Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Trojan Horse Generic 10...


  • This topic is locked This topic is locked
15 replies to this topic

#1 billy bobby

billy bobby

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 12 May 2008 - 07:56 PM

Hi everyone !

AVG free found a Trojan Horse Generic 10.LZF, .LXJ and .KUE in .dll files on my computer (Windows XP). My internet have been slower and I have difficulties to access my hotmail box.

It will be great if you can help me. Thanks a lot !



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:34:14, on 2008-05-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\la source\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [6e13df1c] rundll32.exe "C:\WINDOWS\system32\lthwuctu.dll",b
O4 - HKLM\..\Run: [BM6d20ec80] Rundll32.exe "C:\WINDOWS\system32\qnwsurtj.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\SmartShopper\Bin\2.0.20\SmrtShpr.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\SmartShopper\Bin\2.0.20\SmrtShpr.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8034 bytes

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 18 May 2008 - 06:37 PM

Posted Image

You might want to print these instructions out.

I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.


Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Also "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 billy bobby

billy bobby

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 19 May 2008 - 08:05 AM

Thanks. Here we go for both logs :

Malwarebytes' Anti-Malware 1.12
Database version: 767

Scan type: Quick Scan
Objects scanned: 34969
Time elapsed: 8 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 114
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 9
Files Infected: 35

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\efcCuRlL.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\mlJCVLFw.dll (Adware.BHO) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d3c77ec4-80c3-450a-bbda-d5bcb216e080} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{d3c77ec4-80c3-450a-bbda-d5bcb216e080} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Adware.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Adware.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljcvlfw (Adware.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0004ec-5df0-48c7-a8f0-fbb0488a3d94} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{00b77587-be1b-4201-b8e9-09fcf50ab771} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{067c6a37-72ea-4437-863a-5be20c246f3c} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{34e29700-0d13-46aa-b9a5-ace68e21a091} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3661af2d-c27b-499c-9bcf-66c8502a3806} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{99123ac9-7dda-4c82-b252-44c2804bf392} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{08755390-f46d-4d09-968c-3430166b3189} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5a4737a8-b92a-4e54-970e-c2891d98ce3f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ace99e77-aa2a-43c2-8c9d-caf2020fdf2b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e0fb1610-b25b-49f6-be20-751b2f230e6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{087c4054-0a2b-4f35-b0db-bed3e21650f4} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3f0915b8-b238-4c2d-ad1e-60db1e14d27a} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ea58c2ea-be26-49dd-9b9a-c8e4e5ca7791} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fca28ac5-c1e1-4d67-a5ae-c44d6c374d9f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0923208c-e259-4ed5-a778-cb607da350ad} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1230cf51-6bc4-4a23-b3f1-c7cf0afed619} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1985fce1-4043-4346-ae70-d0a0cd90bdd3} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1a2af056-1fe1-47ca-993d-5d09d18e674e} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.clientdetector (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.clientdetector.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e5b2693-d348-4ca7-8364-4f5e51bf9c6d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1e5b2693-d348-4ca7-8364-4f5e51bf9c6d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e623b96-b166-4c70-8169-820761794299} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e8b851b-05b0-4baf-b24d-d0dfe88dded3} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{50c3e2b3-4fd7-4cb9-91f9-641a6e6b3689} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{62b0b239-f9ac-4a5b-bfae-62c7a23f7627} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{726f0ab9-b842-4ae4-90c7-230e233e6a99} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b9cc2b92-5611-453f-8381-8b6f72d9c0b8} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c4543e64-1498-410d-8e72-4744eea99ab9} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{229d2451-a617-4b30-b5e8-8138694240cb} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2b81f920-6660-4f76-93bf-b1c67bf5d1a0} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.userprofiles (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.userprofiles.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2e54ac53-efa4-4831-a3f6-b47b1a1937cf} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2e54ac53-efa4-4831-a3f6-b47b1a1937cf} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{49155dae-c471-40fa-98ee-b2b3cad115ce} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4d783385-0dda-4188-a529-c97dc3d67cbd} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5b2e150d-4c8a-40e4-8c36-dd9c02771c67} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{627d894a-8a77-416e-b522-432eaf2c818e} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e10479b-31e8-4a3b-81b1-ddaf39097f19} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7138f250-5b72-48dd-adfb-9a83b429dd9e} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8971cb48-9fca-445a-be77-e8e8a4cc9df7} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e420a65f-9984-4b8c-9fa9-1ed69d3b0a13} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9720de03-5820-4059-b4a4-639d5e52bd09} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b247f5bf-bd9d-4ecd-8fc1-365f36a1fda1} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbbfb891-98ae-4678-86f3-bd5a2eed86c9} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ad71e48f-6f47-4b63-9312-fae879541c4d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b88e4484-3ff6-4ea9-815b-a54fe20d4387} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zango.desktopflash (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zango.desktopflash.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bd937ffe-0352-4fde-88f2-c30d1a9b25cf} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{bd937ffe-0352-4fde-88f2-c30d1a9b25cf} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bd937ffe-0352-4fde-88f2-c30d1a9b25cf} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\instie.hbinstobj (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\instie.hbinstobj.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bfc08cff-c737-4433-bd5a-0ee7efcfee54} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c23fa5a4-1fea-419f-8b14-f7465df062bc} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ccc6e232-aa4c-4813-a019-9c14b27776b6} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d2221ccb-f2bb-4858-aad4-57c754153603} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{dbf00e12-281c-4dc8-a7ec-1ff45182439b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{dd1cb2d7-161d-4b84-ae5c-08d3faed894f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ea0b6a1a-6a59-4a58-9c41-9966504898a5} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Installer\Features\9ee2330ae5f4470cac801baac83818c9 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\zangosa (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Zango (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ZangoSA_df.exe (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\zango (Adware.180Solutions) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Adware.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM6d20ec80 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\Zango@Zango.com (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\Zango 10.0.370.0 (Adware.Zango) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\efccurll.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\efccurll.dll -> Delete on reboot.

Folders Infected:
C:\Program Files\Zango (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.0.370.0 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.0.370.0\firefox (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.0.370.0\firefox\extensions (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.0.370.0\firefox\extensions\components (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.0.370.0\firefox\extensions\plugins (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\efcCuRlL.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\LlRuCcfe.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LlRuCcfe.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJyyxuu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uuxyyJlm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uuxyyJlm.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnoOIaA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AaIOonmp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AaIOonmp.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMdEUOG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GOUEdMoq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GOUEdMoq.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxyvtssS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Ssstvyxx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Ssstvyxx.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yaywVOFV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VFOVwyay.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VFOVwyay.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJCVLFw.dll (Adware.BHO) -> Delete on reboot.
C:\Program Files\Zango\bin\10.0.370.0\arrow.ico (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.0.370.0\copyright.txt (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.0.370.0\link.ico (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.0.370.0\firefox\extensions\chrome.manifest (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.0.370.0\firefox\extensions\install.rdf (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.0.370.0\firefox\extensions\components\npclntax.xpt (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAau.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAEula.mht (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA_kyf.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hhrwudbr.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\awtsPIxV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iiffGXpo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\la source\Local Settings\Temp\cd14C.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\la source\Local Settings\Temp\cd18.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:53:58, on 2008-05-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\la source\Bureau\HiJackThis.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {924954AA-CF94-4BEA-AC15-E2DB2439733E} - C:\WINDOWS\system32\nnnkLbby.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {CE7C990E-0CF6-478A-9B0A-97B31DE2D2D5} - C:\WINDOWS\system32\ddcDvtst.dll (file missing)
O2 - BHO: {ff0196e6-0e89-5529-5b54-754db15550bd} - {db05551b-d457-45b5-9255-98e06e6910ff} - C:\WINDOWS\system32\afbmocie.dll
O2 - BHO: (no name) - {F1410248-DED1-4935-9EE6-04B4C5B93AA1} - C:\WINDOWS\system32\wvUmliHB.dll (file missing)
O2 - BHO: (no name) - {FA257DCA-A799-412D-82F3-A5B6E44B0555} - C:\WINDOWS\system32\pmnkJyyW.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [6e13df1c] rundll32.exe "C:\WINDOWS\system32\lthwuctu.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\SmartShopper\Bin\2.0.20\SmrtShpr.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\SmartShopper\Bin\2.0.20\SmrtShpr.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8896 bytes



After passed Malwarebytes, Hijackthis, when I rebooted, AVG poped up : Threat detected. Virus found Vundo. Action failed to Heal it: Cannot clean file - not enough informations.

Excepted that, it seems to work well.

#4 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 19 May 2008 - 09:57 AM

Download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, please delete it from your desktop and download this new version . It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
  • Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
  • WARNING: IF you have not already done so Combofix will disconnect your machine from the Internet when it starts
  • Please do not re-connect your machine back to the Internet until Combofix has completely finished.
--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Give it atleast 20-30 minutes to finish

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#5 billy bobby

billy bobby

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 19 May 2008 - 12:25 PM

Well, I did twice the ComboFix... the first time, it rebooted automatically and AVG auto-lauched itself. I think that's maybe why ComboFix did not create a log. Pr it's because when the computer restarts, a window RUNDLL opened with: Load Error of C:\WINDOWS\system32\thwuctu.dll

Then, I disinstalled AVG and passed ComboFix another time (it did not restart that time). Here is the log of this second scan:


ComboFix 08-05-15.3 - la source 2008-05-19 13:51:05.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.136 [GMT -7:00]
Endroit: C:\Documents and Settings\la source\Bureau\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Zango
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Zango\Reset Cursor.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Zango\Zango Customer Support Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Zango\Zango Games!.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Zango\Zango Library.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Zango\Zango Screensavers!.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Zango\Zango Uninstall Instructions.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Zango\Zango Videos!.lnk
C:\Documents and Settings\la source\Application Data\Zango
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\030104_emte10_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\030104_emte11_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\030104_emte12_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\030104_emte13_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\030104_emte14_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\030104_emte19_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\030104_emte20_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\030104_emte21_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\030104_emte9_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\030203lib_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\033102angel_1_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\033102bigluf_1_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\033102bigsmile_1_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\033102birthday_1_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\033102cheers_1_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\033102flo_1_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\033102good_1_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\033102jump_1_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\033102king_1_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\033102lough_1_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\033102luf_1_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\033102smile_1_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\033102smiled_1_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\033102sor_1_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\033102thanx_1_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\033102uhu_1_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\040103ahh_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\040103wow_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\040104_emi2_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\042102_1134_112_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\050103big_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\050103gig_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\050103hm_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\050103nomail_emoti_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\050103norm_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\060104_ema15_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\060104_ema16_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\060104_ema17_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\060104_ema18_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\060104_ema19_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\060104_ema20_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\060104_ema21_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\060104_ema24_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\060104_ema25_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\060104_ema26_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\060104_ema30_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\060104_ema33_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\060104_ema34_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\062802hippi_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\062802jumpie_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\080402argh_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\080402oops_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\080402ouch_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\082502no_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\082502yes_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\110103_boring1_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\110103_confused_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\110103_crying_ugly_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\110103_fantastic_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\110103_feel_better_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\110103_gimme_break_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\110103_heehee_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\110103_hlopaet_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\110103_ign_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\110103_lol_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\110103_no_comment_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\110103_peace_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\110103_smashing_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\110103_talk2thehand_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\block_sm.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\block_sm2.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\block_smli.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\block_smli2.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\blocked.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\blocked2.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\btn_add-but.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\btn_back-but.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\btn_left_cut_enabled_1.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\btn_left_enabled_1.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\btn_left_pressed_1.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\btn_middle_enabled_1.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\btn_middle_pressed_1.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\btn_right_cut_enabled_1.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\btn_right_enabled_1.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\btn_right_pressed_1.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\business_promo.htm
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\buttondir.txt
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\components.cdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\css_cattree.css
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\css_flashpreview.css
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\css2_main.css
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\css2_pagingmodule.css
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\css2_topbuttons.css
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\cursors.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\delete.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\edit_clear_sound.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\edit_fs.htm
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\edit_select.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\email-def-511724-543450.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\email-def-511724-589306.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\email-def-511724-591943.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\email-def-511724-592579.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\email-def-511724-598579.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\email-def-511724-603763.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\email-def-511724-9696.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\email-def-511745-514279.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-backgrounds.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-bcards.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-ecards.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-emoticons.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-estationery.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-funny.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-help.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-images.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-info.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-more.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-my.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-new.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-new2.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-options.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-people.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-photo.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-tell.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-temp.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-text.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\email-def-email-voice.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\email-def.cdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\email-premium-email-premium.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\email-t1-bg.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\email-temp-bg.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\estatationery.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\flashpatch.js
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\flashpreview.htm
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\fs3.htm
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\hotbar_promo.htm
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\icon_checked_1.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\icon_close_1.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\icon_close_pressed_1.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\icon_edit_preview.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\icon_edit_send.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\icon_flash_preview.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\icon_recently_used.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\icon_remove_1.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\icon_remove_pressed_1.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\icon_sand-clock2.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\icon_tell_1.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\icon_tell_pressed_1.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\icon_tree_null.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\icon_unchecked_1.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\icon_unchecked_pressed_1.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\img_barlayout.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\img_barlayout2.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\img_barlayout4.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\img_corner_left.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\img_local_logo.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\js2_basetemplate.js
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\js2_hbgroups.js
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\js2_hbobject3.js
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\js2_hbobjectset3.js
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\js2_hotbarwrapper.js
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\js2_iteratorsandreaders3nf.js
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\js2_pagingmoduleobj3.js
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\js2_texts3.js
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\js2_xmltree3nf.js
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\layout.cdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\linkpathlegal.txt
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\n.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\nav_b_2.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\nav_bb_2.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\nav_f_2.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\nav_ff_2.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\progress.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\sales_buttons.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\searchbtn.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\submit.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\tab_bg.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\tab_bga.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\tab_bgia.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\tab_l.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\tab_la.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\tab_lia.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\tab_r.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\tab_ra.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\tab_ria.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\tree_dots.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\tree_minus.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\tree_plus.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\treedata_animations.xml
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\treedata_backgrounds.xml
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\treedata_ecards.xml
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\treedata_emoticons.xml
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\treedata_notifiers.xml
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\treedata_text.xml
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\1\zango_btn.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\030104_emte10_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\030104_emte11_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\030104_emte12_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\030104_emte13_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\030104_emte14_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\030104_emte19_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\030104_emte20_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\030104_emte21_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\030104_emte9_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\030203lib_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\033102angel_1_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\033102bigluf_1_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\033102bigsmile_1_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\033102birthday_1_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\033102cheers_1_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\033102flo_1_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\033102good_1_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\033102jump_1_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\033102king_1_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\033102lough_1_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\033102luf_1_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\033102smile_1_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\033102smiled_1_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\033102sor_1_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\033102thanx_1_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\033102uhu_1_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\040103ahh_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\040103wow_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\040104_emi2_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\042102_1134_112_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\050103big_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\050103gig_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\050103hm_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\050103nomail_emoti_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\050103norm_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\060104_ema15_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\060104_ema16_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\060104_ema17_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\060104_ema18_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\060104_ema19_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\060104_ema20_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\060104_ema21_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\060104_ema24_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\060104_ema25_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\060104_ema26_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\060104_ema30_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\060104_ema33_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\060104_ema34_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\062802hippi_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\062802jumpie_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\080402argh_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\080402oops_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\080402ouch_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\082502no_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\082502yes_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\110103_boring1_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\110103_confused_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\110103_crying_ugly_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\110103_fantastic_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\110103_feel_better_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\110103_gimme_break_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\110103_heehee_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\110103_hlopaet_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\110103_ign_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\110103_lol_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\110103_no_comment_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\110103_peace_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\110103_smashing_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\110103_talk2thehand_prv.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\block_sm.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\block_sm2.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\block_smli.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\block_smli2.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\blocked.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\blocked2.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\btn_add-but.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\btn_back-but.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\btn_left_cut_enabled_1.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\btn_left_enabled_1.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\btn_left_pressed_1.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\btn_middle_enabled_1.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\btn_middle_pressed_1.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\btn_right_cut_enabled_1.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\btn_right_enabled_1.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\btn_right_pressed_1.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\business_promo.htm
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\buttondir.txt
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\components.cdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\css_cattree.css
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\css_flashpreview.css
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\css2_main.css
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\css2_pagingmodule.css
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\css2_topbuttons.css
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\cursors.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\delete.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\edit_clear_sound.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\edit_fs.htm
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\edit_select.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\email-def-511724-543450.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\email-def-511724-548964.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\email-def-511724-589306.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\email-def-511724-591943.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\email-def-511724-592579.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\email-def-511724-598579.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\email-def-511724-603763.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\email-def-511724-9595.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\email-def-511724-9696.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\email-def-511745-514279.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-backgrounds.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-bcards.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-ecards.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-emoticons.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-estationery.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-funny.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-help.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-images.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-info.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-more.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-my.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-new.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-new2.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-options.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-people.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-photo.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-tell.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-temp.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-text.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\email-def-email-voice.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\email-def.cdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\email-premium-email-premium.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\email-t1-bg.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\email-temp-bg.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\estatationery.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\flashpatch.js
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\flashpreview.htm
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\fs3.htm
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\hotbar_promo.htm
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\icon_checked_1.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\icon_close_1.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\icon_close_pressed_1.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\icon_edit_preview.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\icon_edit_send.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\icon_flash_preview.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\icon_recently_used.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\icon_remove_1.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\icon_remove_pressed_1.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\icon_sand-clock2.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\icon_tell_1.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\icon_tell_pressed_1.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\icon_tree_null.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\icon_unchecked_1.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\icon_unchecked_pressed_1.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\img_barlayout.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\img_barlayout2.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\img_barlayout4.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\img_corner_left.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\img_local_logo.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\js2_basetemplate.js
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\js2_hbgroups.js
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\js2_hbobject3.js
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\js2_hbobjectset3.js
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\js2_hotbarwrapper.js
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\js2_iteratorsandreaders3nf.js
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\js2_pagingmoduleobj3.js
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\js2_texts3.js
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\js2_xmltree3nf.js
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\layout.cdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\linkpathlegal.txt
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\n.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\nav_b_2.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\nav_bb_2.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\nav_f_2.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\nav_ff_2.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\progress.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\sales_buttons.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\searchbtn.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\submit.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\tab_bg.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\tab_bga.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\tab_bgia.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\tab_l.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\tab_la.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\tab_lia.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\tab_r.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\tab_ra.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\tab_ria.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\tree_dots.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\tree_minus.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\tree_plus.gif
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\treedata_animations.xml
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\treedata_backgrounds.xml
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\treedata_ecards.xml
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\treedata_emoticons.xml
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\treedata_notifiers.xml
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\treedata_text.xml
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\2\zango_btn.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\DownLoad\business_promo.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\DownLoad\buttondir.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\DownLoad\code.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\DownLoad\cursors.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\DownLoad\email-def.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\DownLoad\email-temp-bg.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\DownLoad\hotbar_promo.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\DownLoad\images.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\DownLoad\layout.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\DownLoad\localcontent.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\DownLoad\progress.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\DownLoad\treexml.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\HostOI\static\DownLoad\zango_btn.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\1.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\1010376.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\1056107.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\1067407.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\1070515.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\1175990.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\1224397.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\1383582.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\1383771.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\1400063.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\1400295.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\1404778.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\1979381.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\2171672.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\240026.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\2471250.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\252029.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\2693907.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\2746895.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\2883915.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\2884801.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\2885069.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\2894097.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\2899639.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\3340762.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\3404705.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\341151.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\344stat\f8cc.dat
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\3756141.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\3852370.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\3893245.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\3893642.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\429071.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\460140.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\48345.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\50372.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\543927.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\600583.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\639567.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\648665.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\730931.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\886762.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\963741.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\991767.sdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\domains.txt
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000012280
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000025183
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000029240
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000029251
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000030162
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000037461
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\10110
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\10536
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1058
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\10758
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1085
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\11213
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\114249
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\114917
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\115541
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\116250
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\118874
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1214
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\12238
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\12312
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\12457
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\126694
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\12772
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\130787
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\130921
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\13306
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\133683
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\13546
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\13632
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\137933
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\142323
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\14633
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\14747
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\15032
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1509
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\15162
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\153363
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\15541
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\155411
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\16173
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\16725
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\17040
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\17195
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\180320
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\18261
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\18296
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\184591
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\188782
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\18883
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\18906
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\18991
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\19052
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\193409
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\19482
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\19597
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\19603
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\19624
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\19650
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\19677
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\19943
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20128
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\202109
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20266
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20304
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20435
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20478
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20570
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20613
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20935
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\210198
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\21119
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\212398
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\21320
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\213787
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\21669
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\21708
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\221757
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\22254
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\223385
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\22913
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\2302
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\230794
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\232101
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\23270
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\23524
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\23607
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\237467
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\241457
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\243256
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\243907
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\247895
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\24812
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\24996
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\25469
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\25509
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\25522
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\259172
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\259766
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26134
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26213
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\263345
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26656
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26664
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26739
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26981
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26994
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\27414
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\27503
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\277907
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\278063
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\28193
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\290893
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\29115
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\29547
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\295949
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\29671
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\30455
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\3048
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\30710
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\30854
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\30990
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\31262
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32024
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32171
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32198
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32290
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32639
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\33069
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\33137
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\33146
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\33697
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\33875
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\33912
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34107
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34123
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\3416
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34174
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34237
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34381
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34952
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35000
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35006
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35047
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\352526
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35554
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35804
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\36135
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\361427
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\372224
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\374830
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\376270
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\378128
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\37827
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\3796
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\38333
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\39897
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\40267
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\403305
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\40999
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\411481
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41215
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41333
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\4142
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\4157
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41588
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41854
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41999
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\42013
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\42208
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\427075
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\43098
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\43120
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\43142
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\43184
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\43331
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\43719
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44100
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44228
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44229
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44458
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44789
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44878
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\453218
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\45510
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\45827
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\45837
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\4721
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\481176
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\482360
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\49442
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\49587
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\4967
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\4975
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\507892
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\50830
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\50887
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\51194
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\51374
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\514137
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\51495
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\52219
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\52253
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\52335
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\526389
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\52699
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\531510
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\533670
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\534852
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\542533
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\5464
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\547723
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\550322
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\553087
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\5535
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\5542
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\55725
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\55858
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\56113
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\561832
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\56970
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\576702
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\578081
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\578140
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\578150
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\57878
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\578907
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\57904
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\58197
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\58454
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\595235
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\59844
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\59926
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\602763
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\60495
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\60841
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\612922
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\614143
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\616704
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\617075
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\617965
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\61853
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\61894
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\62133
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\622251
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\622354
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\628262
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6292
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\63264
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6368
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\63806
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64429
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64434
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64446
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64517
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6458
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64737
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64763
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\648585
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\650179
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\650283
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6539
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\654469
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\65770
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\658110
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\658742
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\66264
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\66274
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6658
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\668331
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\66836
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\670462
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\67215
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\67329
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\67469
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\67567
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\678506
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\68040
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\68041
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\68044
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\68076
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\68094
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\68098
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\683048
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\68370
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\69201
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\69288
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\69556
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\696893
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\69850
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\704972
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\705041
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\705078
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\705206
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\705226
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\705251
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\705253
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\705266
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\705293
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\705461
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\705481
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\705495
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\705555
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\70788
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\71287
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\71361
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\71383
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\71822
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\7193
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\72123
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\72282
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\72286
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\72786
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\72912
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\731349
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\73290
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\733622
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\737665
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\737842
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\737874
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\738022
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\738380
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\73840
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\73905
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\741901
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\743331
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744260
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744414
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744472
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744500
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744631
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744744
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744745
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744757
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744758
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744775
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744786
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744857
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744869
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744914
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744930
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744993
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745037
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745057
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745088
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745112
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745220
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745230
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745326
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745470
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745556
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745838
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745992
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\746904
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\74777
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\747928
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\74798
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\748167
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\748176
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\748288
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\748358
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\748395
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\748442
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\749325
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\75250
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753088
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753267
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753300
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753309
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753311
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753327
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753331
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753335
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\75653
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\76013
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\78237
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\78788
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\7887
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\7889
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\7892
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\7894
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79079
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79246
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79432
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79806
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\80163
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\80663
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\80914
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\81566
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\82120
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\82126
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\82292
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\8443
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\85062
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\85568
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\85831
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\86023
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\86146
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\86161
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\86379
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\86494
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\86837
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\87510
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\87753
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\87770
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\87843
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\87995
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\89200
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\89885
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\90358
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\90711
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\91224
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\91231
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\91236
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\92061
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\9313
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93958
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\94272
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\9786
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\98228
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\9836
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\98493
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\9875
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\998
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\9994
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\dynamic\ustat\f8cc.dat
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\avatar.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\btntrans.idx
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\btntrans1.dat
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\buttondir.txt
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\components.cdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\cursors.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_other.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\d_icons_weather.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\default.cdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\Default_511745-514279.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-ca.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-us.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\Default_categorize.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\Default_comparison.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-people.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\Default_favorites.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\Default_Games.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\Default_Hide.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\Default_Hotmail.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\Default_hsskin.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\Default_jemster.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\Default_jemsterie.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\Default_jemsteruk.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\Default_jobsearch.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\Default_Mails.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\Default_MobileSidewalk.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\Default_new.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\Default_premium.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\Default_reun.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\Default_ringtones.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\Default_searchfor.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\Default_searchgo.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\Default_weather.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\Default_yellowpages.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\editblbuttons.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\email-t1-bg.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\icons2.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\ie_games_icon.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\ie_video.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\keywords.idx
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\keywords1.dat
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\layout.cdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\linkpathlegal.txt
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\progress.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\s_icons_buttons.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\sales_buttons.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\sdfmodifier.xml
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\t2_bg.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\theweb.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\top7.cdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\Top7_theweb.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\tsd_bg.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\zango_btn.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\1\zango_ie_menu.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\avatar.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\btntrans.idx
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\btntrans1.dat
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\buttondir.txt
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\components.cdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\cursors.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_1000.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_2000.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_3000.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_bar.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_bbar1.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_logos.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_other.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\d_icons_weather.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\default.cdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\Default_511745-514279.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-ca.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-us.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\Default_categorize.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\Default_comparison.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-Mails.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-people.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\Default_favorites.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\Default_Games.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\Default_Hide.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\Default_hotbarcom.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\Default_Hotmail.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\Default_hsskin.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\Default_jemster.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\Default_jemsterie.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\Default_jemsteruk.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\Default_jobsearch.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\Default_Mails.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\Default_MobileSidewalk.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\Default_new.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\Default_premium.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\Default_reun.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\Default_ringtones.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\Default_searchfor.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\Default_searchgo.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\Default_weather.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\Default_yellowpages.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\editblbuttons.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\email-def-511724-548964.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\email-def-511724-9595.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\email-t1-bg.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\icons2.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\ie_games_icon.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\ie_video.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\keywords.idx
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\keywords1.dat
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\layout.cdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\linkpathlegal.txt
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\progress.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\s_icons_buttons.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\sales_buttons.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\sdfmodifier.xml
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\t2_bg.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\theweb.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\top7.cdf
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\Top7_theweb.mnu
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\tsd_bg.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\zango_btn.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\2\zango_ie_menu.res
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\DownLoad\avatar.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans1.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\DownLoad\buttondir.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\DownLoad\default.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\DownLoad\editblbuttons.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\DownLoad\icons2.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords1.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\DownLoad\progress.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\DownLoad\sdfmodifier.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\DownLoad\top7.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_btn.xip
C:\Documents and Settings\la source\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_ie_menu.xip
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\afbmocie.dll
C:\WINDOWS\system32\aJlSBJlm.ini
C:\WINDOWS\system32\aJlSBJlm.ini2
C:\WINDOWS\system32\BHilmUvw.ini
C:\WINDOWS\system32\BHilmUvw.ini2
C:\WINDOWS\system32\FiiRYcdd.ini
C:\WINDOWS\system32\FiiRYcdd.ini2
C:\WINDOWS\system32\hhrwudbr.dll
C:\WINDOWS\system32\LlRuCcfe.ini
C:\WINDOWS\system32\manlaqwe.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\SDNWwGgh.ini
C:\WINDOWS\system32\SDNWwGgh.ini2
C:\WINDOWS\system32\stuxIRqr.ini
C:\WINDOWS\system32\stuxIRqr.ini2
C:\WINDOWS\system32\tstvDcdd.ini
C:\WINDOWS\system32\tstvDcdd.ini2
C:\WINDOWS\system32\utcuwhtl.ini
C:\WINDOWS\system32\WyyJknmp.ini
C:\WINDOWS\system32\WyyJknmp.ini2
C:\WINDOWS\system32\ybbLknnn.ini
C:\WINDOWS\system32\ybbLknnn.ini2

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-19 to 2008-05-19 ))))))))))))))))))))))))))))))))))))
.

2008-05-19 09:34 . 2008-05-19 09:34 <REP> d-------- C:\Documents and Settings\la source\Application Data\Malwarebytes
2008-05-19 09:33 . 2008-05-19 09:34 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-19 09:33 . 2008-05-19 09:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-19 09:33 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-19 09:33 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-12 19:46 . 2008-05-19 09:45 316,112 --------- C:\WINDOWS\system32\efcCuRlL.dll
2008-05-12 17:29 . 2008-05-19 09:23 109,812 --a------ C:\WINDOWS\BM6d20ec80.xml
2008-05-01 17:22 . 2008-05-19 13:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-01 17:22 . 2008-05-01 17:22 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-21 10:12 . 2008-04-21 10:12 <REP> d-------- C:\Documents and Settings\la source\Application Data\Grisoft
2008-04-21 10:11 . 2007-05-30 05:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-21 10:00 . 2008-05-19 13:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-19 20:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-05-19 16:53 --------- d-----w C:\Documents and Settings\la source\Application Data\AVG7
2008-05-19 16:45 26,752 ------w C:\WINDOWS\system32\mlJCVLFw.dll
2008-04-21 16:37 --------- d-----w C:\Program Files\Easy Internet signup
2008-04-13 06:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-03-30 19:35 --------- d-----w C:\Documents and Settings\la source\Application Data\YouSendIt
2008-03-30 19:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-30 19:34 --------- d-----w C:\Program Files\YouSendIt
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{924954AA-CF94-4BEA-AC15-E2DB2439733E}]
C:\WINDOWS\system32\nnnkLbby.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE7C990E-0CF6-478A-9B0A-97B31DE2D2D5}]
C:\WINDOWS\system32\ddcDvtst.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1410248-DED1-4935-9EE6-04B4C5B93AA1}]
C:\WINDOWS\system32\wvUmliHB.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FA257DCA-A799-412D-82F3-A5B6E44B0555}]
C:\WINDOWS\system32\pmnkJyyW.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 01:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-03 17:30 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 10:00 339968]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 03:36 36975]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 15:11 794624]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 05:12 102492]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 05:11 692316]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24 290816]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 14:01 233534]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 13:54 253952]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-13 18:10 409600]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44 271672]
"6e13df1c"="C:\WINDOWS\system32\lthwuctu.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 01:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 08:18]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a28231e5-9619-11dc-9f34-0016361f7a4d}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL CAAV/CAInstallationMenu.html

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-07 17:54:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-21 16:37:02 C:\WINDOWS\Tasks\Connexion facile à Internet.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-19 13:53:28
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????5?3?0?4??????? ???B?????????????hLC? ??????

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-19 13:54:39
ComboFix-quarantined-files.txt 2008-05-19 20:54:30

Pre-Run: 45,906,681,856 octets libres
Post-Run: 45,899,972,608 octets libres

1190 --- E O F --- 2008-04-09 05:53:49

#6 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 19 May 2008 - 12:36 PM

Please go to http://virusscan.jotti.org , click on Browse, and upload the following file for analysis:

C:\WINDOWS\system32\efcCuRlL.dll

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.


Do the same for:

C:\WINDOWS\system32\mlJCVLFw.dll


If Jotti is too busy you can try these.

http://www.kaspersky...anforvirus.html


http://www.virustota.../en/indexf.html

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#7 billy bobby

billy bobby

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 19 May 2008 - 01:26 PM

For C:\WINDOWS\system32\efcCuRlL.dll :

File: mlJCVLFw.dll
Status: POSSIBLY INFECTED/MALWARE (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
MD5: e8377242de04cceee401e1a250fbbf38
Packers detected: -

Scan taken on 19 May 2008 18:58:33 (GMT)
A-Squared Found nothing
AntiVir Found TR/Trash.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Last file scanned at least one scanner reported something about: IWS3install.exe (MD5: f870be645f5bd052704abf16299ab401, size: 441605 bytes), detected by:

Scanner Malware name
A-Squared X
AntiVir X
ArcaVir Trojan.Spy.Agent.Boa
Avast X
AVG Antivirus X
BitDefender X
ClamAV X
CPsecure Troj.Spy.W32.Agent.bdw
Dr.Web X
F-Prot Antivirus X
F-Secure Anti-Virus X
Fortinet X
Ikarus Trojan-Spy.Win32.Agent.bbg
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
Panda Antivirus X
Sophos Antivirus X
VirusBuster X
VBA32 X


File: mlJCVLFw.dll
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: e8377242de04cceee401e1a250fbbf38
Packers detected: -

Scan taken on 19 May 2008 19:10:35 (GMT)
A-Squared Found nothing
AntiVir Found TR/Trash.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1

Statistics
Last file scanned at least one scanner reported something about: cs3Keygen.rar (MD5: 6b1a050399314d389c463a6f66d2189d, size: 42268 bytes), detected by:

Scanner Malware name
A-Squared X
AntiVir TR/Proxy.Horst.aae.2
ArcaVir X
Avast X
AVG Antivirus PSW.Generic_c.LP
BitDefender X
ClamAV X
CPsecure Troj.Proxy.W32.Horst.aae
Dr.Web Trojan.PWS.Gamania.6315
F-Prot Antivirus X
F-Secure Anti-Virus X
Fortinet W32/Horst.AAE!tr
Ikarus Trojan-Proxy.Win32.Horst.aae
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
Panda Antivirus X
Sophos Antivirus Sus/Keygen-A
VirusBuster X
VBA32 Trojan.PWS.Gamania.6315

#8 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 19 May 2008 - 03:16 PM

Open notepad and copy/paste the text in the Codebox below into it:

File::
C:\WINDOWS\system32\efcCuRlL.dll
C:\WINDOWS\system32\mlJCVLFw.dll
C:\WINDOWS\system32\nnnkLbby.dll
C:\WINDOWS\system32\ddcDvtst.dll
C:\WINDOWS\system32\wvUmliHB.dll
C:\WINDOWS\system32\pmnkJyyW.dll
C:\WINDOWS\system32\lthwuctu.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{924954AA-CF94-4BEA-AC15-E2DB2439733E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE7C990E-0CF6-478A-9B0A-97B31DE2D2D5}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1410248-DED1-4935-9EE6-04B4C5B93AA1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FA257DCA-A799-412D-82F3-A5B6E44B0555}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"6e13df1c"=-

Save this as Save this as "CFScript"


Posted Image

Drag CFScript.txt into ComboFix.exe

Then post the results log and a new HijackThis log.


Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#9 billy bobby

billy bobby

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 19 May 2008 - 04:42 PM

ComboFix 08-05-15.3 - la source 2008-05-19 18:24:53.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.100 [GMT -7:00]
Endroit: C:\Documents and Settings\la source\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\la source\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\WINDOWS\system32\ddcDvtst.dll
C:\WINDOWS\system32\efcCuRlL.dll
C:\WINDOWS\system32\lthwuctu.dll
C:\WINDOWS\system32\mlJCVLFw.dll
C:\WINDOWS\system32\nnnkLbby.dll
C:\WINDOWS\system32\pmnkJyyW.dll
C:\WINDOWS\system32\wvUmliHB.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\efcCuRlL.dll
C:\WINDOWS\system32\mlJCVLFw.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-20 to 2008-05-20 ))))))))))))))))))))))))))))))))))))
.

2008-05-19 09:34 . 2008-05-19 09:34 <REP> d-------- C:\Documents and Settings\la source\Application Data\Malwarebytes
2008-05-19 09:33 . 2008-05-19 09:34 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-19 09:33 . 2008-05-19 09:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-19 09:33 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-19 09:33 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-12 17:29 . 2008-05-19 09:23 109,812 --a------ C:\WINDOWS\BM6d20ec80.xml
2008-05-01 17:22 . 2008-05-19 14:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-01 17:22 . 2008-05-01 17:22 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-21 10:12 . 2008-04-21 10:12 <REP> d-------- C:\Documents and Settings\la source\Application Data\Grisoft
2008-04-21 10:11 . 2007-05-30 05:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-21 10:00 . 2008-05-19 13:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-19 20:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-05-19 16:53 --------- d-----w C:\Documents and Settings\la source\Application Data\AVG7
2008-04-21 16:37 --------- d-----w C:\Program Files\Easy Internet signup
2008-04-13 06:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-03-30 19:35 --------- d-----w C:\Documents and Settings\la source\Application Data\YouSendIt
2008-03-30 19:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-30 19:34 --------- d-----w C:\Program Files\YouSendIt
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-19_13.38.22.79 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-19 20:30:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-19 21:52:57 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-03-25 04:50:25 554,008 ------w C:\WINDOWS\system32\dllcache\dao360.dll
+ 2008-03-25 04:50:28 518,944 ------w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:30 326,432 ------w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:34 1,516,568 ------w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:40 355,112 ------w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:42 60,192 ------w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 248,608 ------w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:44 219,936 ------w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:45 355,104 ------w C:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:47 432,928 ------w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:49 322,336 ------w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:52 559,904 ------w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:55 264,992 ------w C:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:57 838,432 ------w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:58 355,104 ------w C:\WINDOWS\system32\dllcache\msxbde40.dll
- 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
- 2004-08-05 08:00:00 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2004-08-05 08:00:00 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
- 2004-08-05 08:00:00 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2004-08-05 08:00:00 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2004-08-05 08:00:00 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
- 2004-08-05 08:00:00 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2004-08-05 08:00:00 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
- 2004-08-05 08:00:00 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2004-08-05 08:00:00 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2004-08-05 08:00:00 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
- 2004-08-05 08:00:00 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
- 2004-08-05 08:00:00 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
- 2004-08-05 08:00:00 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
- 2004-08-05 08:00:00 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 01:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-03 17:30 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 10:00 339968]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 03:36 36975]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 15:11 794624]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 05:12 102492]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 05:11 692316]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24 290816]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 14:01 233534]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 13:54 253952]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-13 18:10 409600]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44 271672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 01:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 08:18]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a28231e5-9619-11dc-9f34-0016361f7a4d}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL CAAV/CAInstallationMenu.html

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-07 17:54:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-21 16:37:02 C:\WINDOWS\Tasks\Connexion facile à Internet.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-19 18:27:07
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????5?3?0?4??????? ???B?????????????hLC? ??????

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-19 18:28:33
ComboFix-quarantined-files.txt 2008-05-20 01:28:29
ComboFix2.txt 2008-05-19 20:54:40

Pre-Run: 45,816,688,640 octets libres
Post-Run: 45,812,752,384 octets libres

171 --- E O F --- 2008-05-19 21:29:58




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30:19, on 2008-05-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\la source\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\SmartShopper\Bin\2.0.20\SmrtShpr.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\SmartShopper\Bin\2.0.20\SmrtShpr.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 7629 bytes



Nothing happened last time I rebooted the computer... seems good ! I will try it in next hours and give more information about if there is somthing wrong or not.

Sincerly thanks for what you did so far.

#10 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 19 May 2008 - 04:45 PM

Is your AVG anti-virus running?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

    Advertisements

Register to Remove


#11 billy bobby

billy bobby

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 19 May 2008 - 06:13 PM

I desinstalled AVG just before passing ComboFix and Hijack... did that screw the cleaning we did?

#12 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 19 May 2008 - 06:15 PM

Didn't mess anything up but you need a Anti-Virus program running or you're just going to get infected again.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#13 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 24 May 2008 - 07:59 AM

Do you still need help with this?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#14 billy bobby

billy bobby

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 25 May 2008 - 12:19 PM

Thanks to your help LDTate, it looks good now! This problem is resolved.

#15 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 25 May 2008 - 06:39 PM

Good job :thumbup:

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    • Posted Image


    Here's my usual all clean post

    Log looks good :D


    You need to create a new Clean restore point.

    Note: This will remove all previous Restore Points

    Click Start Menu > Run > copy and paste

    %SystemRoot%\System32\restore\rstrui.exe

    Press OK. Choose Create a Restore Point then click Next. Name it (something you'll remember) and click Create, when the confirmation screen shows the restore point has been created click Close.

    Double-click My Computer.
    Click the Tools menu, and then click Folder Options.
    Click the View tab.
    Check "Hide file extensions for known file types."
    Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
    Check "Hide protected operating system files."
    Click Apply, and then click OK.

    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      • From within Internet Explorer click on the Tools menu and then click on Options.
      • Click once on the Security tab
      • Click once on the Internet icon so it becomes highlighted.
      • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:
    Note: I no longer suggest Zone Alarm

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

  • Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer
    settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Winpatrol

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly.
    Without regular updates you WILL NOT be protected when new malicious programs are released.

Only run one Anti-Virus and Firewall program.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users