvi
C:\Program Files\winvi\dsktp\AC_RunActiveContent.js
C:\Program Files\winvi\dsktp\desktop.html
C:\Program Files\winvi\dsktp\internetDetection.swf
C:\Program Files\winvi\dsktp\settings.sol
C:\Program Files\winvi\icons\bufferthis.ico
C:\Program Files\winvi\icons\flashfunpages.ico
C:\Program Files\winvi\icons\funnies.ico
C:\Program Files\winvi\icons\funnyfunpages.ico
C:\Program Files\winvi\icons\goodcleanvideos.ico
C:\Program Files\winvi\icons\newfunpages.ico
C:\Program Files\winvi\icons\positivethoughts.ico
C:\Program Files\winvi\icons\removespyware.ico
C:\Program Files\winvi\icons\thissiterocks.ico
C:\Program Files\winvi\temp\version.ini
C:\Program Files\winvi\Uninst.exe
C:\Program Files\winvi\update.exe
C:\Program Files\winvi\version.ini
C:\Program Files\winvi\wupda.exe
C:\Program Files\XP Antivirus
C:\temp\tn3
C:\WINDOWS\BMf3075b31.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\{465195dd-7b2d-fa76-ffe9-ebfaaaeb17a3}.dll
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\system32\bbc5
C:\WINDOWS\system32\bbc5\gstdrvr8.exe
C:\WINDOWS\system32\bxxlteqq.dll
C:\WINDOWS\system32\cfccoidt.dll
C:\WINDOWS\system32\ddcDsrrQ.dll
C:\WINDOWS\system32\ddfsqqfj.dll
C:\WINDOWS\system32\dfwegfqj.dll
C:\WINDOWS\system32\doc4
C:\WINDOWS\system32\drivers\ALABULKK.sys
C:\WINDOWS\system32\dsntvjtl.ini
C:\WINDOWS\system32\dsntvjtl.ini2
C:\WINDOWS\system32\gtbjtcok.dll
C:\WINDOWS\system32\hblurkjp.dll
C:\WINDOWS\system32\hywhldbe.exe
C:\WINDOWS\system32\ieosftvo.exe
C:\WINDOWS\system32\jlkQWyay.ini
C:\WINDOWS\system32\jlkQWyay.ini2
C:\WINDOWS\system32\kqwhfkts.exe
C:\WINDOWS\system32\kuxjgkjs.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\nilgsbfc.exe
C:\WINDOWS\system32\njxqcqpo.exe
C:\WINDOWS\system32\nsq13.dll
C:\WINDOWS\system32\oscmdenc.exe
C:\WINDOWS\system32\rex2
C:\WINDOWS\system32\rjckelok.dll
C:\WINDOWS\system32\rjptdhxx.dll
C:\WINDOWS\system32\rwwnw64d.exe
C:\WINDOWS\system32\sqdggwig.dll
C:\WINDOWS\system32\ssqPfefc.dll
C:\WINDOWS\system32\tkdvgism.dll
C:\WINDOWS\system32\uuhbifqr.ini
C:\WINDOWS\system32\uuhbifqr.ini2
C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\uvvwa.ini2
C:\WINDOWS\system32\vknjitrt.dll
C:\WINDOWS\system32\vlt2
C:\WINDOWS\system32\vlt2\viodrivr3.exe
C:\WINDOWS\system32\xqalosqa.dll
C:\WINDOWS\system32\yssvepxy.ini
C:\WINDOWS\system32\yssvepxy.ini2
C:\WINDOWS\system32\yxbxvsxf.dll
C:\WINDOWS\system32\yxpevssy.dll
C:\WINDOWS\system32\zxdnt3d.cfg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ALABULKK
-------\Service_ALABULKK


((((((((((((((((((((((((( Files Created from 2008-04-27 to 2008-05-27 )))))))))))))))))))))))))))))))
.

2008-05-26 21:45 . 2008-05-26 21:45 109,807 --a--c--- C:\WINDOWS\BMf3075b31.xml
2008-05-26 21:44 . 2008-05-26 21:44 21 --a--c--- C:\WINDOWS\system32\zxdnt3d.cfg
2008-05-26 21:43 . 2008-05-26 21:43 294 ---hsc--- C:\WINDOWS\system32\dsntvjtl.ini
2008-05-26 21:43 . 2008-05-26 21:45 32 --a--c--- C:\WINDOWS\system32\msnav32.ax
2008-05-26 20:58 . 2008-05-26 20:58 117,760 --a--c--- C:\WINDOWS\system32\jdpnucni.dll
2008-05-26 20:51 . 2008-05-26 20:51 93,696 --a--c--- C:\WINDOWS\system32\ltjvtnsd.dll
2008-05-26 20:45 . 2008-05-26 20:45 108,544 --a--c--- C:\WINDOWS\system32\igyrfkgp.dll
2008-05-26 15:42 . 2008-05-22 15:58 0 --ahsc--- C:\WINDOWS\system32\ictfmxsw.ini
2008-05-26 15:33 . 2008-05-26 15:33 117,760 --a--c--- C:\WINDOWS\system32\ehdowivo.dll
2008-05-26 15:30 . 2008-05-26 15:30 108,544 --a--c--- C:\WINDOWS\system32\tgoreqif.dll
2008-05-25 20:15 . 2008-05-25 20:15 167,976 --a--c--- C:\WINDOWS\system32\drivers\core.cache.dsk
2008-05-25 13:30 . 2008-05-25 19:33 0 --a--c--- C:\WINDOWS\mrofinu.exe.bin
2008-05-24 17:56 . 2008-05-22 15:58 0 --ahsc--- C:\WINDOWS\system32\hnxupetw.ini
2008-05-24 13:36 . 2008-05-24 13:36 28,160 --a--c--- C:\WINDOWS\system32\ljJCtTnN.dll
2008-05-23 13:57 . 2008-05-23 13:57 28,160 --a--c--- C:\WINDOWS\system32\iifDtTjI.dll
2008-05-22 23:18 . 2008-05-22 23:19 0 --a--c--- C:\WINDOWS\b148.exe.bin
2008-05-22 15:58 . 2008-05-22 15:58 0 --ahsc--- C:\WINDOWS\system32\legkrhyc.ini
2008-05-22 15:40 . 2008-05-22 15:40 28,160 --a--c--- C:\WINDOWS\system32\byXOhFyw.dll
2008-05-22 15:33 . 2008-05-22 15:33 <DIR> d----c--- C:\WINDOWS\system32\vntiho18
2008-05-22 15:33 . 2008-05-22 15:33 <DIR> d----c--- C:\Temp\vtmp2
2008-05-22 15:33 . 2008-05-22 15:33 200,774 --a--c--- C:\WINDOWS\system32\ocntpkdn.exe
2008-05-22 15:33 . 2008-05-22 15:33 28,160 --a--c--- C:\WINDOWS\system32\awtsRhIX.dll
2008-05-21 20:20 . 2008-05-21 20:20 376,832 --a--c--- C:\WINDOWS\system32\hgGvssRk.dll
2008-05-21 20:20 . 2008-05-21 20:20 347 --ahsc--- C:\WINDOWS\system32\kRssvGgh.ini
2008-05-21 07:33 . 2008-05-21 07:33 <DIR> d----c--- C:\Documents and Settings\peter engquist\Application Data\Deskbar_{369FAA86-309D-49aa-8D03-09A3210F3162}
2008-05-21 07:22 . 2008-05-21 07:22 401,972 --a--c--- C:\WINDOWS\system32\g32.exe
2008-05-21 07:22 . 2008-05-26 15:38 63,902 --a--c--- C:\WINDOWS\system32\{465195dd-7b2d-fa76-ffe9-ebfaaaeb17a3}.dll-uninst.exe
2008-05-21 07:21 . 2008-05-20 21:17 86,016 ---hsc--- C:\Documents and Settings\wendy engquist\lsass.exe
2008-05-21 06:56 . 2008-05-21 07:21 49,175 --a--c--- C:\WINDOWS\system32\jownw64q.exe
2008-05-20 21:24 . 2008-05-21 06:57 0 --ahsc--- C:\WINDOWS\system32\htwcpakx.ini
2008-05-20 21:22 . 2008-05-20 21:22 375,296 --a--c--- C:\WINDOWS\system32\yayWQklj.dll
2008-05-20 21:18 . 2008-05-26 19:21 95,833 --a--c--- C:\WINDOWS\system32\{be24d6d6-8fdc-35f6-c21e-5fd5cbf95398}.dll-uninst.exe
2008-05-20 21:17 . 2008-05-20 21:17 <DIR> d----c--- C:\WINDOWS\system32\lX
2008-05-20 21:17 . 2008-05-20 21:17 <DIR> d----c--- C:\WINDOWS\system32\logXv18
2008-05-20 21:17 . 2008-05-20 21:17 <DIR> d----c--- C:\WINDOWS\system32\igv
2008-05-20 21:17 . 2008-05-20 21:17 <DIR> d----c--- C:\WINDOWS\system32\hI2
2008-05-20 21:17 . 2008-05-20 21:17 <DIR> d----c--- C:\WINDOWS\system32\at1
2008-05-20 21:17 . 2008-05-20 21:17 <DIR> d----c--- C:\WINDOWS\system32\1064a
2008-05-20 21:17 . 2008-05-20 21:17 <DIR> d----c--- C:\Temp\dmpxp32
2008-05-20 21:17 . 2008-05-20 21:17 298,311 --a--c--- C:\WINDOWS\system32\gside.exe
2008-05-20 21:17 . 2008-05-20 21:17 200,768 --a--c--- C:\WINDOWS\system32\ocntpkdm.exe
2008-05-20 21:17 . 2008-05-26 17:38 88,961 --a--c--- C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-05-20 21:17 . 2008-05-20 21:17 86,016 ---hsc--- C:\Documents and Settings\peter engquist\lsass.exe
2008-05-20 21:17 . 2008-05-20 21:18 861 --a--c--- C:\WINDOWS\system32\winpfz33.sys
2008-05-20 14:13 . 2008-05-20 14:13 32,768 --a--c--- C:\WINDOWS\system32\vntiho18\vntiho182328.exe
2008-05-19 06:55 . 2008-05-19 06:55 439,808 --a--c--- C:\WINDOWS\system32\{be24d6d6-8fdc-35f6-c21e-5fd5cbf95398}.dll
2008-05-10 16:35 . 2008-05-10 16:35 <DIR> d----c--- C:\Program Files\Apple Software Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-25 00:56 --------- dc----w C:\Documents and Settings\peter engquist\Application Data\LimeWire
2008-05-23 21:16 --------- dc----w C:\Program Files\Trend Micro
2008-05-23 06:47 --------- dc----w C:\Program Files\Canon
2008-05-22 22:36 --------- dc----w C:\Documents and Settings\wendy engquist\Application Data\LimeWire
2008-05-15 03:56 --------- dc----w C:\Program Files\Google
2008-05-15 00:37 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-10 23:43 --------- dc----w C:\Program Files\Microsoft Works
2008-04-26 07:56 --------- dc----w C:\Program Files\Free iPod Video Converter
2008-04-26 07:55 1,432,887 -c--a-w C:\Program Files\free-ipod-video-converter.exe
2008-04-22 04:08 7,151,050 -c--a-w C:\Program Files\Videora Ipod Converter.exe
2008-04-22 04:08 --------- dc----w C:\Program Files\Red Kawa
2008-04-06 18:17 --------- dc----w C:\Documents and Settings\wendy engquist\Application Data\AVG7
2008-04-06 18:17 --------- dc----w C:\Documents and Settings\peter engquist\Application Data\AVG7
2008-04-06 18:17 --------- dc----w C:\Documents and Settings\All Users\Application Data\avg7
.
Back to top
sjpritch25

1st Responder
Premium Member

Joined: Mar 31, 2005
Posts: 5163
Location: West Coast of Florida, USA
1st Responder Mentors 1st Responders MVP Premium Rootkit Responders

PostPosted: Wed May 28, 2008 12:20 am