Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Panda says I"VE BEEN HACKED HELP!


  • Please log in to reply
49 replies to this topic

#1 mistressbluz

mistressbluz

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Location:Maryland
  • Local time:06:52 AM

Posted 05 December 2007 - 03:56 AM

Mod Edit: An earlier log (10 days) was moved from the HJT forum, to the HJT Jail.
The earlier log can be found here:

Apparently My Hubby Posted My Hjt Log In The Wrong Place!
Also, fixed the tags.


Hi Everyone....I had my hubby post a Hijack log for me back on Nov. 25th unfortunately, I forgot to tell him where to post it and it got posted in the wrong place, so I reposted another one, not knowing that One of the Leaders would repost in in the proper misfiled place for me, I havent received a reply since and my computer has been running worse and also, Tonight, I've ran a Panda Active scan also, And now it seems I've been Hacked, if you could view both my Panda results and my Hijack this results and tell me what I can do, I would greatly appreciate it, as Panda left my Hacking tool as you'll notice detected but not disinfected...Hugs and Love to all...Tam.....

Panda Log:

Incident Status Location

Potentially unwanted tool:Application/PRScheduler No disinfected C:\Documents and Settings\Art Plummer\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
Spyware:Cookie/YieldManager Disinfected C:\Documents and Settings\Tambra Plummer\Cookies\tambra plummer@ad.yieldmanager[1].txt
Spyware:Cookie/PointRoll Disinfected C:\Documents and Settings\Tambra Plummer\Cookies\tambra plummer@ads.pointroll[1].txt
Potentially unwanted tool:Application/PRScheduler No disinfected C:\Documents and Settings\Tambra Plummer\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
Potentially unwanted tool:Application/PRScheduler No disinfected C:\Program Files\backups\backup-20070311-195747-738-PowerReg Scheduler V3.exe


Hijack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:56:17 AM, on 12/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Browser Mouse\MOffice.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\CWDefScn.exe
C:\Program Files\Browser Mouse\MOUSE32A.EXE
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mycablespeed.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CAMTRAY.EXE"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ncoOSCheck] "C:\Program Files\Norton Confidential\osCheck.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] "C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] "C:\Program Files\Browser Mouse\MOffice.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Branden Plummer\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v46/share...GamesLoader.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex...wareControl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/downl...lscbase3401.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141959034171
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://dell.kodakgallery.com/downloads/BUM..._1/axofupld.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://www.shockwave.com/content/dreamchro...web.1.0.0.9.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - https://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v45/wordmojo/wordmojo.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v55/cubis/cubis.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v45/sol/sol.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v48/luxor/luxor.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) - http://www.shockwave.com/content/zenerchi/...eb.1.0.0.10.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.gamehouse.com/games/zylom/zylomplayer.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} (CPlayFirstSandScriptControl Object) - http://www.gamehouse.com/realarcade-webgam.../SandScript.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 15858 bytes


Again, Thank you soo soo very much!!! :thumbsup:

.
.

Edited by tg1911, 07 December 2007 - 04:36 AM.

"What doesn't kill you, Makes you stronger"

BC AdBot (Login to Remove)

 


#2 mistressbluz

mistressbluz
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Location:Maryland
  • Local time:06:52 AM

Posted 07 December 2007 - 04:55 AM

Dear Mod Edit, Isnt this what you asked me to do in your past reply? I"m sorry if I did the wrong thing again, it's just that when I ran that panda scan and it said I had been hacked not once but three times, I got really nervous, because now I"m scared to do anything online pertaining to paying bills or ordering anything with my credit cards for Christmas etc...because I'm scared that someone has all my information, again, I apologize If I myself made a boo boo this time, last time it was my husband, but I thought someone told me not to make any corrections and if I hadnt gotten a response in 5 days to repost another log if I was still having problems....Again, If I am wrong I'm sorry, but please help me and tell me what to do to get unhacked...:thumbsup:. Thank you again for your time and patience with me, I"m not trying to be a burden!! My Respect to all. In his love, Tam!
"What doesn't kill you, Makes you stronger"

#3 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 AM

Posted 12 December 2007 - 09:42 AM

Hi mistressbluz,

I'm sorry for the misunderstandings that have apparently occurred here. Let's concentrate on whether or not you have an infection and how to deal with it if so.

From looking at your log, and some of your past logs, I don't see anything dangerous. I think you may be misinterpreting what various scans are telling you. Panda DID NOT tell you that you had been hacked and in danger of losing your sensitive information to identity thieves. What it is telling you is that you have one file that is a moderate security concern (PowerReg Scheduler V3.exe) and a couple of tracking cookies, which are very low level privacy concerns.

PowerReg Scheduler V3.exe may or may not be something undesirable. That is why Panda terms it a "Potentially unwanted tool". This may have come along when you installed some software or hardware--it might just be a reminder to register that product, or it sends information about your system's configuration to the maker's of that software or hardware company, ostensible for future troubleshooting puposes. You may think that is none of their business and since it is absolutely unnecessary, we can remove it, I just want you to know that the people behind it are NOT cyber criminals interested in stealing your identity or vast amounts of money. At worse the companies will just spam you, so I'm just saying you have very little to worry about.

This is pretty easy to fix with HijackThis. However, you have Ad-Watch installed, which is good, but it often interferes with removal of such items, so please disable it before carrying out the HJT fix.
  • Right click on the Ad-Watch icon in the system tray.
  • At the bottom of the screen there will be two checkable items called "Active" and "Automatic".
    • Active: This will turn Ad-Watch On\Off without closing it.
    • Automatic: Suspicious activity will be blocked automatically.
  • Uncheck both of those boxes.
  • (When done, you can re-enable it using the same steps but this time check both boxes.)
Scan again with HijackThis and put a checkmark next to the following entries:

O4 - Startup: PowerReg Scheduler V3.exe

Close all other windows--you should only see HijackThis on your Desktop and Taskbar--and then click the "Fix checked" button.

Reboot your computer into Safe Mode and delete the following files if they exist:

C:\Documents and Settings\Art Plummer\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
C:\Documents and Settings\Tambra Plummer\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
C:\Program Files\backups\backup-20070311-195747-738-PowerReg Scheduler V3.exe

Just to be sure there is nothing else hanging around I'm going to ask for another kind of log (that will include a HJT log) and it may also help some with the slowness issue. Besides Norton, which is a known resource hog, this line indicates a problem on your system--possibly malware, but usually something else more mundane causing it:

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

The folowing log wil give me some better information:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts. If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your next reply. If you have any problems with the logs, both can be found in C:\Deckard\System Scanner.

The thing about people

is they change

when they walk away.--Mipso


#4 mistressbluz

mistressbluz
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Location:Maryland
  • Local time:06:52 AM

Posted 13 December 2007 - 04:11 AM

Thank you so much for answering me Papakid, Here is the information you requested from me, I hope I did it correctly for you, I've also found in doing this that there are things on listed such as worldwinners games etc. that I no longer have on my computer but are still listed, How do I get rid of those may I ask? They arent even listed when I go to control panel to remove them from add/remove programs, also, since my last post my oldest son had added a new game which I asked him not too, as you all have told me in the past that we were running an awful lot of games which was making my system run slow and it has become slower, but more then that, it has been getting alot of pop-ups and I had trouble tonight where I couldnt set my homepage where I usually keep it which is set to cablespeed it kept reverting back to dell.com and not letting me reset, so I'm wondering when you view my reports if you could please let me know if him downloading this world of warcraft has not hurt the system if it didnt really have a problem before, I"m worried that it now does...Thank you again for your time, You are great and truly appreciate especially at this time of year, I know that you all must be very busy besides trying to help others, I know you must be busy with your families and are appreciated more then you know....In his love...Tam!

Main.txt
Deckard's System Scanner v20071014.68
Run by Tambra Plummer on 2007-12-13 03:37:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
75: 2007-12-13 08:38:43 UTC - RP777 - Deckard's System Scanner Restore Point
74: 2007-12-12 08:00:37 UTC - RP776 - Software Distribution Service 3.0
73: 2007-12-12 05:37:44 UTC - RP775 - System Checkpoint
72: 2007-12-11 05:21:39 UTC - RP774 - Removed Google Toolbar for Internet Explorer
71: 2007-12-11 02:16:53 UTC - RP773 - System Checkpoint


-- First Restore Point --
1: 2007-10-01 19:07:57 UTC - RP703 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as Tambra Plummer.exe) --------------------------------------

logfile has no content; running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-13 03:56:19
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdiserv.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\ACCTMGR.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Browser Mouse\MOffice.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\CWDefScn.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Documents and Settings\Tambra Plummer\Local Settings\Temporary Internet Files\Content.IE5\GF9BM2VP\dss[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mycablespeed.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CAMTRAY.EXE"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ncoOSCheck] "C:\Program Files\Norton Confidential\osCheck.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] "C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] "C:\Program Files\Browser Mouse\MOffice.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: ExifLauncher2.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Branden Plummer\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O15 - Trusted Zone: https://online.musicmatch.com (HKLM)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} () - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} () - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shock...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v46/share...GamesLoader.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} () - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shock...director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex...wareControl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} (Malicious Software Removal Tool) - http://download.microsoft.com/download/b/d.../WebCleaner.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/downl...lscbase3401.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} () - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141959034171
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://dell.kodakgallery.com/downloads/BUM..._1/axofupld.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://www.shockwave.com/content/dreamchro...web.1.0.0.9.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - https://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v45/wordmojo/wordmojo.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v55/cubis/cubis.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v45/sol/sol.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v48/luxor/luxor.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) - http://www.shockwave.com/content/zenerchi/...eb.1.0.0.10.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.gamehouse.com/games/zylom/zylomplayer.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} () - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/flash...ent/swflash.cab
O16 - DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} (CPlayFirstSandScriptControl Object) - http://www.gamehouse.com/realarcade-webgam.../SandScript.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - Unknown owner - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


--
End of file - 16738 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\backups\) -----------------------------

backup-20060401-152357-588 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
backup-20060402-141953-246 O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
backup-20070311-195747-738 O4 - Startup: PowerReg Scheduler V3.exe
backup-20070311-195747-765 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070311-195747-839 O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZJ
backup-20070311-195748-965 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20071213-032032-110 O4 - S-1-5-18 Startup: PowerReg Scheduler V3.exe (User 'SYSTEM')
backup-20071213-032040-619 O4 - Startup: PowerReg Scheduler V3.exe
backup-20071213-032040-799 O4 - .DEFAULT Startup: PowerReg Scheduler V3.exe (User 'Default user')

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\windows\system32\drivers\prosync1.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>
R2 CdaD10BA - c:\windows\system32\drivers\cdad10ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>
R3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
R3 Ad-Watch Real-Time Scanner (AW Real-Time Scanner) - c:\windows\system32\drivers\awrtpd.sys <Not Verified; Lavasoft AB; Ad-Watch Beta>
R3 Ad-Watch Registry Filter (Ad-Watch Registry Kernel Filter) - c:\windows\system32\drivers\awrtrd.sys <Not Verified; Lavasoft AB; Ad-Watch Registry Protection>

S3 dbustrcm - c:\docume~1\tambra~1\locals~1\temp\dbustrcm.sys (file missing)
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 dump_wmimmc - c:\program files\gpotato\flyff\gameguard\dump_wmimmc.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
S3 SQTECH9080 (MegaCam(PID_9080_00)) - c:\windows\system32\drivers\capt9080.sys <Not Verified; Service & Quality Technology.; SQ908>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
S3 XDva031 - c:\windows\system32\xdva031.sys (file missing)
S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 bgsvcgen (B's Recorder GOLD Library General Service) - c:\windows\system32\bgsvcgen.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD8>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-12-12 06:00:01 640 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Tambra Plummer.job


-- Files created between 2007-11-13 and 2007-12-13 -----------------------------

2007-12-09 21:59:46 0 d-------- C:\Program Files\World of Warcraft
2007-12-09 21:56:33 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-12-09 20:49:32 0 d-------- C:\Program Files\Application Files
2007-12-08 02:04:08 0 d-------- C:\Documents and Settings\Tambra Plummer\Application Data\ForgottenRiddles
2007-12-07 23:16:06 0 dr-h----- C:\Documents and Settings\Tambra Plummer\Recent
2007-12-07 15:17:21 0 d-------- C:\Program Files\There
2007-11-28 17:38:15 0 d-------- C:\Program Files\Coupons
2007-11-28 17:38:14 31 --ah----- C:\WINDOWS\uccspecc.sys
2007-11-25 21:45:54 69632 --a------ C:\WINDOWS\system32\asprouni.exe <Not Verified; Panda Software; Panda Software ASPRODesinstalador>
2007-11-25 21:45:12 0 d-------- C:\WINDOWS\system32\ASPRO
2007-11-25 20:46:34 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-25 15:21:18 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-11-14 07:46:04 221184 --a------ C:\WINDOWS\system32\WRAP_OAL.DLL <Not Verified; Creative Labs; Creative Labs OpenAL32>


-- Find3M Report ---------------------------------------------------------------

2007-12-13 03:56:20 15642 --a------ C:\Program Files\hijackthis.log
2007-12-13 03:20:40 0 d-------- C:\Program Files\backups
2007-12-12 18:20:03 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-11 00:21:49 0 d-------- C:\Program Files\Google
2007-12-10 01:45:00 0 d-------- C:\Program Files\Common Files
2007-12-10 00:14:50 0 d-------- C:\Program Files\Shockwave.com
2007-12-09 20:58:13 0 d-------- C:\Documents and Settings\Tambra Plummer\Application Data\Google
2007-12-07 23:07:11 0 d-------- C:\Program Files\CCleaner
2007-12-06 03:59:43 5852 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-06 03:59:43 152 -r-hs---- C:\WINDOWS\system32\5C4FD9CF0A.sys
2007-12-05 03:35:34 0 d-------- C:\Program Files\Lexmark Fax Solutions
2007-12-05 03:35:20 0 d-------- C:\Program Files\Lexmark 3500-4500 Series
2007-12-05 03:30:38 0 d-------- C:\Program Files\FinePixViewer
2007-12-05 03:30:12 0 d-------- C:\Program Files\Digital Line Detect
2007-12-05 03:24:11 0 d-------- C:\Program Files\Browser Mouse
2007-12-05 01:35:18 0 d-------- C:\Program Files\Symantec
2007-11-25 19:33:50 0 d-------- C:\Program Files\iWin.com
2007-11-25 19:10:39 0 d-------- C:\Program Files\Microsoft Games
2007-11-24 19:51:20 65536 --a------ C:\WINDOWS\IFinst27.exe
2007-11-16 06:09:24 0 d-------- C:\Program Files\Norton Internet Security
2007-11-14 07:46:13 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-11-07 23:03:10 0 d-------- C:\Documents and Settings\Tambra Plummer\Application Data\Adobe
2007-11-05 22:18:56 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-04 00:28:48 0 d-------- C:\Program Files\Lavasoft
2007-11-04 00:28:46 0 d-------- C:\Documents and Settings\Tambra Plummer\Application Data\Lavasoft
2007-11-04 00:26:07 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-30 18:11:38 0 d-------- C:\Program Files\Common Files\Real
2007-10-18 16:28:52 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-10-18 16:25:40 0 d-------- C:\Documents and Settings\Tambra Plummer\Application Data\SUPERAntiSpyware.com
2007-10-18 16:24:43 0 d-------- C:\Program Files\Webroot
2007-10-16 22:20:46 0 d-------- C:\Program Files\Imikimi
2007-10-02 14:04:11 774144 --a------ C:\Program Files\RngInterstitial.dll <Not Verified; RealNetworks, Inc.; RealNetworks, Inc. RngInterstitial>
2007-09-17 03:41:28 467872 --a------ C:\Program Files\setup.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [07/30/2004 10:04 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [05/31/2005 05:33 AM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [04/28/2005 02:34 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [10/14/2005 03:46 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 03:50 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [10/14/2005 03:49 PM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [08/11/2005 02:30 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/11/2005 02:30 PM]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [09/08/2005 08:20 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/13/2006 12:48 AM]
"ncoOSCheck"="C:\Program Files\Norton Confidential\osCheck.exe" [11/27/2006 08:40 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 12:59 AM]
"AcctMgr"="C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" [11/27/2006 08:43 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
"FLMOFFICE4DMOUSE"="C:\Program Files\Browser Mouse\MOffice.exe" [03/29/2007 01:19 PM]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [02/07/2007 05:39 PM]
"lxdimon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" [05/07/2007 01:07 PM]
"lxdiamon"="C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" [03/05/2007 07:40 AM]
"FaxCenterServer"="C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" [05/07/2007 01:10 PM]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/2002 09:32 PM]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 09:59 AM]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [11/04/2007 12:59 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [11/28/2007 07:51 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 09:59 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [1/13/2006 5:35:42 PM]
ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [8/2/2007 7:10:23 AM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [12/3/2007 11:10:00 AM]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe [8/28/2007 12:09:10 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^desktop.ini]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Tambra Plummer^Start Menu^Programs^Startup^IMVU.lnk]
path=C:\Documents and Settings\Tambra Plummer\Start Menu\Programs\Startup\IMVU.lnk
backup=C:\WINDOWS\pss\IMVU.lnkStartup

*Newly Created Service* - AD-WATCH_REGISTRY_FILTER
*Newly Created Service* - COMHOST



-- Hosts -----------------------------------------------------------------------

127.0.0.1 localhost


-- End of Deckard's System Scanner: finished at 2007-12-13 03:59:51 ------------

extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.20GHz
CPU 1: Intel® Pentium® 4 CPU 3.20GHz
Percentage of Memory in Use: 74%
Physical Memory (total/avail): 502.07 MiB / 126.26 MiB
Pagefile Memory (total/avail): 1471.23 MiB / 910.36 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.25 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 71.46 GiB total, 28.25 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800JD-75MSA1 - 74.5 GiB - 3 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 71.46 GiB - C:
\PARTITION2 - Unknown - 3 GiB

\\.\PHYSICALDRIVE1 - Lexmark USB Mass Storage USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

Edited by Papakid, 13 December 2007 - 07:45 AM.
Removed/fixed color tags

"What doesn't kill you, Makes you stronger"

#5 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 AM

Posted 13 December 2007 - 08:53 AM

Hi mistressbluz,

We didn't quite get all of the DSS log--what is missing is what I'm more interested in seeing. Please look in the C:\Deckard\System Scanner folder and post the entire contents of extra.txt in your next reply.

Also please do not use those light bright colors--makes your important information extremely difficult to read, especially for those of us over the age of 40. I also see you have been having trouble getting the tags correct for color and BBcode syntax. Before you use the Add Reply button, try Preview first to see if there was a problem and correct it if so before adding the reply. You can also look around in the New User Orientation forum for help with how BBCode works and then use Tests and Scribbles to experiment--often moderators keep an eye on this forum and will give personal help if they see that you are doing something consistently incorrectly or if you ask a BBcode question.

I'll be looking over the information you did post, but will forego any comments until I see the missing information. One question; is the new game you are referring to World of Warcraft?

The thing about people

is they change

when they walk away.--Mipso


#6 mistressbluz

mistressbluz
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Location:Maryland
  • Local time:06:52 AM

Posted 14 December 2007 - 01:19 AM

Papakid, I'm so very sorry, I'll just use regular black then, I've seemed to always have trouble with that for some reason, so I'll just stick to black then, my apologies, sometimes it seems like I seem to get nothing right huh? :thumbsup: Anyway the only thing I can see that I didnt send you as I went back to the folder as you've asked too is the following, if I'm incorrect please let me know, also to your question, yes it was World of Warcraft and he runs in on a private server.

Here is what I found that seems I didnt send after the extra.txt
which is here: and no not double posting (dont want to get into trouble for that just showing you what I found)

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.20GHz
CPU 1: Intel® Pentium® 4 CPU 3.20GHz
Percentage of Memory in Use: 74%
Physical Memory (total/avail): 502.07 MiB / 126.26 MiB
Pagefile Memory (total/avail): 1471.23 MiB / 910.36 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.25 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 71.46 GiB total, 28.25 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800JD-75MSA1 - 74.5 GiB - 3 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 71.46 GiB - C:
\PARTITION2 - Unknown - 3 GiB

\\.\PHYSICALDRIVE1 - Lexmark USB Mass Storage USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Norton Internet Security v2007 (Symantec Corporation)
AV: Norton Internet Security v2007 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Lexmark 3500-4500 Series\\app4r.exe"="C:\\Program Files\\Lexmark 3500-4500 Series\\App4R.exe:*:Enabled:Lexmark Imaging Studio"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1147405660\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1147405660\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1147405660\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1147405660\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Common Files\\AOL\\1149561588\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1149561588\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1149561588\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1149561588\\ee\\aim6.exe:*:Enabled:AIM"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\lxdicoms.exe"="C:\\WINDOWS\\system32\\lxdicoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe"="C:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\\Program Files\\Lexmark 3500-4500 Series\\App4R.exe"="C:\\Program Files\\Lexmark 3500-4500 Series\\App4R.exe:*:Enabled:Lexmark Imaging Studio"
"C:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"="C:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe:*:Enabled:ABBYY FineReader"
"C:\\Program Files\\Lexmark Fax Solutions\\FaxCtr.exe"="C:\\Program Files\\Lexmark Fax Solutions\\FaxCtr.exe:*:Enabled:Fax software"
"C:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"="C:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe:*:Enabled:Device Monitor"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe:*:Enabled:Printer Status Window Interface"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe:*:Enabled:Lexmark Connect Time Executable"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe:*:Enabled:Job Status Window Interface"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdiwbgw.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdiwbgw.exe:*:Enabled:Lexmark Web Gateway"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Tambra Plummer\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TAMART
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Tambra Plummer
LOGONSERVER=\\TAMART
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0403
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp
USERDOMAIN=TAMART
USERNAME=Tambra Plummer
USERPROFILE=C:\Documents and Settings\Tambra Plummer
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Tambra Plummer (admin)
Art Plummer (admin)
Buddy Plummer (admin)
Branden Plummer (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Yahoo!\Yahoo! Music Engine\oggcodecs\uninst.exe
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC067AB0-2594-4A7E-A1DE-ADEB7D15EB4B}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
ArcSoft PhotoImpression 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC888095-A35E-4993-A9E0-366BF6F0CCE0}\SETUP.EXE" -l0x9
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Browser Mouse --> C:\Program Files\Browser Mouse\uninst00.exe
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Creative WebCam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x9 /remove
Creative WebCam Instant Driver (1.01.02.0729) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script PD0620.uns -unsext NT -plugin P0620Pin.dll -pluginres P0620Pin.crl
Creative WebCam Instant User's Guide (English) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam Instant\Creative WebCam Instant User's Guide\English\CTManual.isu"
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal --> MsiExec.exe /I{B702CCCE-3176-4DBF-B932-D1B8F402F330}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DirectX Media Runtime 5.1 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DXM51.INF,Uninstall.NT
Dr Watson for Microsoft Windows OneCare Live v0.9.0944.26 --> MsiExec.exe /I{C544F99D-39EF-4E6D-95BE-4E41C1D8C4CB}
FinePix Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}\SETUP.EXE" -l0x9
FinePixViewer Resource --> C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
FinePixViewer Ver.5.3 --> C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
Forgotten Riddles - The Mayan Princess --> C:\PROGRA~1\SHOCKW~1.COM\FORGOT~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\FORGOT~1\INSTALL.LOG
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
GameTap --> C:\Program Files\InstallShield Installation Information\{67E158AF-8856-4337-B483-EA21930786AF}\setup.exe -runfromtemp -l0x0009 -removeonly
Get Yahoo! Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC067AB0-2594-4A7E-A1DE-ADEB7D15EB4B}\setup.exe" -l0x9 /remove
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Documents and Settings\Tambra Plummer\My Documents\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
ImageMixer VCD2 LE for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B093990A-AAF2-44AC-9216-14BB7A2189B6}\SETUP.EXE" -l0x9
Imikimi Plugin 0.4.0 --> MsiExec.exe /I{81D34E00-F747-4838-8DC1-BE2FCAEA85FF}
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Development Kit 6 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160000}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
KODAK EASYSHARE Gallery Upload ActiveX Control --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\Downloaded Program Files\axofupld.inf, Uninstall
Lavasoft VX2 Cleaner --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\INSTALL.LOG
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lexmark 3500-4500 Series --> C:\Program Files\Lexmark 3500-4500 Series\Install\x86\Uninst.exe
Lexmark Fax Solutions --> C:\Program Files\\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
MegaCam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77F69001-4D35-4BEA-A074-26DA04EA0CDA}\Setup.exe" -l0x9
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential --> MsiExec.exe /X{9B53ADAA-835E-48F4-84D1-4A881EADA729}
Norton Confidential --> MsiExec.exe /X{9EBA63B6-63CC-4BE1-8615-A27DA45BCAAF}
Norton Confidential (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{9EBA63B6-63CC-4BE1-8615-A27DA45BCAAF}_1_1_0_26\{9EBA63B6-63CC-4BE1-8615-A27DA45BCAAF}.exe" /X
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Crimeware Component --> MsiExec.exe /X{6150F302-C4EE-4C58-8FDB-B638CED3B556}
Norton Confidential MS redistributables --> MsiExec.exe /I{573CBD9D-1597-4BDF-9BA3-CF7B58163F1D}
Norton Confidential Web Authentification Component --> MsiExec.exe /X{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_3_0_12\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Password Manager --> MsiExec.exe /X{8C1D82F5-699B-4DDA-B29E-3A5697078E8B}
Norton Personal Privacy --> MsiExec.exe /X{2904E9F2-39CD-499E-A407-0930972597D4}
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
Norton Spyware Scan provided by Yahoo! --> C:\PROGRA~1\Yahoo!\Common\unynss.exe
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Panda ActiveScan Pro --> C:\WINDOWS\system32\ASProUni.exe Panda ActiveScan Pro
PowerDVD 5.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Qualxserve Service Agreement --> MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Ragnarok Sakray --> "C:\WINDOWS\IFinst27.exe" -UC:\Program Files\Gravity\RO\IFU290.inf
RGSS-RTP Standard --> MsiExec.exe /I{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}
Rhapsody Player Engine --> MsiExec.exe /I{84F1DE76-C48C-4281-87A0-CC9548D1E7F9}
SCRABBLE --> C:\PROGRA~1\YAHOO!~1\Scrabble\UNWISE.EXE /U C:\PROGRA~1\YAHOO!~1\Scrabble\INSTALL.LOG
Secure Game Player --> C:\Program Files\SkillJam Technologies\Secure Player\Uninstall.exe
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Smilebox --> "C:\Program Files\Smilebox\uninstall.exe"
Sonic Audio module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Symantec Technical Support Web Controls --> MsiExec.exe /X{9743AF47-B746-4324-B4C4-512E67D04370}
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AE}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Live Safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",?UninstallFunction@CwlscCore@@QAEXXZ
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
WoWgasmic Launcher --> rundll32.exe dfshim.dll,ShArpMaintain WoWgasmic Launcher.application, Culture=neutral, PublicKeyToken=aabc5c675aa301fd, processorArchitecture=msil
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Music Jukebox --> MsiExec.exe /X{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}
Yahoo! Search Protection --> C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type44258 / Error
Event Submitted/Written: 12/13/2007 01:13:13 AM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 564261486.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type44257 / Error
Event Submitted/Written: 12/13/2007 01:13:06 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module urlmon.dll, version 6.0.2900.3231, fault address 0x0003b5ce.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type44242 / Warning
Event Submitted/Written: 12/13/2007 01:10:00 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type44214 / Error
Event Submitted/Written: 12/12/2007 05:35:36 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 591212751.

Event Record #/Type44213 / Error
Event Submitted/Written: 12/12/2007 05:33:23 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application MySpaceIM.exe, version 1.0.739.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type36618 / Error
Event Submitted/Written: 12/13/2007 03:23:15 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.99.199 for the Network Card with network address 001320C2DA12 has been
denied by the DHCP server 192.168.99.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type36614 / Error
Event Submitted/Written: 12/13/2007 03:21:35 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type36613 / Error
Event Submitted/Written: 12/13/2007 03:07:32 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type36612 / Error
Event Submitted/Written: 12/13/2007 03:07:19 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Event Record #/Type36611 / Error
Event Submitted/Written: 12/13/2007 03:07:07 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}



-- End of Deckard's System Scanner: finished at 2007-12-13 03:59:51 ------------





-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
I have this, Is this what your looking for?

moved.txt?
Directories/Files moved to C:\Deckard\System Scanner\backup

2007-12-11 00:17:12 0 d---s---- C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\Cookies
2007-12-08 10:05:53 289 --a------ C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\D653F3EC.TMP
2007-12-11 16:14:55 0 d-------- C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\Google Toolbar
2007-12-12 18:19:37 4418056 --a------ C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\gt_updater_log.txt
2007-11-28 02:51:12 0 d---s---- C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\History
2007-12-10 20:23:41 0 d-------- C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\ImageUploader_Temp
2007-12-13 01:12:09 0 --a-----t C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\JET145E.tmp
2007-12-12 12:15:16 0 --a-----t C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\JET658E.tmp
2007-12-11 23:38:21 0 --a-----t C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\JETE743.tmp
2007-12-08 01:27:12 0 --a-----t C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\JETFBBB.tmp
2007-12-13 03:30:32 1867 --a------ C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\jusched.log
2007-11-25 19:30:08 0 d-------- C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\nsl5CC.tmp
2007-11-25 19:33:45 0 d-------- C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\nsz5DE.tmp
2007-12-11 16:15:37 194 --a------ C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\osCheck Vista Migration 2007-12-11 16h15m35s.log
2007-12-11 23:38:10 194 --a------ C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\osCheck Vista Migration 2007-12-11 23h38m10s.log
2007-12-12 00:58:59 194 --a------ C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\osCheck Vista Migration 2007-12-12 00h58m59s.log
2007-12-12 03:12:47 194 --a------ C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\osCheck Vista Migration 2007-12-12 03h12m47s.log
2007-12-12 12:14:47 194 --a------ C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\osCheck Vista Migration 2007-12-12 12h14m40s.log
2007-12-12 17:05:58 194 --a------ C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\osCheck Vista Migration 2007-12-12 17h05m58s.log
2007-12-13 01:11:49 194 --a------ C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\osCheck Vista Migration 2007-12-13 01h11m49s.log
2007-12-13 03:25:34 194 --a------ C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\osCheck Vista Migration 2007-12-13 03h25m34s.log
2007-12-12 01:00:16 476 --a------ C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\ScanMsgData_28919.lxk
2007-10-16 01:07:41 0 d---s---- C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\Temporary Internet Files
2007-12-13 03:29:08 857 --a------ C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\TWAIN.LOG
2007-12-13 03:29:08 4 --a------ C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\Twain001.Mtx
2007-12-13 03:29:08 156 --a------ C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\Twunk001.MTX
2007-12-11 02:28:42 0 --a------ C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\Twunk002.MTX
2007-12-07 23:17:37 0 d-------- C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\WER5bc2.dir00
2007-12-13 03:25:22 0 d-------- C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\WPDNSE
2007-11-28 17:38:19 0 d-------- C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\_ir_sf7_temp_0
2007-12-11 01:26:47 16384 --a------ C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\~DF34A6.tmp
2007-12-13 03:32:51 16384 --a------ C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\~DF3CA6.tmp
2007-12-05 17:29:52 16384 --a------ C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\~DF3CC8.tmp
2007-12-12 17:29:33 16384 --a------ C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\~DF82E8.tmp
2007-12-11 16:17:42 16384 --a------ C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\~DF93BA.tmp
2007-12-13 01:12:29 16384 --a------ C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\~DFB356.tmp
2007-11-24 23:52:22 32768 --a------ C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\~DFF3A0.tmp
2007-12-12 17:09:11 16384 --a------ C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\~DFF612.tmp
2007-11-24 18:10:03 1020 --a-----t C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\~ROMFN_00000214
2007-12-12 12:15:31 1020 --a-----t C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\~ROMFN_00000378
2007-12-13 01:12:38 1020 --a-----t C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\~ROMFN_0000052C
2007-12-11 23:38:53 1020 --a-----t C:\DOCUME~1\TAMBRA~1\LOCALS~1\Temp\~ROMFN_0000058C
2007-11-17 05:00:54 616448 --ahs---- C:\WINDOWS\temp\3a65sm2h.TMP
2007-10-05 15:28:25 308210 --a-----t C:\WINDOWS\temp\cc116F.tmp
2007-10-04 16:32:09 0 d---s---- C:\WINDOWS\temp\Cookies
2007-12-09 08:46:03 289 --a------ C:\WINDOWS\temp\D653F3EC.TMP
2007-10-04 16:31:39 0 d---s---- C:\WINDOWS\temp\History
2007-09-23 08:10:34 8192 --a-----t C:\WINDOWS\temp\JET119A.tmp
2007-10-16 00:25:38 9809920 --a-----t C:\WINDOWS\temp\JET13FB.tmp
2007-10-25 14:53:43 9912320 --a-----t C:\WINDOWS\temp\JET1A.tmp
2007-11-19 17:50:52 8192 --a-----t C:\WINDOWS\temp\JET1BD0.tmp
2007-10-09 01:46:47 8192 --a-----t C:\WINDOWS\temp\JET1D68.tmp
2007-12-02 16:11:55 8192 --a-----t C:\WINDOWS\temp\JET1D71.tmp
2007-09-27 15:23:26 9932800 --a-----t C:\WINDOWS\temp\JET1DA4.tmp
2007-11-18 10:29:57 9916416 --a-----t C:\WINDOWS\temp\JET1DF3.tmp
2007-12-12 16:28:22 0 --a-----t C:\WINDOWS\temp\JET1E1D.tmp
2007-11-09 00:35:46 8192 --a-----t C:\WINDOWS\temp\JET1E7F.tmp
2007-10-14 11:08:24 9867264 --a-----t C:\WINDOWS\temp\JET1ECD.tmp
2007-10-11 18:43:30 9924608 --a-----t C:\WINDOWS\temp\JET2193.tmp
2007-09-23 08:10:38 9920512 --a-----t C:\WINDOWS\temp\JET2234.tmp
2007-10-06 11:15:30 8192 --a-----t C:\WINDOWS\temp\JET23F0.tmp
2007-12-10 00:09:13 0 --a-----t C:\WINDOWS\temp\JET248A.tmp
2007-11-23 23:51:38 9912320 --a-----t C:\WINDOWS\temp\JET26EC.tmp
2007-10-02 01:05:46 9904128 --a-----t C:\WINDOWS\temp\JET273.tmp
2007-11-20 20:16:45 9801728 --a-----t C:\WINDOWS\temp\JET28D6.tmp
2007-12-08 23:46:27 0 --a-----t C:\WINDOWS\temp\JET2AE3.tmp
2007-11-11 00:16:39 9728000 --a-----t C:\WINDOWS\temp\JET2BED.tmp
2007-10-09 06:17:17 9822208 --a-----t C:\WINDOWS\temp\JET2F8.tmp
2007-10-08 03:34:26 9916416 --a-----t C:\WINDOWS\temp\JET2FF4.tmp
2007-12-08 21:28:36 8192 --a-----t C:\WINDOWS\temp\JET3101.tmp
2007-12-08 23:46:30 9818112 --a-----t C:\WINDOWS\temp\JET334F.tmp
2007-10-02 19:58:59 9920512 --a-----t C:\WINDOWS\temp\JET3515.tmp
2007-12-10 00:15:51 0 --a-----t C:\WINDOWS\temp\JET3825.tmp
2007-11-06 22:51:07 8192 --a-----t C:\WINDOWS\temp\JET3956.tmp
2007-12-09 23:53:33 0 --a-----t C:\WINDOWS\temp\JET3989.tmp
2007-10-06 14:28:30 8724480 --a-----t C:\WINDOWS\temp\JET4486.tmp
2007-11-25 18:35:42 9916416 --a-----t C:\WINDOWS\temp\JET45DA.tmp
2007-11-21 13:50:47 10027008 --a-----t C:\WINDOWS\temp\JET475F.tmp
2007-12-09 05:45:17 10125312 --a-----t C:\WINDOWS\temp\JET4B74.tmp
2007-11-30 17:50:10 9916416 --a-----t C:\WINDOWS\temp\JET4DEC.tmp
2007-12-09 23:53:39 0 --a-----t C:\WINDOWS\temp\JET4F92.tmp
2007-11-18 20:10:10 8192 --a-----t C:\WINDOWS\temp\JET52F6.tmp
2007-11-07 15:04:35 8192 --a-----t C:\WINDOWS\temp\JET550B.tmp
2007-11-25 03:49:57 9805824 --a-----t C:\WINDOWS\temp\JET57F5.tmp
2007-11-15 06:53:55 9908224 --a-----t C:\WINDOWS\temp\JET5F1F.tmp
2007-11-07 15:04:38 8437760 --a-----t C:\WINDOWS\temp\JET62A8.tmp
2007-11-03 13:52:47 8192 --a-----t C:\WINDOWS\temp\JET658F.tmp
2007-12-09 23:47:43 0 --a-----t C:\WINDOWS\temp\JET6898.tmp
2007-12-11 23:38:57 8192 --a-----t C:\WINDOWS\temp\JET7191.tmp
2007-12-11 23:38:58 9814016 --a-----t C:\WINDOWS\temp\JET7683.tmp
2007-10-20 22:16:52 8192 --a-----t C:\WINDOWS\temp\JET79FD.tmp
2007-12-09 23:47:49 0 --a-----t C:\WINDOWS\temp\JET7DF5.tmp
2007-11-23 23:15:49 9953280 --a-----t C:\WINDOWS\temp\JET7EA.tmp
2007-10-26 00:17:53 8192 --a-----t C:\WINDOWS\temp\JET7F5E.tmp
2007-11-24 18:10:13 9908224 --a-----t C:\WINDOWS\temp\JET80C4.tmp
2007-10-26 07:58:43 9928704 --a-----t C:\WINDOWS\temp\JET80D9.tmp
2007-11-05 22:26:42 9916416 --a-----t C:\WINDOWS\temp\JET83A8.tmp
2007-12-05 02:09:30 8192 --a-----t C:\WINDOWS\temp\JET8548.tmp
2007-12-04 00:05:30 9908224 --a-----t C:\WINDOWS\temp\JET8795.tmp
2007-12-08 01:26:43 8192 --a-----t C:\WINDOWS\temp\JET8796.tmp
2007-10-08 00:52:43 8192 --a-----t C:\WINDOWS\temp\JET8923.tmp
2007-12-05 02:09:31 9814016 --a-----t C:\WINDOWS\temp\JET896E.tmp
2007-11-18 21:48:45 9916416 --a-----t C:\WINDOWS\temp\JET8A35.tmp
2007-12-08 01:26:45 9904128 --a-----t C:\WINDOWS\temp\JET9001.tmp
2007-11-03 22:24:45 8192 --a-----t C:\WINDOWS\temp\JET920A.tmp
2007-12-07 18:19:46 8192 --a-----t C:\WINDOWS\temp\JET93BC.tmp
2007-10-02 23:13:50 8192 --a-----t C:\WINDOWS\temp\JET96F9.tmp
2007-11-20 23:30:33 8192 --a-----t C:\WINDOWS\temp\JET9714.tmp
2007-12-13 01:13:48 8192 --a-----t C:\WINDOWS\temp\JET981F.tmp
2007-12-13 01:13:49 9797632 --a-----t C:\WINDOWS\temp\JET9CA3.tmp
2007-10-05 11:36:32 9916416 --a-----t C:\WINDOWS\temp\JET9DE.tmp
2007-11-04 00:50:31 8192 --a-----t C:\WINDOWS\temp\JET9E53.tmp
2007-11-23 23:15:48 8192 --a-----t C:\WINDOWS\temp\JETA.tmp
2007-11-04 00:50:32 9916416 --a-----t C:\WINDOWS\temp\JETA170.tmp
2007-11-08 09:37:44 9883648 --a-----t C:\WINDOWS\temp\JETA1B0.tmp
2007-09-15 14:01:31 8192 -----n--- C:\WINDOWS\temp\JETA369.tmp
2007-12-08 08:19:23 9920512 --a-----t C:\WINDOWS\temp\JETA38E.tmp
2007-11-30 00:49:01 8192 --a-----t C:\WINDOWS\temp\JETA888.tmp
2007-09-20 14:08:27 9916416 --a-----t C:\WINDOWS\temp\JETAB16.tmp
2007-12-09 22:44:43 0 --a-----t C:\WINDOWS\temp\JETACE4.tmp
2007-11-11 00:23:46 8192 --a-----t C:\WINDOWS\temp\JETB18B.tmp
2007-10-09 17:55:59 8192 --a-----t C:\WINDOWS\temp\JETB211.tmp
2007-11-28 19:07:35 9912320 --a-----t C:\WINDOWS\temp\JETB43E.tmp
2007-09-30 23:38:52 10121216 --a-----t C:\WINDOWS\temp\JETBB3.tmp
2007-10-03 16:31:05 9920512 --a-----t C:\WINDOWS\temp\JETBCAF.tmp
2007-11-16 06:13:11 9916416 --a-----t C:\WINDOWS\temp\JETBEBD.tmp
2007-10-10 16:37:16 9916416 --a-----t C:\WINDOWS\temp\JETC11.tmp
2007-09-29 22:55:52 8192 --a-----t C:\WINDOWS\temp\JETC1AC.tmp
2007-11-22 09:32:16 10121216 --a-----t C:\WINDOWS\temp\JETC232.tmp
2007-12-06 00:16:36 8192 --a-----t C:\WINDOWS\temp\JETC38B.tmp
2007-11-17 01:11:22 8192 --a-----t C:\WINDOWS\temp\JETC7D9.tmp
2007-12-05 08:27:44 9916416 --a-----t C:\WINDOWS\temp\JETCEB.tmp
2007-11-02 14:17:37 9916416 --a-----t C:\WINDOWS\temp\JETCFF3.tmp
2007-11-28 18:14:05 8192 --a-----t C:\WINDOWS\temp\JETD130.tmp
2007-12-04 08:16:01 9338880 --a-----t C:\WINDOWS\temp\JETD2D0.tmp
2007-11-22 00:27:05 8192 --a-----t C:\WINDOWS\temp\JETD42F.tmp
2007-10-30 16:08:58 8192 --a-----t C:\WINDOWS\temp\JETD5E7.tmp
2007-10-06 15:29:50 9916416 --a-----t C:\WINDOWS\temp\JETD826.tmp
2007-11-03 14:55:02 9904128 --a-----t C:\WINDOWS\temp\JETD8FA.tmp
2007-10-11 12:38:46 8192 --a-----t C:\WINDOWS\temp\JETDB0.tmp
2007-11-25 13:31:37 8192 --a-----t C:\WINDOWS\temp\JETDB71.tmp
2007-10-18 19:11:17 9916416 --a-----t C:\WINDOWS\temp\JETDC65.tmp
2007-11-28 00:42:35 8192 --a-----t C:\WINDOWS\temp\JETDCC0.tmp
2007-11-09 02:10:28 9916416 --a-----t C:\WINDOWS\temp\JETDCC3.tmp
2007-11-28 00:42:35 9883648 --a-----t C:\WINDOWS\temp\JETDD7C.tmp
2007-11-08 21:18:00 9916416 --a-----t C:\WINDOWS\temp\JETDE5.tmp
2007-12-06 10:35:10 9940992 --a-----t C:\WINDOWS\temp\JETDE55.tmp
2007-12-11 13:54:43 8192 --a-----t C:\WINDOWS\temp\JETE347.tmp
2007-09-12 17:02:06 10125312 -----n--- C:\WINDOWS\temp\JETE3DF.tmp
2007-10-02 14:47:02 8192 --a-----t C:\WINDOWS\temp\JETE721.tmp
2007-09-22 21:54:20 8192 --a-----t C:\WINDOWS\temp\JETE955.tmp
2007-11-25 00:44:58 8192 --a-----t C:\WINDOWS\temp\JETEF9F.tmp
2007-12-10 18:50:05 9916416 --a-----t C:\WINDOWS\temp\JETEFF3.tmp
2007-12-12 03:13:01 9912320 --a-----t C:\WINDOWS\temp\JETF155.tmp
2007-12-08 04:48:50 0 --a-----t C:\WINDOWS\temp\JETF29D.tmp
2007-10-09 23:27:31 9908224 --a-----t C:\WINDOWS\temp\JETF3ED.tmp
2007-11-13 00:22:36 8192 --a-----t C:\WINDOWS\temp\JETF5B1.tmp
2007-11-07 15:56:41 8192 --a-----t C:\WINDOWS\temp\JETF76F.tmp
2007-12-08 04:48:51 0 --a-----t C:\WINDOWS\temp\JETF7AE.tmp
2007-11-16 00:34:05 8192 --a-----t C:\WINDOWS\temp\JETFA67.tmp
2007-11-19 19:53:48 9916416 --a-----t C:\WINDOWS\temp\JETFA8C.tmp
2007-09-30 08:47:56 9822208 --a-----t C:\WINDOWS\temp\JETFBA5.tmp
2007-11-11 06:23:52 9908224 --a-----t C:\WINDOWS\temp\JETFC3A.tmp
2007-11-28 02:30:34 9940992 --a-----t C:\WINDOWS\temp\JETFCDE.tmp
2007-11-07 15:56:43 9871360 --a-----t C:\WINDOWS\temp\JETFF9D.tmp
2007-11-03 12:52:16 9916416 --a-----t C:\WINDOWS\temp\JETFFFB.tmp
2007-10-06 15:10:30 616448 --ahs---- C:\WINDOWS\temp\ls5v84ny.TMP
2007-11-06 23:28:47 188 --a------ C:\WINDOWS\temp\lxdiscan.log
2007-07-20 15:47:24 439424 --a------ C:\WINDOWS\temp\NCO142.tmp <Verified; Symantec Corporation; Norton Confidential>
2007-07-20 15:47:24 149120 --a------ C:\WINDOWS\temp\NCO143.tmp <Verified; Symantec Corporation; Norton Confidential>
2007-07-20 15:47:24 284288 --a------ C:\WINDOWS\temp\NCO144.tmp
2007-11-27 22:09:24 880 --a------ C:\WINDOWS\temp\Norton_SPALOG_11_28_2007_90112062.txt
2007-09-18 17:13:23 1571 --a------ C:\WINDOWS\temp\Norton_SPALOG_9_18_2007_586296.txt
2007-12-09 00:16:41 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_2f4.dat
2007-11-08 21:22:37 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_384.dat
2007-11-22 09:40:42 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_558.dat
2007-11-15 06:49:11 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_5d0.dat
2007-12-04 08:30:20 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_634.dat
2007-12-08 04:49:25 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_640.dat
2007-11-11 00:17:16 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_65c.dat
2007-11-30 17:50:44 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_674.dat
2007-12-05 01:43:38 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_67c.dat
2007-12-09 23:47:36 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_688.dat
2007-11-16 06:16:21 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_6a0.dat
2007-12-05 08:29:11 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_72c.dat
2007-12-12 03:21:13 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_788.dat
2007-11-24 18:13:15 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_854.dat
2007-12-10 00:15:55 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_858.dat
2007-11-25 18:42:10 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_8b8.dat
2007-11-04 01:03:49 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_8c8.dat
2007-11-27 22:38:01 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_8e8.dat
2007-11-23 23:59:04 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_8f8.dat
2007-11-07 16:01:13 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_900.dat
2007-11-07 17:48:04 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_94c.dat
2007-11-25 14:59:37 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_9f0.dat
2007-11-11 14:27:12 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_a44.dat
2007-11-21 09:34:49 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_b64.dat
2007-12-13 01:15:52 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_bb4.dat
2007-11-18 21:55:55 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_bd4.dat
2007-12-11 23:40:49 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_c54.dat
2007-12-05 06:01:08 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_c58.dat
2007-12-03 11:40:22 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_c6c.dat
2007-12-04 00:10:08 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_d1c.dat
2007-12-08 01:30:09 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_d28.dat
2007-12-02 17:47:17 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_d88.dat
2007-12-02 17:21:15 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_dac.dat
2007-11-25 03:56:21 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_dc4.dat
2007-11-20 20:21:49 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_dec.dat
2007-11-07 15:15:16 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_df4.dat
2007-12-06 10:36:21 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_e50.dat
2007-11-26 21:09:38 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_e58.dat
2007-11-28 19:12:27 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_e7c.dat
2007-11-17 04:54:46 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_eb0.dat
2007-11-21 14:02:42 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_ed0.dat
2007-12-03 12:09:49 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_f68.dat
2007-12-10 00:29:22 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_f80.dat
2007-11-09 02:14:57 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_fb4.dat
2007-12-02 17:58:52 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_ff0.dat
2007-08-16 10:32:04 4276 --a------ C:\WINDOWS\temp\PK20B.tmp
2007-12-11 03:28:39 0 d-------- C:\WINDOWS\temp\slu1464.tmp
2007-11-23 23:13:30 0 d-------- C:\WINDOWS\temp\slu209a.tmp
2007-11-23 23:13:47 5291994 --a------ C:\WINDOWS\temp\slu2109.tmp
2007-11-23 23:13:49 0 d-------- C:\WINDOWS\temp\slu210c.tmp
2007-11-22 22:14:01 0 d-------- C:\WINDOWS\temp\slu2529.tmp
2007-11-22 22:14:15 5291994 --a------ C:\WINDOWS\temp\slu255a.tmp
2007-11-22 22:14:18 0 d-------- C:\WINDOWS\temp\slu2560.tmp
2007-11-22 22:14:26 1047303 --a------ C:\WINDOWS\temp\slu2584.tmp
2007-12-08 03:24:26 0 d-------- C:\WINDOWS\temp\slu26c3.tmp
2007-11-23 23:23:43 0 d-------- C:\WINDOWS\temp\slu2865.tmp
2007-11-23 23:24:15 5291994 --a------ C:\WINDOWS\temp\slu2912.tmp
2007-11-23 23:24:25 0 d-------- C:\WINDOWS\temp\slu2919.tmp
2007-11-24 00:00:44 0 d-------- C:\WINDOWS\temp\slu44ce.tmp
2007-11-24 00:01:11 5291994 --a------ C:\WINDOWS\temp\slu4554.tmp
2007-11-23 18:32:32 0 d-------- C:\WINDOWS\temp\slu49bd.tmp
2007-11-23 18:33:03 5291994 --a------ C:\WINDOWS\temp\slu4a2c.tmp
2007-11-23 18:33:06 0 d-------- C:\WINDOWS\temp\slu4a2f.tmp
2007-11-23 18:33:12 599645 --a------ C:\WINDOWS\temp\slu4a50.tmp
2007-11-23 10:14:43 0 d-------- C:\WINDOWS\temp\slu4cc0.tmp
2007-11-23 10:14:59 5291994 --a------ C:\WINDOWS\temp\slu4cfe.tmp
2007-11-23 10:15:03 0 d-------- C:\WINDOWS\temp\slu4d01.tmp
2007-11-23 10:15:10 4836129 --a------ C:\WINDOWS\temp\slu4d22.tmp
2007-11-23 02:01:56 0 d-------- C:\WINDOWS\temp\slu539d.tmp
2007-11-23 02:02:09 5291994 --a------ C:\WINDOWS\temp\slu53c4.tmp
2007-12-12 03:20:14 0 d-------- C:\WINDOWS\temp\slu5c15.tmp
2007-11-23 14:16:33 0 d-------- C:\WINDOWS\temp\slu5d7.tmp
2007-11-23 02:02:12 0 d-------- C:\WINDOWS\temp\slu61da.tmp
2007-11-23 14:16:53 5291994 --a------ C:\WINDOWS\temp\slu622.tmp
2007-11-23 14:17:00 0 d-------- C:\WINDOWS\temp\slu625.tmp
2007-11-22 18:03:59 0 d-------- C:\WINDOWS\temp\slu65ca.tmp
2007-11-22 18:04:13 5291994 --a------ C:\WINDOWS\temp\slu65fb.tmp
2007-11-22 18:04:22 15354938 --a------ C:\WINDOWS\temp\slu661c.tmp
2007-11-23 05:17:15 0 d-------- C:\WINDOWS\temp\slu691a.tmp
2007-11-23 05:17:29 5291994 --a------ C:\WINDOWS\temp\slu6948.tmp
2007-11-23 05:17:33 0 d-------- C:\WINDOWS\temp\slu694b.tmp
2007-11-23 05:17:38 4836129 --a------ C:\WINDOWS\temp\slu6968.tmp
2007-11-24 01:00:34 0 d-------- C:\WINDOWS\temp\slu7293.tmp
2007-11-24 01:00:54 5291994 --a------ C:\WINDOWS\temp\slu730b.tmp
2007-11-24 01:01:03 0 d-------- C:\WINDOWS\temp\slu730f.tmp
2007-11-22 18:04:14 0 d-------- C:\WINDOWS\temp\slu7661.tmp
2007-12-13 02:18:14 0 d-------- C:\WINDOWS\temp\slu7ac3.tmp
2007-11-23 00:06:13 0 d-------- C:\WINDOWS\temp\slu7b0c.tmp
2007-11-23 00:06:29 5291994 --a------ C:\WINDOWS\temp\slu7b43.tmp
2007-11-23 00:06:32 0 d-------- C:\WINDOWS\temp\slu7f3f.tmp
2007-11-23 06:03:22 0 d-------- C:\WINDOWS\temp\sluc25.tmp
2007-11-23 06:03:51 5291994 --a------ C:\WINDOWS\temp\slucc8.tmp
2007-11-23 06:04:02 0 d-------- C:\WINDOWS\temp\slucce.tmp
2007-10-03 16:04:23 431320 --a------ C:\WINDOWS\temp\SRTSP_MSI_I_10.2.1.8.log
2007-12-05 01:36:11 427922 --a------ C:\WINDOWS\temp\SRTSP_MSI_I_10.2.2.6.log
2007-10-03 16:05:30 364402 --a------ C:\WINDOWS\temp\SRTSP_MSI_U_(1)10.1.5.4.log
2007-12-05 01:36:52 279144 --a------ C:\WINDOWS\temp\SRTSP_MSI_U_(1)10.2.1.8.log
2007-10-03 16:05:30 4120 --a------ C:\WINDOWS\temp\SRTSP_Setup_10.2.1.8.log
2007-12-05 01:36:52 4120 --a------ C:\WINDOWS\temp\SRTSP_Setup_10.2.2.6.log
2007-12-05 01:36:27 7357 --a------ C:\WINDOWS\temp\srtUnin.log
2007-09-23 08:09:24 18982 --a------ C:\WINDOWS\temp\SST6.tmp
2007-12-05 01:35:18 34865 --a------ C:\WINDOWS\temp\SYMEVENT.LOG
2007-12-08 01:24:59 0 --a------ C:\WINDOWS\temp\T30DebugLogFile.txt
2007-10-04 16:31:38 0 d---s---- C:\WINDOWS\temp\Temporary Internet Files
2007-12-13 03:49:16 255 --a------ C:\WINDOWS\temp\WGAErrLog.txt
2007-12-13 03:25:10 409 --a------ C:\WINDOWS\temp\WGANotify.settings
2006-08-24 08:28:54 141424 --a------ C:\WINDOWS\Downloaded Program Files\asinst.dll <Verified; Panda Software; ActiveScan>
2006-03-31 11:17:16 135168 --a------ C:\WINDOWS\Downloaded Program Files\ASPROinst.dll <Not Verified; Panda Software; ASPRO>
2006-02-22 13:14:22 231072 --a------ C:\WINDOWS\Downloaded Program Files\avsniff.dll <Verified; Symantec Corporation; Symantec Security Check>
2006-02-22 13:14:26 198304 --a------ C:\WINDOWS\Downloaded Program Files\avsniffdlgs.dll <Verified; TODO: <Company name>; TODO: <Product name>>
2005-06-16 09:00:06 184392 --a------ C:\WINDOWS\Downloaded Program Files\axofupld.dll <Not Verified; Ofoto, Inc.; Easy Upload>
2006-02-22 13:07:06 537704 --a------ C:\WINDOWS\Downloaded Program Files\AXXPEE.dll <Verified; WholeSecurity,Inc.; WholeSecurity Confidence Online™ for Web Applications>
2005-09-08 20:20:54 778240 --a------ C:\WINDOWS\Downloaded Program Files\DiagCollectionControl.dll <Not Verified; Musicmatch, Inc.; Diagnostic Collection ActiveX control>
2007-08-07 14:34:30 2286936 --a------ C:\WINDOWS\Downloaded Program Files\dream.1.0.0.9.dll <Verified; PlayFirst, Inc.; dream.1.0.0.9>
2005-06-16 08:59:58 381000 --a------ C:\WINDOWS\Downloaded Program Files\easyupld.dll <Not Verified; Ofoto, Inc.; Easy Upload>
2006-02-22 13:07:08 42112 --a------ C:\WINDOWS\Downloaded Program Files\ecmldr32.dll <Verified; Symantec Corp.; ECOM Loader>
2006-03-08 01:00:00 288376 --a------ C:\WINDOWS\Downloaded Program Files\ecmsvr32.dll <Verified; Symantec Corporation; ECOM Server>
2006-09-20 19:06:44 94208 --a------ C:\WINDOWS\Downloaded Program Files\FunGamesLoader.dll <Not Verified; FUN Technologies, Inc.; Fun Games Game Loader ActiveX Control>
2002-03-15 14:18:58 348160 --a------ C:\WINDOWS\Downloaded Program Files\kdu_v32r.dll <Not Verified; The University of New South Wales; Kakadu Software Tools for JPEG2000>
2005-06-16 08:59:06 225353 --a------ C:\WINDOWS\Downloaded Program Files\liborca.dll <Not Verified; Ofoto, Inc.; ORCA Library>
2005-06-16 08:59:26 241742 --a------ C:\WINDOWS\Downloaded Program Files\liborca_comm.dll <Not Verified; Ofoto, Inc.; ORCA Library>
2004-10-27 13:10:26 111752 --a------ C:\WINDOWS\Downloaded Program Files\LSSupCtl.dll <Verified; Symantec Corporation; LiveReg>
2006-04-27 13:50:06 262237 --a------ C:\WINDOWS\Downloaded Program Files\MLauncherNew.dll <Not Verified; ; MLauncherNew Module>
2006-02-22 13:09:04 201896 --a------ C:\WINDOWS\Downloaded Program Files\navapi32.dll <Verified; Symantec Corp.; NAVAPI>
2006-03-08 01:00:00 124584 --a------ C:\WINDOWS\Downloaded Program Files\naveng32.dll <Verified; Symantec Corporation; Symantec Antivirus Engine>
2006-03-08 01:00:00 788136 --a------ C:\WINDOWS\Downloaded Program Files\navex32a.dll <Verified; Symantec Corporation; Symantec Antivirus Engine>
2005-06-16 08:58:56 118858 --a------ C:\WINDOWS\Downloaded Program Files\ofutils.dll <Not Verified; Ofoto, Inc.; OfotoNow>
2005-06-16 08:58:54 200776 --a------ C:\WINDOWS\Downloaded Program Files\ofxml.dll <Not Verified; Ofoto, Inc.; OfotoNow>
2006-02-22 13:14:52 161480 --a------ C:\WINDOWS\Downloaded Program Files\rufsi.dll <Verified; Symantec Corporation; Symantec Security Check>
2007-02-12 09:45:28 2020968 --a------ C:\WINDOWS\Downloaded Program Files\SandScript.1.0.0.21.dll <Verified; PlayFirst, Inc.; SandScript.1.0.0.21>
2005-06-17 00:25:02 1069056 --a------ C:\WINDOWS\Downloaded Program Files\tgctlsi.dll <Not Verified; SupportSoft, Inc.; tgctlsi Module>
2005-06-17 00:25:00 413696 --a------ C:\WINDOWS\Downloaded Program Files\tgctlsr.dll <Not Verified; SupportSoft, Inc.; tgctlsr Module>
2006-02-07 21:23:42 3141472 --a------ C:\WINDOWS\Downloaded Program Files\WebCleaner.dll <Verified; Microsoft Corporation; Windows Malicious Software Removal Tool>
2005-12-13 22:44:54 327408 --a------ C:\WINDOWS\Downloaded Program Files\wlscBase.dll <Verified; Microsoft Corp.; Microsoft® Windows Live Safety Center>
2002-10-08 12:37:34 204800 --a------ C:\WINDOWS\Downloaded Program Files\yuplapp.dll <Not Verified; Yahoo! Inc.; Yahoo! Webcam>
2002-10-08 12:36:38 253952 --a------ C:\WINDOWS\Downloaded Program Files\ywcupl.dll <Not Verified; Yahoo! Inc.; Yahoo! Webcam>
2007-08-15 17:19:18 2147680 --a------ C:\WINDOWS\Downloaded Program Files\zenerchi.1.0.0.10.dll <Verified; PlayFirst, Inc.; zenerchi.1.0.0.10>
2006-08-29 13:17:22 161976 --a------ C:\WINDOWS\Downloaded Program Files\zylomgamesplayer.dll <Verified; Zylom Games; Zylom Games Player>
2003-11-17 18:06:16 122880 --a------ C:\WINDOWS\Downloaded Program Files\cubis.ocx <Not Verified; ; Cubis>
2005-07-12 10:51:36 397312 --a------ C:\WINDOWS\Downloaded Program Files\DIGHardwareControl.ocx <Not Verified; Walt Disney Internet Group; Hardware Control>
2002-08-07 14:20:00 86016 --a------ C:\WINDOWS\Downloaded Program Files\hangman.ocx <Not Verified; Worldwinner.com; Hangmania>
2006-05-05 18:46:56 2039808 --a------ C:\WINDOWS\Downloaded Program Files\ImageUploader3.ocx <Not Verified; Slide, Inc.; Slide Image Uploader>
2006-09-26 17:52:06 255648 --a------ C:\WINDOWS\Downloaded Program Files\luxor.ocx <Verified; WorldWinner; Luxor>
2007-10-31 12:03:14 2629248 --a------ C:\WINDOWS\Downloaded Program Files\MySpaceUploader.ocx <Verified; MySpace, Inc.; MySpace Image Uploader>
2007-01-30 14:07:22 542328 --a------ C:\WINDOWS\Downloaded Program Files\scrabblecubes.ocx <Verified; WorldWinner; Scrabble Cubes>
2005-06-30 12:10:22 157304 --a------ C:\WINDOWS\Downloaded Program Files\sol.ocx <Verified; WorldWinner; Solitaire Rush>
2004-04-21 16:27:54 143360 --a------ C:\WINDOWS\Downloaded Program Files\wordmojo.ocx <Not Verified; ; WordMojo>
2007-02-05 15:36:36 75368 --a------ C:\WINDOWS\Downloaded Program Files\wwlaunch.ocx <Verified; WorldWinner; Games>

-*- End of Logfile -*-


Please let me know but that's all that I have except for the first file which is entitled main.txt then a folder is inside of the file also called back up and when I click on that there are two files inside of there called: Documen~1 and Windows.

Again, Thank you for your time and patience, I hope this came through better then the light color. Again, My apologies. In his love, Tam!

Edited by mistressbluz, 14 December 2007 - 01:29 AM.

"What doesn't kill you, Makes you stronger"

#7 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 AM

Posted 17 December 2007 - 12:12 AM

Hi Tam,

Sorry for the delay. I started a reply to you but had to back out of it because of some other things that came up.

Not much there but a few things, mostly low level adware and I think leftovers that your security software has cleaned up, but just missed a few deletions. So it still doesn't look very serious, however there are a couple of mystery drivers I would like to look into--at this point I can't really tell if they are active or not.

Before I get started on instructions, I want yout to know that you're doing fine. Just maybe slow down a little bit and read instructions carefully and follow them exactly. I try to be very precise in that there is a reason for everything we ask you to do, some of which may not seem very important to you. For example, you should save DSS.exe to your desktop as instructed--it appears you opened it with your browser. Also I asked you to repost the entire extra.txt only--I know you are trying to be co-operative, but I didn't ask for the moved.txt file, so posting it was unnecessary.

Like the bright colors, it's not that big a deal so don't be so hard on yourself we'll work thru it. Maybe just concentrate a little more. Also don't wory about double-posting if it is something that I've asked for. There is important information in these logs, that can be very long, so we want to see that information no matter how any posts it takes.

So for now, just do this:

Please download Combofix to your desktop.

Doubleclick ComboFix.exe to launch the application.

Follow the prompts that will be displayed on the screen.

Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, it should produce a log, combofix.txt. Note that some cleaning may require a reboot, so it won't be finished until that is done.

Post this log in your next reply.

Note - Your internet connection will be terminated while ComboFix runs. Do Not attempt to re-enable it. Should ComboFix terminate prematurely, restart the computer to restore connectivity.


World of Warcraft is not a problem in and of itself, but a whole economy has grown up around it and other multi-player games when it was discovered that some people will pay money for virtual goods that is supposed to be earned by accomplishing certain goals in online play. Some of the nastiest malware out there is designed just to log into such games so that it can steal those virtual goods and for other purposes. The other games that show up in your log I wouldn't worry about--they shouldn't drag down your system except maybe a little while you are on the website playing them.

You may not have much to worry about with WOW either, I just notice you have four main user accounts on your ocmputer--looks like you, your husband and two children. It's possible you have an infection but it may not all show up unless you are logged into the account that was originally affected. I still think the slowdown is a problem with Norton--I've seen it too many times--but I may be asking for some other logs while logged into those other accounts to be sure.

The thing about people

is they change

when they walk away.--Mipso


#8 mistressbluz

mistressbluz
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Location:Maryland
  • Local time:06:52 AM

Posted 17 December 2007 - 03:27 AM

Here goes, Hope I did this right...LOL, I know sometimes I'm too hard on myself that's only because I hate feeling stupid, Hope you can understand that....Anyway, this didnt take very long, and I followed your instructions and also the instructions on the little blue screen to the letter this time, the following is the log in which you need In following directions I was making sure I did it correctly though because it did run fast and it isnt very long, so could you let me know as I still have it on my desktop like you asked, and it did reboot my system one time, but like I said, it ran quickly. Thanks again your really terrific! :thumbsup:

ComboFix 07-12-16.4 - Tambra Plummer 2007-12-17 3:07:35.1 - NTFSx86
Running from: C:\Documents and Settings\Tambra Plummer\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\setup.exe
C:\WINDOWS\system32\launcher.exe

.
((((((((((((((((((((((((( Files Created from 2007-11-17 to 2007-12-17 )))))))))))))))))))))))))))))))
.

2007-12-14 17:52 . 2007-12-14 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LxThumbs
2007-12-13 13:10 . 2007-12-13 13:10 <DIR> d-------- C:\Documents and Settings\Tambra Plummer\Application Data\Skype
2007-12-13 03:53 . 2007-10-06 23:37 401,720 --a------ C:\Program Files\Tambra Plummer.exe
2007-12-13 03:37 . 2007-12-13 03:37 <DIR> d-------- C:\Deckard
2007-12-12 18:47 . 2005-09-28 17:22 266 --a------ C:\WINDOWS\KA.INI
2007-12-12 03:01 . 2007-12-12 03:02 1,393 --a------ C:\WINDOWS\imsins.BAK
2007-12-09 21:59 . 2007-12-10 04:22 <DIR> d-------- C:\Program Files\World of Warcraft
2007-12-09 21:56 . 2007-12-09 22:02 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-12-09 20:49 . 2007-12-09 20:49 <DIR> d-------- C:\Program Files\Application Files
2007-12-08 02:04 . 2007-12-14 03:27 <DIR> d-------- C:\Documents and Settings\Tambra Plummer\Application Data\ForgottenRiddles
2007-12-07 15:17 . 2007-12-07 15:17 <DIR> d-------- C:\Program Files\There
2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-28 17:38 . 2007-11-28 17:47 <DIR> d-------- C:\Program Files\Coupons
2007-11-28 17:38 . 2007-11-28 17:38 202,072 -rah----- C:\WINDOWS\system32\cpnprt2.cid
2007-11-28 17:38 . 2007-11-28 17:38 82 --ah----- C:\WINDOWS\WindowsShellOld.Manifest.1
2007-11-28 17:38 . 2007-11-28 17:38 31 --ah----- C:\WINDOWS\uccspecc.sys
2007-11-25 21:54 . 2007-11-25 21:54 84,051,825 --a------ C:\WINDOWS\pav.sig
2007-11-25 21:45 . 2007-12-05 03:46 <DIR> d-------- C:\WINDOWS\system32\ASPRO
2007-11-25 21:45 . 2005-10-20 10:34 69,632 --a------ C:\WINDOWS\system32\asprouni.exe
2007-11-25 21:45 . 2007-12-05 02:42 30,590 --a------ C:\WINDOWS\system32\pavaspro.ico
2007-11-25 21:45 . 2007-12-05 02:42 3,377 --a------ C:\WINDOWS\system32\.ico
2007-11-25 21:45 . 2007-12-05 02:42 2,550 --a------ C:\WINDOWS\system32\Uninstallpro.ico
2007-11-25 21:45 . 2007-12-05 02:42 1,406 --a------ C:\WINDOWS\system32\Helppro.ico
2007-11-25 20:46 . 2007-11-25 20:56 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-25 20:46 . 2007-11-25 20:46 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-11-25 20:46 . 2007-11-25 20:46 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-11-25 20:46 . 2007-11-25 20:46 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-11-25 15:21 . 2007-11-25 15:26 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-17 08:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-17 01:09 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-16 18:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-14 08:39 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-13 08:56 15,642 ----a-w C:\Program Files\hijackthis.log
2007-12-13 08:20 --------- d-----w C:\Program Files\backups
2007-12-13 06:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-11 05:21 --------- d-----w C:\Program Files\Google
2007-12-10 05:14 --------- d-----w C:\Program Files\Shockwave.com
2007-12-10 01:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-12-08 04:07 --------- d-----w C:\Program Files\CCleaner
2007-12-05 08:35 --------- d-----w C:\Program Files\Lexmark Fax Solutions
2007-12-05 08:35 --------- d-----w C:\Program Files\Lexmark 3500-4500 Series
2007-12-05 08:30 --------- d-----w C:\Program Files\FinePixViewer
2007-12-05 08:30 --------- d-----w C:\Program Files\Digital Line Detect
2007-12-05 08:24 --------- d-----w C:\Program Files\Browser Mouse
2007-12-05 06:35 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-05 06:35 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-05 06:35 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-05 06:35 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-05 06:35 --------- d-----w C:\Program Files\Symantec
2007-11-26 00:33 --------- d-----w C:\Program Files\iWin.com
2007-11-26 00:10 --------- d-----w C:\Program Files\Microsoft Games
2007-11-25 00:51 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2007-11-16 11:09 --------- d-----w C:\Program Files\Norton Internet Security
2007-11-16 02:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-14 12:46 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-11-14 07:26 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-06 03:18 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-04 05:28 --------- d-----w C:\Program Files\Lavasoft
2007-11-04 05:28 --------- d-----w C:\Documents and Settings\Tambra Plummer\Application Data\Lavasoft
2007-11-04 05:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-04 05:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-31 18:03 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
2007-10-31 00:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-10-31 00:55 39,856 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-10-31 00:55 37,936 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
2007-10-31 00:55 35,120 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-10-31 00:55 27,696 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-10-31 00:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-10-31 00:55 191,536 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-10-31 00:55 145,968 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-10-31 00:55 12,848 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-10-31 00:24 12,963 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2007-10-31 00:24 1,358 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2007-10-30 23:11 --------- d-----w C:\Program Files\Common Files\Real
2007-10-30 09:55 3,065,856 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-18 21:28 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-10-18 21:25 --------- d-----w C:\Documents and Settings\Tambra Plummer\Application Data\SUPERAntiSpyware.com
2007-10-18 21:24 --------- d-----w C:\Program Files\Webroot
2007-10-17 03:20 --------- d-----w C:\Program Files\Imikimi
2007-10-11 05:57 96,256 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-10-11 05:57 666,112 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-11 05:57 617,984 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-11 05:57 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-11 05:57 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-11 05:57 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 05:57 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-11 05:57 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-10-11 05:57 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-10-11 05:57 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-10-11 05:57 205,824 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-11 05:57 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-11 05:57 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 05:57 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-11 05:57 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 05:57 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 05:57 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 10:48 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-10-07 04:37 401,720 ----a-w C:\Program Files\HiJackThis.exe
2007-10-02 19:04 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-10-01 04:43 2,628,288 ----a-w C:\ccsetup201.exe
2007-09-30 06:59 36,343,296 ----a-w C:\gametap_setup.exe
2007-09-17 08:41 467,872 ----a-w C:\Program Files\setup.exe
2007-07-19 07:18 2,720,456 ----a-w C:\Program Files\ccsetup141.exe
2007-07-04 01:01 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2007-03-16 04:24 1,027,090 ----a-w C:\Program Files\wowclient-downloader.exe
2007-03-12 02:56 370,304 ----a-w C:\Program Files\jdk-6-windows-i586-iftw.exe
2007-03-12 01:18 7,718,504 ----a-w C:\Program Files\winzip110.exe
2007-03-12 01:08 278,752 ----a-w C:\Program Files\HostsXpert.zip
2007-01-01 20:41 6,731 ----a-w C:\WINDOWS\Cursors\futbol.zip
2006-12-13 05:51 36,808,256 ----a-w C:\Program Files\iTunesSetup.exe
2006-12-03 04:21 13,111,472 ----a-w C:\WINDOWS\Cursors\sspsetup1_.exe
2006-12-02 19:53 20,059 ----a-w C:\WINDOWS\Cursors\xmascur.zip
2006-12-02 18:23 19,439 ----a-w C:\WINDOWS\Cursors\christmasicn1.zip
2006-08-05 03:47 7,909,888 ----a-w C:\Program Files\WindowsDefenderX64.msi
2006-08-04 17:28 286,711 ----a-w C:\Program Files\gmer.zip
2006-08-04 05:49 16,442 ----a-w C:\Program Files\Startup Programs (TAMART) 2006-08-04 01.47.51.txt
2006-08-04 05:47 298,840 ----a-w C:\Program Files\Silent Runners.vbs
2006-06-14 20:34 24,070,456 ----a-w C:\Program Files\wmp11-windowsxp-x86-enu.exe
2006-06-07 00:49 745,531 ----a-w C:\Program Files\gmer.exe
2006-05-29 14:27 1,082,372 ----a-w C:\Program Files\uqm-0[1].4.0-win32-installer.exe
2006-05-20 14:23 6,615,968 ----a-w C:\Program Files\instsoe.exe
2006-05-17 18:45 5,616,888 ----a-w C:\Program Files\winamp521_full_emusic-7plus.exe
2006-07-23 18:55 88 --sh--r C:\WINDOWS\system32\0ACFD94F5C.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2004-07-30 10:04]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-04-28 14:34]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 15:46]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 15:50]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 15:49]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 14:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 14:30]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-08 20:20]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-13 00:48]
"ncoOSCheck"="C:\Program Files\Norton Confidential\osCheck.exe" [2006-11-27 20:40]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59]
"AcctMgr"="C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" [2006-11-27 20:43]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"FLMOFFICE4DMOUSE"="C:\Program Files\Browser Mouse\MOffice.exe" [2007-03-29 13:19]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-02-07 17:39]
"lxdimon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-05-07 13:07]
"lxdiamon"="C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-03-05 07:40]
"FaxCenterServer"="C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" [2007-05-07 13:10]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2007-11-04 00:59]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 02:33]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 06:00 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\Art Plummer\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2006-07-29 22:20:59]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-01-13 17:35:42]
ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2007-08-02 07:10:23]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-12-03 11:10:00]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe [2007-08-28 12:09:10]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^desktop.ini]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Tambra Plummer^Start Menu^Programs^Startup^IMVU.lnk]
path=C:\Documents and Settings\Tambra Plummer\Start Menu\Programs\Startup\IMVU.lnk
backup=C:\WINDOWS\pss\IMVU.lnkStartup

R2 CdaD10BA;CdaD10BA;\??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS
R2 CWMonitor;Symantec Crimeware Protection Driver;\??\C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\Monitor.sys
R2 lxdi_device;lxdi_device;C:\WINDOWS\system32\lxdicoms.exe -service
R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
R2 X4HSX32;X4HSX32;\??\C:\Program Files\GameTap\bin\Release\X4HSX32.Sys
R3 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\moufiltr.sys
S3 dump_wmimmc;dump_wmimmc;\??\C:\Program Files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys
S3 XDva031;XDva031;\??\C:\WINDOWS\system32\XDva031.sys

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-16 17:50:01 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Tambra Plummer.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-17 03:12:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-17 3:13:48
.
2007-12-12 08:04:53 --- E O F ---
"What doesn't kill you, Makes you stronger"

#9 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 AM

Posted 12 January 2008 - 09:03 AM

Hi mistressbluz,

My apologies for the very long delay. Since it has been so long, I would like for you to download and run ComboFix again. Review Post #7 for instructions. ComboFix should still be on your desktop, so when you save the new download you will be asked if you wanted to replace it--click OK to allow it to overwrite the old copy.

When that is done, in addition, please log in to each user account on the computer, scan with HijackThis, and post each of those logs.

Sorry about all this again--hope you had pleasant holidays. In future, please send me a Personal Message if you aren't getting a timely response.

The thing about people

is they change

when they walk away.--Mipso


#10 mistressbluz

mistressbluz
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Location:Maryland
  • Local time:06:52 AM

Posted 12 January 2008 - 11:54 PM

Sorry PapaKid next time I've added you as a friend, I'll send you a PM.....Anyway, here is my new combofix report and I'll also include all HJT logs in this also, this is going to be a long one huh? This didnt look much different to me, expect for in the beginning it says, "Something about a recovery console not installed" I dont remember seeing that last time, I guess you'll see it and try and explain it to me....I was like..What is that all about...Anyway, here we go....

ComboFix 08-01-13.1 - Tambra Plummer 2008-01-12 23:29:22.2 - NTFSx86
Running from: C:\Documents and Settings\Tambra Plummer\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))
.

2008-01-12 23:28 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 16:17 . 2008-01-12 16:17 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-12 16:17 . 2008-01-12 16:17 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-08 00:01 . 2008-01-08 01:15 <DIR> d-------- C:\Program Files\IMVU
2007-12-25 13:49 . 2007-12-25 13:49 <DIR> d--hs---- C:\found.001
2007-12-23 04:40 . 2007-12-23 04:40 <DIR> d-------- C:\Documents and Settings\Tambra Plummer\Application Data\Flood Light Games
2007-12-23 04:40 . 2007-12-23 04:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Flood Light Games
2007-12-20 03:05 . 2007-12-20 03:05 <DIR> d--hs---- C:\found.000
2007-12-19 03:35 . 2007-12-19 03:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Christmasville
2007-12-14 17:52 . 2007-12-14 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LxThumbs
2007-12-13 13:10 . 2007-12-13 13:10 <DIR> d-------- C:\Documents and Settings\Tambra Plummer\Application Data\Skype
2007-12-13 03:53 . 2007-10-06 23:37 401,720 --a------ C:\Program Files\Tambra Plummer.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 04:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-12 16:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-08 06:10 --------- d-----w C:\Documents and Settings\Branden Plummer\Application Data\IMVU
2008-01-07 14:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-07 00:10 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-05 12:54 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-01-05 09:46 --------- d-----w C:\Program Files\Lexmark Fax Solutions
2008-01-05 09:46 --------- d-----w C:\Program Files\Lexmark 3500-4500 Series
2008-01-05 09:36 --------- d-----w C:\Program Files\FinePixViewer
2008-01-05 09:34 --------- d-----w C:\Program Files\Digital Line Detect
2008-01-05 09:23 --------- d-----w C:\Program Files\Browser Mouse
2007-12-30 07:52 --------- d-----w C:\Program Files\Shockwave.com
2007-12-27 06:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-12-27 06:53 12,396 ----a-w C:\WINDOWS\Cursors\wintericon.zip
2007-12-23 10:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-14 08:27 --------- d-----w C:\Documents and Settings\Tambra Plummer\Application Data\ForgottenRiddles
2007-12-13 08:56 15,642 ----a-w C:\Program Files\hijackthis.log
2007-12-13 08:20 --------- d-----w C:\Program Files\backups
2007-12-11 05:21 --------- d-----w C:\Program Files\Google
2007-12-10 09:22 --------- d-----w C:\Program Files\World of Warcraft
2007-12-10 03:02 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-12-10 01:49 --------- d-----w C:\Program Files\Application Files
2007-12-08 04:07 --------- d-----w C:\Program Files\CCleaner
2007-12-07 20:17 --------- d-----w C:\Program Files\There
2007-12-05 06:35 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-05 06:35 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-05 06:35 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-05 06:35 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-05 06:35 --------- d-----w C:\Program Files\Symantec
2007-12-01 04:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 04:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 04:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 04:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 04:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 04:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 04:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 04:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 04:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-28 22:47 --------- d-----w C:\Program Files\Coupons
2007-11-26 00:33 --------- d-----w C:\Program Files\iWin.com
2007-11-26 00:10 --------- d-----w C:\Program Files\Microsoft Games
2007-11-25 00:51 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2007-11-16 11:09 --------- d-----w C:\Program Files\Norton Internet Security
2007-11-16 02:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-14 07:26 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-31 18:03 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
2007-10-31 00:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-10-31 00:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 09:55 3,065,856 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-07 04:37 401,720 ----a-w C:\Program Files\HiJackThis.exe
2007-10-02 19:04 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-09-17 08:41 467,872 ----a-w C:\Program Files\setup.exe
2007-07-19 07:18 2,720,456 ----a-w C:\Program Files\ccsetup141.exe
2007-07-04 01:01 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2007-03-16 04:24 1,027,090 ----a-w C:\Program Files\wowclient-downloader.exe
2007-03-12 02:56 370,304 ----a-w C:\Program Files\jdk-6-windows-i586-iftw.exe
2007-03-12 01:18 7,718,504 ----a-w C:\Program Files\winzip110.exe
2007-03-12 01:08 278,752 ----a-w C:\Program Files\HostsXpert.zip
2007-01-01 20:41 6,731 ----a-w C:\WINDOWS\Cursors\futbol.zip
2006-12-13 05:51 36,808,256 ----a-w C:\Program Files\iTunesSetup.exe
2006-12-03 04:21 13,111,472 ----a-w C:\WINDOWS\Cursors\sspsetup1_.exe
2006-12-02 19:53 20,059 ----a-w C:\WINDOWS\Cursors\xmascur.zip
2006-12-02 18:23 19,439 ----a-w C:\WINDOWS\Cursors\christmasicn1.zip
2006-08-05 03:47 7,909,888 ----a-w C:\Program Files\WindowsDefenderX64.msi
2006-08-04 17:28 286,711 ----a-w C:\Program Files\gmer.zip
2006-08-04 05:49 16,442 ----a-w C:\Program Files\Startup Programs (TAMART) 2006-08-04 01.47.51.txt
2006-08-04 05:47 298,840 ----a-w C:\Program Files\Silent Runners.vbs
2006-06-14 20:34 24,070,456 ----a-w C:\Program Files\wmp11-windowsxp-x86-enu.exe
2006-06-07 00:49 745,531 ----a-w C:\Program Files\gmer.exe
2006-05-29 14:27 1,082,372 ----a-w C:\Program Files\uqm-0[1].4.0-win32-installer.exe
2006-05-20 14:23 6,615,968 ----a-w C:\Program Files\instsoe.exe
2006-05-17 18:45 5,616,888 ----a-w C:\Program Files\winamp521_full_emusic-7plus.exe
2006-05-16 21:34 51,712 ----a-w C:\Program Files\PC030904.doc
2006-04-22 18:26 4,765,308 ----a-w C:\Program Files\amarafpa.exe
2006-04-17 18:14 12,689 ----a-w C:\WINDOWS\Cursors\balloonicn.zip
2006-04-02 02:48 6,052 ----a-w C:\WINDOWS\Cursors\eastericons.zip
2006-03-24 01:41 2,974,206 ----a-w C:\Program Files\FilmLoopSetup.exe
2006-03-23 15:18 8,771,968 ----a-w C:\Program Files\sspsetup1_1857056449.exe
2006-03-12 17:13 5,037,072 ----a-w C:\Program Files\spybotsd14.exe
2006-02-17 21:13 30,271 ----a-w C:\WINDOWS\Cursors\faceicon.zip
2006-02-17 03:42 19,342 ----a-w C:\WINDOWS\Cursors\animlicn.zip
2006-01-31 19:25 7,027,648 ----a-w C:\Program Files\yahoo_magicmatch1-1_tm5-3.exe
2006-01-26 23:20 5,834,344 ----a-w C:\Program Files\winzip100.exe
2006-01-26 23:16 2,855,080 ----a-w C:\Program Files\aawsepersonal.exe
2006-01-26 23:07 4,764,224 ----a-w C:\Program Files\yahoo61.exe
2006-01-26 22:56 173,120 ----a-w C:\Program Files\yinst_current.exe
2002-07-01 14:13 218 --sha-w C:\Documents and Settings\All Users\Application Data\databack.dat
2006-07-23 18:55 88 --sh--r C:\WINDOWS\system32\0ACFD94F5C.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59 224248]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51 583048]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-04-28 14:34 53248]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2007-11-04 00:59 2250104]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59 224248]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-13 00:48 282624]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-02-07 17:39 771704]
"ncoOSCheck"="C:\Program Files\Norton Confidential\osCheck.exe" [2006-11-27 20:40 120488]
"lxdimon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-05-07 13:07 435120]
"lxdiamon"="C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-03-05 07:40 20480]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 14:30 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 14:30 249856]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 15:49 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 15:50 114688]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 15:46 77824]
"FLMOFFICE4DMOUSE"="C:\Program Files\Browser Mouse\MOffice.exe" [2007-03-29 13:19 958464]
"FaxCenterServer"="C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" [2007-05-07 13:10 312240]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33 122941]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"AcctMgr"="C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" [2006-11-27 20:43 591488]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-08 20:20 8192]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2004-07-30 10:04 245760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 02:33 8720384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 06:00 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\Art Plummer\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2006-07-29 22:20:59]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-01-13 17:35:42]
ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2007-08-02 07:10:23]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe [2007-08-28 12:09:10]

R2 CWMonitor;Symantec Crimeware Protection Driver;C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\Monitor.sys [2006-10-05 09:41]
R2 lxdi_device;lxdi_device;C:\WINDOWS\system32\lxdicoms.exe [2007-04-26 10:38]
R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-04-26 10:38]
R2 X4HSX32;X4HSX32;C:\Program Files\GameTap\bin\Release\X4HSX32.Sys [2007-10-06 21:24]
R3 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\moufiltr.sys [2007-03-29 13:19]
S3 dump_wmimmc;dump_wmimmc;C:\Program Files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys []
S3 XDva031;XDva031;C:\WINDOWS\system32\XDva031.sys []

*Newly Created Service* - AD-WATCH_REAL-TIME_SCANNER
*Newly Created Service* - AD-WATCH_REGISTRY_FILTER
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-12 11:01:33 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Tambra Plummer.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-12 23:37:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\ArcSoft\PhotoImpression 5\share\pihook.dll
.
Completion time: 2008-01-12 23:45:34
ComboFix2.txt 2007-12-17 08:13:51
.
2008-01-09 08:02:44 --- E O F ---

Hijack this log from Myself:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:47 PM, on 1/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\CWDefScn.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Browser Mouse\MOffice.exe
C:\Program Files\Browser Mouse\MOUSE32A.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mycablespeed.com/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ncoOSCheck] "C:\Program Files\Norton Confidential\osCheck.exe"
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] "C:\Program Files\Browser Mouse\MOffice.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AcctMgr] "C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" /startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CAMTRAY.EXE"
O4 - HKCU\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: IMVU.lnk = C:\Program Files\IMVU\gui1.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: IMVU.lnk = C:\Program Files\IMVU\gui1.exe (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\gui1.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Branden Plummer\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v46/share...GamesLoader.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex...wareControl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/downl...lscbase3401.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141959034171
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://dell.kodakgallery.com/downloads/BUM..._1/axofupld.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://www.shockwave.com/content/dreamchro...web.1.0.0.9.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - https://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v45/wordmojo/wordmojo.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v55/cubis/cubis.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v45/sol/sol.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v48/luxor/luxor.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) - http://www.shockwave.com/content/zenerchi/...eb.1.0.0.10.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.gamehouse.com/games/zylom/zylomplayer.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} (CPlayFirstSandScriptControl Object) - http://www.gamehouse.com/realarcade-webgam.../SandScript.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 15313 bytes

Now I"m going to run the other's and put them in a separate message right under this one altogether..Thanks again!
"What doesn't kill you, Makes you stronger"

#11 mistressbluz

mistressbluz
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Location:Maryland
  • Local time:06:52 AM

Posted 13 January 2008 - 12:43 AM

Ok Papakid, Now for the other Hijack this logs, Here they are, Hope I did this right for you.....The names were put in there for myself so I knew how to tell them apart..Hope they didnt cause any confusion for you..Again, Thank you so much, I also wondered if you could tell me why, all of a sudden when we start up our computer any of us, a blank desktop notepad page popups at start up and at the top of it it says desktop.ini I appreciate any light you could give me about that also. I think my computer has really gone wacky this time....Maybe I need a new one or something...LOL~~ Big Hugs to you for all you do....I'm trying to find out where I can donate to the site itself....Tam! :thumbsup:

My Husband's

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:42 AM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal Art's

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\CWDefScn.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Browser Mouse\MOffice.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe
C:\Program Files\Browser Mouse\MOUSE32A.EXE
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ncoOSCheck] "C:\Program Files\Norton Confidential\osCheck.exe"
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] "C:\Program Files\Browser Mouse\MOffice.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AcctMgr] "C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" /startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CAMTRAY.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKUS\S-1-5-21-967004240-1806797463-2485432410-1006\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" (User 'Tambra Plummer')
O4 - HKUS\S-1-5-21-967004240-1806797463-2485432410-1006\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 (User 'Tambra Plummer')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-21-967004240-1806797463-2485432410-1006 Startup: IMVU.lnk = C:\Program Files\IMVU\gui1.exe (User 'Tambra Plummer')
O4 - S-1-5-21-967004240-1806797463-2485432410-1006 User Startup: IMVU.lnk = C:\Program Files\IMVU\gui1.exe (User 'Tambra Plummer')
O4 - S-1-5-18 Startup: IMVU.lnk = C:\Program Files\IMVU\gui1.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: IMVU.lnk = C:\Program Files\IMVU\gui1.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Branden Plummer\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v46/share...GamesLoader.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex...wareControl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/downl...lscbase3401.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141959034171
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://dell.kodakgallery.com/downloads/BUM..._1/axofupld.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://www.shockwave.com/content/dreamchro...web.1.0.0.9.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - https://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v45/wordmojo/wordmojo.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v55/cubis/cubis.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v45/sol/sol.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v48/luxor/luxor.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) - http://www.shockwave.com/content/zenerchi/...eb.1.0.0.10.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.gamehouse.com/games/zylom/zylomplayer.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} (CPlayFirstSandScriptControl Object) - http://www.gamehouse.com/realarcade-webgam.../SandScript.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 16198 bytes



My Oldest Son's

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:51 AM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal Arthur II's

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\CWDefScn.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Browser Mouse\MOffice.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\Program Files\Browser Mouse\MOUSE32A.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ncoOSCheck] "C:\Program Files\Norton Confidential\osCheck.exe"
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] "C:\Program Files\Browser Mouse\MOffice.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AcctMgr] "C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" /startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CAMTRAY.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-21-967004240-1806797463-2485432410-1006\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" (User 'Tambra Plummer')
O4 - HKUS\S-1-5-21-967004240-1806797463-2485432410-1006\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 (User 'Tambra Plummer')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-21-967004240-1806797463-2485432410-1006 Startup: IMVU.lnk = C:\Program Files\IMVU\gui1.exe (User 'Tambra Plummer')
O4 - S-1-5-21-967004240-1806797463-2485432410-1006 User Startup: IMVU.lnk = C:\Program Files\IMVU\gui1.exe (User 'Tambra Plummer')
O4 - S-1-5-18 Startup: IMVU.lnk = C:\Program Files\IMVU\gui1.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: IMVU.lnk = C:\Program Files\IMVU\gui1.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Branden Plummer\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v46/share...GamesLoader.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex...wareControl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/downl...lscbase3401.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141959034171
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://dell.kodakgallery.com/downloads/BUM..._1/axofupld.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://www.shockwave.com/content/dreamchro...web.1.0.0.9.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - https://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v45/wordmojo/wordmojo.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v55/cubis/cubis.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v45/sol/sol.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v48/luxor/luxor.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) - http://www.shockwave.com/content/zenerchi/...eb.1.0.0.10.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.gamehouse.com/games/zylom/zylomplayer.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} (CPlayFirstSandScriptControl Object) - http://www.gamehouse.com/realarcade-webgam.../SandScript.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O24 - Desktop Component 0: (no name) - http://img.ragnarokonline.com/game/image/stalker_c_.gif

--
End of file - 16048 bytes


My Youngest Son's


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:55 AM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal Branden's

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\CWDefScn.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Browser Mouse\MOffice.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Browser Mouse\MOUSE32A.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ncoOSCheck] "C:\Program Files\Norton Confidential\osCheck.exe"
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] "C:\Program Files\Browser Mouse\MOffice.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AcctMgr] "C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" /startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CAMTRAY.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-21-967004240-1806797463-2485432410-1006\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" (User 'Tambra Plummer')
O4 - HKUS\S-1-5-21-967004240-1806797463-2485432410-1006\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 (User 'Tambra Plummer')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-21-967004240-1806797463-2485432410-1006 Startup: IMVU.lnk = C:\Program Files\IMVU\gui1.exe (User 'Tambra Plummer')
O4 - S-1-5-21-967004240-1806797463-2485432410-1006 User Startup: IMVU.lnk = C:\Program Files\IMVU\gui1.exe (User 'Tambra Plummer')
O4 - S-1-5-18 Startup: IMVU.lnk = C:\Program Files\IMVU\gui1.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: IMVU.lnk = C:\Program Files\IMVU\gui1.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Branden Plummer\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v46/share...GamesLoader.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex...wareControl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/downl...lscbase3401.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141959034171
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://dell.kodakgallery.com/downloads/BUM..._1/axofupld.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://www.shockwave.com/content/dreamchro...web.1.0.0.9.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - https://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v45/wordmojo/wordmojo.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v55/cubis/cubis.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v45/sol/sol.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v48/luxor/luxor.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) - http://www.shockwave.com/content/zenerchi/...eb.1.0.0.10.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.gamehouse.com/games/zylom/zylomplayer.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} (CPlayFirstSandScriptControl Object) - http://www.gamehouse.com/realarcade-webgam.../SandScript.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 16430 bytes


Hope that's what you needed, if you need anything else or I did anything wrong, please let me know so I can correct it. Again, Thank you so much, I cant say that enough and I cant thank you enough....
"What doesn't kill you, Makes you stronger"

#12 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 AM

Posted 15 January 2008 - 11:34 AM

OK, Tam, all the HJT logs look OK. I'm not really sure what is going on with the desktop.ini file--are you sure notepad is blank? If not copy any text and post back--but I don't think at this point malware is causing that. I'll look into it further as time allows. Just FYI, it a file, normally hidden that modifies the appearance of certain folders by default, and since your desktop is actually a folder, it is included.

As i mentioned before, you're system seems to be clear of any serious malware. A certain amount of worrying is a good thing as that will prompt you to protect yourself. For example, WOW can be exploited so is a bit worrisome, and MySpace IM, but as long as your son knows not to trust just anybody you are going to be OK there. IOW, don't download files or click on links in IM form someone you don't know--and even if you do know them check first that they really sent it.

I want to run a couple more checks, but my feeling is that you have adequate protection and should be OK. But could you describe any symptoms you are having now, if any? Having four user accounts--which I am familiar with since I have the same on this family computer--makes your system more complex, so more potential for something to go wrong on its own, plus with WOW installed on just 512 MB of RAM, your system is approaching being under powered, if not there already.

Don't worry about the Recovery Console thing for now--yes that is something new with CF--there is some very malicious malware out there now that nearly destroys your operating system when removed so the RC being installed beforehand gives another means of getting a system back. We aren't at that point yet--I will get more into this later as it is a good idea to have RC installed on some systems.

As far as donations, BC no longer accepts any. Feel free to donate to any of your favorite charities in lieu. Or just give some support to the people that are putting their lives on the line every day: http://www.americasupportsyou.mil/americas...syou/index.aspx

Now here is what I would like for you to do:

Please run Deckard's System Scanner again, this time using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste the following into the Run box & click OK.

"%userprofile%\desktop\dss.exe" /config

Put checks by these options and uncheck the others:

HijackThis
:blink: Ignored
:thumbsup: Fixed
File Associations
Drivers
Services
Scheduled Tasks
Files Created/Modified
Registry Dump
Add/Remove Programs
Whitelist Output
Event Logs


Click Scan!

When finished, it shall produce a log for you. Post that log in your next reply.


Please perform this online scan: Kaspersky Webscan
Note that you need to run this scan with Internet Explorer for it to work correctly.

1. Read the Requirements and Privacy statement, then select "Accept"
2. A dialogue box will appear asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
NOTE: If you are running XP SP2, you may need to click on the Information Bar to allow the ActiveX to install and may need to repeat step 1.
3. Select "Install" to download the ActiveX controls that allows Kaspersky to run.
4. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow"
5. Wait for the scanner to initialize and update its databases. When the download is complete it will say ready, click "Next"
6. Click "Scan Settings" and check the option to use the EXTENDED DATABASE, then click "OK"
7. Select a target to scan: Click on "My Computer" and the scan will begin.
8. When the scan is complete choose save the results by clicking --if this option is unavailable use "Save Report As HTML" Give the Report a name and save it to your desktop. If you have any problem saving the report, copy its text to the clipboard, then paste it into an empty Notepad and save it to your desktop.
9. Post the Kaspersky scan results in your next reply.

If you have any problem running the scan to completion, disable your Antivirus and/or firewall temporarily, just refrain from surfing around while the scan is running and be sure to re-enable when done.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.


-Run HijackThis and open the Misc Tools section.
-Click on Open ADS Spy.
-Uncheck Quick Scan.
-Uncheck Ignore safe system info data streams.
-Now click the Scan button. ADS Spy will scan the system and report all the ADS present.
-When the scan is complete, click Save log. Then post the contents of this log in your next reply.

Finally, scan again with HijackThis from your account and post it's results as well.

Post back with all the logs I've asked for. If it takes more than one post that is fine.

The thing about people

is they change

when they walk away.--Mipso


#13 mistressbluz

mistressbluz
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Location:Maryland
  • Local time:06:52 AM

Posted 15 January 2008 - 07:25 PM

Ok, will do and yes I am having new problems so I'm glad you asked, So maybe by running what you've asked for you'll see them also, I keep getting 3 entries of smithfraudc, zlobdownloader and smithfraudmvsp I have ran spybot search and destroy 6x's and removed them and they keep coming back, so I'm going to go and do what you have asked for and maybe you will see them and be able to tell me how to completely remove them..Urghhhh!!! Hugs to you and many blessings to your family!! Tam! I'm off to work now!! :thumbsup:
"What doesn't kill you, Makes you stronger"

#14 mistressbluz

mistressbluz
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Location:Maryland
  • Local time:06:52 AM

Posted 15 January 2008 - 10:49 PM

Ok Sir Here we go.....Hope I did all this right for you, I might have to post all of these in more then one post....... Ok I posted it all here, Like I stated in my previous post now I"m find 3 different virus's on my system and when I remove them with Spybot, they come right back....I dont know how to get rid of them. Norton didnt even find them, The only way I knew they were even there was when I open my IE there is something on the top of my IE bar that says, your computer is infected with spyware or malware so I ran spybot and they came up. Hope that helps some. Look forward to hearing back from you soon, I was going to run my panda scan but will hold off until you tell me what to do....Big Hugs..Tam! P.S. I dont even use that worldwinner or realarcade anymore, I dont know how to get rid of those either, I tried from control panel and they wont uninstall???? isnt that strange!!!!

I'll start with the Deckard and more from there for you....

Deckard's System Scanner v20071014.68
Run by Tambra Plummer on 2008-01-15 19:38:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as Tambra Plummer.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:38:54 PM, on 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\CWDefScn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Browser Mouse\MOffice.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Browser Mouse\MOUSE32A.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Tambra Plummer\desktop\dss.exe
C:\PROGRA~1\TAMBRA~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mycablespeed.com/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: XTN Monitor - {8F8292B7-353C-427D-A52F-8EA4120E3A6F} - C:\WINDOWS\ddwlxtqnow.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ncoOSCheck] "C:\Program Files\Norton Confidential\osCheck.exe"
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] "C:\Program Files\Browser Mouse\MOffice.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AcctMgr] "C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" /startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CAMTRAY.EXE"
O4 - HKCU\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKUS\S-1-5-21-967004240-1806797463-2485432410-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Art Plummer')
O4 - HKUS\S-1-5-21-967004240-1806797463-2485432410-1007\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Art Plummer')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-21-967004240-1806797463-2485432410-1007 Startup: PowerReg Scheduler V3.exe (User 'Art Plummer')
O4 - S-1-5-21-967004240-1806797463-2485432410-1007 User Startup: PowerReg Scheduler V3.exe (User 'Art Plummer')
O4 - S-1-5-18 Startup: PowerReg Scheduler V3.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: PowerReg Scheduler V3.exe (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\gui1.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Branden Plummer\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v46/share...GamesLoader.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex...wareControl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/downl...lscbase3401.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141959034171
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://dell.kodakgallery.com/downloads/BUM..._1/axofupld.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://www.shockwave.com/content/dreamchro...web.1.0.0.9.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - https://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v45/wordmojo/wordmojo.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v55/cubis/cubis.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v45/sol/sol.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v48/luxor/luxor.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) - http://www.shockwave.com/content/zenerchi/...eb.1.0.0.10.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.gamehouse.com/games/zylom/zylomplayer.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} (CPlayFirstSandScriptControl Object) - http://www.gamehouse.com/realarcade-webgam.../SandScript.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin.cab
O21 - SSODL: agrlmvp - {94112937-2C4F-4DBF-8791-6C53776F8ED0} - C:\WINDOWS\agrlmvp.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 16163 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\backups\) -----------------------------

backup-20060401-152357-588 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
backup-20060402-141953-246 O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
backup-20070311-195747-738 O4 - Startup: PowerReg Scheduler V3.exe
backup-20070311-195747-765 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070311-195747-839 O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZJ
backup-20070311-195748-965 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20071213-032032-110 O4 - S-1-5-18 Startup: PowerReg Scheduler V3.exe (User 'SYSTEM')
backup-20071213-032040-619 O4 - Startup: PowerReg Scheduler V3.exe
backup-20071213-032040-799 O4 - .DEFAULT Startup: PowerReg Scheduler V3.exe (User 'Default user')

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\windows\system32\drivers\prosync1.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 SRTSPX - c:\windows\system32\drivers\srtspx.sys <Not Verified; Symantec Corporation; AutoProtect>
R2 CdaD10BA - c:\windows\system32\drivers\cdad10ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>
R2 CWMonitor (Symantec Crimeware Protection Driver) - c:\program files\common files\symantec shared\coshared\cw\1.0\monitor.sys <Not Verified; Symantec Corporation; Behavior Blocker>
R2 dsunidrv (DellSupport UniDriver) - c:\windows\system32\drivers\dsunidrv.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics>
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface>
R2 X4HSX32 - c:\program files\gametap\bin\release\x4hsx32.sys <Not Verified; Exent Technologies Ltd.; Exent EXETender® for Win2K>
R3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
R3 Ad-Watch Registry Filter (Ad-Watch Registry Kernel Filter) - c:\windows\system32\drivers\awrtrd.sys <Not Verified; Lavasoft AB; Ad-Watch Registry Protection>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
R3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 HSFHWBS2 - c:\windows\system32\drivers\hsfhwbs2.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 ialm - c:\windows\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT®>
R3 MODEMCSA (Unimodem Streaming Filter Device) - c:\windows\system32\drivers\modemcsa.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 moufiltr (Mouse Filter Driver) - c:\windows\system32\drivers\moufiltr.sys <Not Verified; Chic Tech.; Chic Tech.>
R3 SRTSP - c:\windows\system32\drivers\srtsp.sys <Not Verified; Symantec Corporation; AutoProtect>
R3 STHDA (SigmaTel High Definition Audio CODEC) - c:\windows\system32\drivers\sthda.sys <Not Verified; SigmaTel, Inc.; C-Major Audio>
R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>

S3 catchme - c:\docume~1\tambra~1\locals~1\temp\catchme.sys (file missing)
S3 dbustrcm - c:\docume~1\tambra~1\locals~1\temp\dbustrcm.sys (file missing)
S3 dump_wmimmc - c:\program files\gpotato\flyff\gameguard\dump_wmimmc.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
S3 SQTECH9080 (MegaCam(PID_9080_00)) - c:\windows\system32\drivers\capt9080.sys <Not Verified; Service & Quality Technology.; SQ908>
S3 SRTSPL - c:\windows\system32\drivers\srtspl.sys <Not Verified; Symantec Corporation; AutoProtect>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
S3 XDva031 - c:\windows\system32\xdva031.sys (file missing)
S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)
S4 Ad-Watch Real-Time Scanner (AW Real-Time Scanner) - c:\windows\system32\drivers\awrtpd.sys <Not Verified; Lavasoft AB; Ad-Watch Beta>
S4 cbidf - c:\windows\system32\drivers\cbidf2k.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 dac2w2k - c:\windows\system32\drivers\dac2w2k.sys <Not Verified; Mylex Corporation; Mylex Disk Array Controller Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
R2 bgsvcgen (B's Recorder GOLD Library General Service) - c:\windows\system32\bgsvcgen.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD8>
R2 LiveUpdate Notice Ex (LiveUpdate Notice Service Ex) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon <Not Verified; Symantec Corporation; Symantec Security Technologies>
R2 lxdi_device - c:\windows\system32\lxdicoms.exe -service <Not Verified; ; Printer Communication System>
R2 lxdiCATSCustConnectService - c:\windows\system32\spool\drivers\w32x86\3\\lxdiserv.exe <Not Verified; Lexmark International, Inc.; Lexmark Connect>

S2 LiveUpdate Notice Service - "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifeng.dll" <Not Verified; Symantec Corporation; LiveUpdate Notice>
S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application>
S3 usprserv (User Privilege Service) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Scheduled Tasks -------------------------------------------------------------

2008-01-15 06:38:23 640 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Tambra Plummer.job


-- Files created between 2007-12-15 and 2008-01-15 -----------------------------

2008-01-15 15:13:07 0 d-------- C:\WINDOWS\LastGood
2008-01-14 18:10:45 0 dr-h----- C:\Documents and Settings\Tambra Plummer\Recent
2008-01-14 04:46:24 139264 --a------ C:\WINDOWS\fxtqdrl.exe
2008-01-14 04:46:24 282624 --a------ C:\WINDOWS\ddwlxtqnow.dll <Not Verified; ; ddwlxtqnow>
2008-01-14 04:46:23 258048 --a------ C:\WINDOWS\agrlmvp.dll <Not Verified; ; agrlmvp>
2008-01-08 00:01:02 0 d-------- C:\Program Files\IMVU
2007-12-25 13:49:01 0 d--hs---- C:\found.001
2007-12-23 04:40:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Flood Light Games
2007-12-23 04:40:25 0 d-------- C:\Documents and Settings\Tambra Plummer\Application Data\Flood Light Games
2007-12-20 03:05:01 0 d--hs---- C:\found.000
2007-12-19 03:35:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Christmasville


-- Find3M Report ---------------------------------------------------------------

2008-01-15 19:38:54 16165 --a------ C:\Program Files\hijackthis.log
2008-01-15 18:35:38 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-13 18:35:34 0 d-------- C:\Program Files\FinePixViewer
2008-01-13 00:31:06 16442 --a------ C:\Program Files\hijackbran.log
2008-01-13 00:28:04 16062 --a------ C:\Program Files\hijackbud.log
2008-01-13 00:04:49 16206 --a------ C:\Program Files\hijackthisart.log
2008-01-06 19:10:55 5852 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-06 19:10:55 152 -r-hs---- C:\WINDOWS\system32\5C4FD9CF0A.sys
2008-01-05 07:54:13 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-01-05 04:46:44 0 d-------- C:\Program Files\Lexmark Fax Solutions
2008-01-05 04:46:30 0 d-------- C:\Program Files\Lexmark 3500-4500 Series
2008-01-05 04:34:53 0 d-------- C:\Program Files\Digital Line Detect
2008-01-05 04:23:23 0 d-------- C:\Program Files\Browser Mouse
2007-12-30 02:52:30 0 d-------- C:\Program Files\Shockwave.com
2007-12-14 03:27:50 0 d-------- C:\Documents and Settings\Tambra Plummer\Application Data\ForgottenRiddles
2007-12-13 13:10:50 0 d-------- C:\Documents and Settings\Tambra Plummer\Application Data\Skype
2007-12-13 03:20:40 0 d-------- C:\Program Files\backups
2007-12-11 00:21:49 0 d-------- C:\Program Files\Google
2007-12-10 04:22:49 0 d-------- C:\Program Files\World of Warcraft
2007-12-10 01:45:00 0 d-------- C:\Program Files\Common Files
2007-12-09 22:02:37 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-12-09 20:58:13 0 d-------- C:\Documents and Settings\Tambra Plummer\Application Data\Google
2007-12-09 20:49:32 0 d-------- C:\Program Files\Application Files
2007-12-07 23:07:11 0 d-------- C:\Program Files\CCleaner
2007-12-07 15:17:25 0 d-------- C:\Program Files\There
2007-12-05 01:35:18 0 d-------- C:\Program Files\Symantec
2007-12-05 01:35:16 60800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL <Not Verified; Symantec Corporation; SYMEVENT>
2007-11-28 17:47:28 0 d-------- C:\Program Files\Coupons
2007-11-28 17:38:14 31 --ah----- C:\WINDOWS\uccspecc.sys
2007-11-25 19:33:50 0 d-------- C:\Program Files\iWin.com
2007-11-25 19:10:39 0 d-------- C:\Program Files\Microsoft Games
2007-11-24 19:51:20 65536 --a------ C:\WINDOWS\IFinst27.exe
2007-11-16 06:09:24 0 d-------- C:\Program Files\Norton Internet Security
2007-11-07 04:26:56 721920 --a------ C:\WINDOWS\system32\lsasrv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-31 13:03:02 245408 --a------ C:\WINDOWS\system32\unicows.dll <Not Verified; Microsoft Corporation; Microsoft ® Windows ® 95, Windows ® 98, and Windows ® Millennium Operating Systems>
2007-10-30 19:55:50 625032 --a------ C:\WINDOWS\system32\SymNeti.dll <Not Verified; Symantec Corporation; Symantec Security Drivers>
2007-10-30 19:55:48 242056 --a------ C:\WINDOWS\system32\SymRedir.dll <Not Verified; Symantec Corporation; Symantec Security Drivers>
2007-10-29 17:43:03 1287680 --a------ C:\WINDOWS\system32\quartz.dll
2007-10-27 17:40:30 222720 --a------ C:\WINDOWS\system32\wmasf.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8F8292B7-353C-427D-A52F-8EA4120E3A6F}]
01/13/2008 10:55 AM 282624 --a------ C:\WINDOWS\ddwlxtqnow.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [11/28/2007 07:51 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [04/28/2005 02:34 PM]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [11/04/2007 12:59 AM]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 09:59 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/2002 09:32 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/13/2006 12:48 AM]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [02/07/2007 05:39 PM]
"ncoOSCheck"="C:\Program Files\Norton Confidential\osCheck.exe" [11/27/2006 08:40 PM]
"lxdimon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" [05/07/2007 01:07 PM]
"lxdiamon"="C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" [03/05/2007 07:40 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/11/2005 02:30 PM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [08/11/2005 02:30 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [10/14/2005 03:49 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 03:50 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [10/14/2005 03:46 PM]
"FLMOFFICE4DMOUSE"="C:\Program Files\Browser Mouse\MOffice.exe" [03/29/2007 01:19 PM]
"FaxCenterServer"="C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" [05/07/2007 01:10 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [05/31/2005 05:33 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 12:59 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"AcctMgr"="C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" [11/27/2006 08:43 PM]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [09/08/2005 08:20 PM]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [07/30/2004 10:04 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 09:59 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"agrlmvp"= {94112937-2C4F-4DBF-8791-6C53776F8ED0} - C:\WINDOWS\agrlmvp.dll [01/13/2008 10:55 AM 258048]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-01-15 19:39:37 ------------

Here is the log from Kavscan:



KASPERSKY ONLINE SCANNER REPORT
Tuesday, January 15, 2008 10:06:35 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/01/2008
Kaspersky Anti-Virus database records: 512527


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 107273
Number of viruses found 0
Number of infected objects 0
Number of suspicious objects 0
Duration of the scan process 01:13:20

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\logs\AWProcessesLog.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\logs\CoreEngineCommunicationLog.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-01-15_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\1AEA69B1.TMP Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\27DDE743.TMP Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped

C:\Documents and Settings\Art Plummer\Local Settings\Temp\hsperfdata_Art Plummer\260 Object is locked skipped

C:\Documents and Settings\Art Plummer\NTUser.dat Object is locked skipped

C:\Documents and Settings\Art Plummer\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Tambra Plummer\Application Data\Symantec\NPMDataStore\spaengine_datastore.xml Object is locked skipped

C:\Documents and Settings\Tambra Plummer\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Tambra Plummer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Tambra Plummer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Tambra Plummer\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped

C:\Documents and Settings\Tambra Plummer\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped

C:\Documents and Settings\Tambra Plummer\Local Settings\Application Data\Musicmatch\Jukebox\Portables.log Object is locked skipped

C:\Documents and Settings\Tambra Plummer\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped

C:\Documents and Settings\Tambra Plummer\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped

C:\Documents and Settings\Tambra Plummer\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Tambra Plummer\Local Settings\Temp\JET5E66.tmp Object is locked skipped

C:\Documents and Settings\Tambra Plummer\Local Settings\Temp\~DFA364.tmp Object is locked skipped

C:\Documents and Settings\Tambra Plummer\Local Settings\Temp\~ROMFN_00000E54 Object is locked skipped

C:\Documents and Settings\Tambra Plummer\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Tambra Plummer\NTUser.dat Object is locked skipped

C:\Documents and Settings\Tambra Plummer\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.0\NCOWAD.dat Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.0\NCOWADMT.dat Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.0\NCOWAS.dat Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.0\NCOWAS.ldb Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP809\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\JET687E.tmp Object is locked skipped

C:\WINDOWS\Temp\JETC996.tmp Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Copy of First Hijack this log:

C:\ccsetup201.exe : Zone.Identifier (26 bytes)
C:\D2Editor.exe : Zone.Identifier (26 bytes)
C:\DebugHlp.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : 405AC508 (99 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : 4B4A0E23 (156 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : 52562F72 (130 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : 6F80E25A (117 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : B8E5428A (131 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : 405AC508 (99 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : 4B4A0E23 (156 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : 52562F72 (130 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : 6F80E25A (117 bytes)
C:\Documents and Settings\All Users\Application Data\TEMP : B8E5428A (131 bytes)
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Art Plummer\Desktop\FTEDITOR.ZIP : Zone.Identifier (26 bytes)
C:\Documents and Settings\Art Plummer\Desktop\R112734.EXE : Zone.Identifier (26 bytes)
C:\Documents and Settings\Art Plummer\Desktop\setup.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\Art Plummer\Desktop\SymKBFix.EXE : Zone.Identifier (26 bytes)
C:\Documents and Settings\Art Plummer\Desktop\SymKBFix.msi : Zone.Identifier (26 bytes)
C:\Documents and Settings\Art Plummer\My Documents\My Pictures\2007_0811\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Art Plummer\My Documents\My Pictures\2007_1021\New Folder\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Art Plummer\My Documents\My Pictures\2007_1021\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Art Plummer\My Documents\My Pictures\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Art Plummer\My Documents\Unzipped\arsen2cnet[1]\arsenal2.adf : Zone.Identifier (26 bytes)
C:\Documents and Settings\Art Plummer\My Documents\Unzipped\falche2\FALCHE2.EXE : Zone.Identifier (26 bytes)
C:\Documents and Settings\Art Plummer\My Documents\Unzipped\winterwolves44\Winter Wolves1\HOW TO INSTALL ACTIVE WALLPAPER.doc : Zone.Identifier (26 bytes)
C:\Documents and Settings\Art Plummer\My Documents\Unzipped\winterwolves44\Winter Wolves1\Winter Wolves Snow\ansnow.class : Zone.Identifier (26 bytes)
C:\Documents and Settings\Art Plummer\My Documents\Unzipped\winterwolves44\Winter Wolves1\Winter Wolves Snow\ansnow.jar : Zone.Identifier (26 bytes)
C:\Documents and Settings\Art Plummer\My Documents\Unzipped\winterwolves44\Winter Wolves1\Winter Wolves Snow\Lware.class : Zone.Identifier (26 bytes)
C:\Documents and Settings\Art Plummer\My Documents\Unzipped\winterwolves44\Winter Wolves1\Winter Wolves Snow\snowscr.txt : Zone.Identifier (26 bytes)
C:\Documents and Settings\Art Plummer\My Documents\Unzipped\winterwolves44\Winter Wolves1\Winter Wolves Snow\Winter Wolves.htm : Zone.Identifier (26 bytes)
C:\Documents and Settings\Art Plummer\My Documents\Unzipped\winterwolves44\Winter Wolves1\Winter Wolves Snow\Winter Wolves.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Branden Plummer\My Documents\My Pictures\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Buddy Plummer\Desktop\fankit_character.zip : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\Desktop\iRO_Einbroch.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\Desktop\ragnarok_ep10_ENG.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\falche11\FALCHE.EXE : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\falche11\README.TXT : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\falche11[1]\FALCHE.EXE : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\falche11[1]\README.TXT : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fallhex\CMChoon.GCD : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fallhex\Readme.txt : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_character\Character_Achemist.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_character\Character_Acolyte.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_character\Character_Archer.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_character\Character_Assassin.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_character\Character_Assassin_SD.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_character\Character_Bard_Dancer copy.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_character\Character_Blacksmith.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_character\Character_Blacksmith_SD.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_character\Character_crusader.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_character\Character_Hunter.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_character\Character_Hunter_SD.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_character\Character_Knight.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_character\Character_Knight_SD.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_character\Character_Magician.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_character\Character_Magician_SD.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_character\Character_Merchant.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_character\Character_Merchant_SD.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_character\Character_Monk.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_character\Character_Novice.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_character\Character_Priest.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_character\Character_Priest_SD.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_character\Character_Rogue.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_character\Character_Sage.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_character\Character_SD_1.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_character\Character_SD_2.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_character\Character_Swoardman.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_character\Character_Thief.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_character\Character_Thief_SD.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_character\Character_Wizard.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_character\Character_Wizard_SD.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_character\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_etc[1]\alberta.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_etc[1]\aldebaran.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_etc[1]\geffen.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_etc[1]\gogo_illust.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_etc[1]\juno.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_etc[1]\morroc.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_etc[1]\payon.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_etc[1]\poster_1.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_etc[1]\poster_2.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_etc[1]\poster_3.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_etc[1]\poster_4.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_etc[1]\poster_5.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_etc[1]\poster_6.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_etc[1]\poster_7.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_etc[1]\poster_8.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_etc[1]\poster_9.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_etc[1]\prontera.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\fankit_etc[1]\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\malay_tvcf_eng[1]\malay_tvcf_eng.MPG : Zone.Identifier (26 bytes)
C:\Documents and Settings\Buddy Plummer\My Documents\Unzipped\malay_tvcf_eng[1]\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Tambra Plummer\Desktop\ComboFix.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\Desktop\dss.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\Desktop\InGodWeStillTrust.wmv : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\Desktop\sspsetup1_.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\Desktop\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Application Files\WoWgasmic Launcher_1_9_0_5\wowgasm.ico : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Application Files\WoWgasmic Launcher_1_9_0_5\WoWgasmic Launcher.application : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Application Files\WoWgasmic Launcher_1_9_0_5\WoWgasmic Launcher.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Application Files\WoWgasmic Launcher_1_9_0_5\WoWgasmic Launcher.exe.config : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Application Files\WoWgasmic Launcher_1_9_0_5\WoWgasmic Launcher.exe.manifest : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\autoruns.chm : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\autoruns.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\autorunsc.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\beginning.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Brands11thBD\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Clay Concert\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Danielle's 2nd Birthday\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Danielles 1st Birthday\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Eula.txt : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\falche.zip : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\MECA\Yahoo\Md4Taylor\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Music\03 - Dance To Your Daddy.mp3 : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Music\3 Doors Down\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Music\Aint No Mountain High Enough_MV0720007.mp3 : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Music\Breaking Benjamin\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Music\Disturbed\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Music\James Blunt\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Music\Nickelback\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Music\Shinedown\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Music\Stevie Wonder\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Music\This-Is-The-Night--(Baltimore-072304).mp3 : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Music\This-Is-The-Night--(Baltimore-072304).zip : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Music\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Music\Various Artists\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Music\ymesuite.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\autumn\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Brandi\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Brans Pics 3\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Buddy's Pics\Compilation.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Buddy's Pics\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\120606.JPG : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\120606__11_.JPG : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\120606__1_.JPG : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\120606__2_.JPG : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\120606__3_.JPG : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\120606__4_.JPG : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\120606__5_.JPG : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\120606__7_.JPG : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\Danielle Lynn 030.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\Danielle Lynn and family-08.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\Danielle Lynn and family-16.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\Danielle Lynn and family-17.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\Danielle Lynn and family-19.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\Danielle Lynn and family-20.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\Danielle Lynn and family-21.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\Danielle Lynn and family-22.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\Danielle Lynn and family-24.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\Danielle Lynn and family-25.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\Danielle Lynn and family-26.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\Danielle Lynn and family-27.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\Danielle Lynn-10.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\Danielle Lynn-11.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\Danielle Lynn-16.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\Danielle Lynn-22.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\Danielle Lynn-32.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\Danielle Lynn-33.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\Danielle Lynn-36.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\Danielle12.JPG : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\Danielle15.JPG : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\Danielle16.JPG : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\Danielle1sthalloween.JPG : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\Danielle24.JPG : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\Danielle25.JPG : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\Danielledorawig.JPG : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\DaniellenDeb.JPG : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\DaniellenTaylyn.JPG : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\Daniellepumpkin.JPG : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\Danielle___Santa_2006.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\dsc_280.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\newpic__10_.JPG : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\newpic__12_.JPG : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\newpic__16_.JPG : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\newpic__3_.JPG : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\newpic__4_.JPG : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\newpic__5_.JPG : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\Picture_001.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\Picture_060.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\Picture_071.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\Picture_103.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\Picture_111.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Family Screensaver\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Misc Pics to review\0702072150.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Misc Pics to review\0703071723.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Misc Pics to review\0712071448.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Misc Pics to review\0712071515.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Misc Pics to review\0712071515d.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Misc Pics to review\0712071516a.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Misc Pics to review\0715071728.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Misc Pics to review\0728070049.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Misc Pics to review\0805071241a.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Misc Pics to review\0807072004.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Misc Pics to review\0808071239.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Misc Pics to review\0808071239a.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Misc Pics to review\118801522794685.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Misc Pics to review\Ayden1.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Misc Pics to review\Danielle Lynn and family-24.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Misc Pics to review\DaniellenDeb.JPG : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Misc Pics to review\DaniellenTaylyn.JPG : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Misc Pics to review\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Pictures\Thumbs.db : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Videos\easter_2006__69_.MOV : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Videos\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\My Videos\Video_1.WMV : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\MySpaceIM Pics\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\001.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\002.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\003.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\004.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\005.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\006.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\007.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\008.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\009.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\010.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\011.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\012.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\013.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\014.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\015.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\016.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\017.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\018.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\019.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\020.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\021.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\022.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\023.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\024.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\025.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\026.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\027.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\028.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\029.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\030.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\031.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\032.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\033.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\034.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\035.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\036.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\037.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\038.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\039.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\040.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\041.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\042.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\043.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\044.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\045.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\046.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\047.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\048.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\049.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\050.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\051.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\052.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\053.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\054.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\055.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\056.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\057.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\058.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\059.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\060.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\061.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\062.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\063.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\064.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\065.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\066.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\067.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\068.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\069.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\070.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\071.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\072.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\073.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\074.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\075.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\076.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\077.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\078.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\079.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\080.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\081.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\082.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\083.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\084.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\085.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\086.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\087.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\088.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\089.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\090.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\091.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\092.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\093.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\094.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\095.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\096.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\097.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\098.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\099.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\100.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\101.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\102.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\103.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\104.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\105.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\106.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\107.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\108.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\109.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\110.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\111.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\112.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\113.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\114.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\115.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\116.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\117.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\118.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\119.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\120.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\121.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\122.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\123.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\124.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\125.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\126.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\127.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\128.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\129.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\130.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\131.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\132.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\133.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\134.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\135.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\136.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\137.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\138.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\139.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\140.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\141.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\142.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\143.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\144.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\145.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\146.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\147.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\148.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\149.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\150.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\151.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Images\Thumbs.db : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Maps\map1.arr : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Pokemon Online Playfield.ccn : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Pokemon Online.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\pokemon.arr : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Readme.txt : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\settings.ini : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\pol_6.2\Tiles.png : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\setup.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Street_Team_Info.doc : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Taylornkitty\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\2123\Immortal King's Detail War Belt.d2i : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\2123\Immortal King's Forge War Gauntlets.d2i : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\2123\Immortal King's Pillar War Boots.d2i : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\2123\Immortal King's Soul Cage Sacred Armor.d2i : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\2123\Immortal King's Stone Crusher Ogre Maul.d2i : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\2123\Immortal King's Will Avenger Guard.d2i : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Assist01(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Assist01(F).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Assist01(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Assist01(M).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Assist02(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Assist02(F).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Assist02(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Assist02(M).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Billposter01(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Billposter01(F).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Billposter01(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Billposter01(M).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Billposter02(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Billposter02(F).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Billposter02(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Billposter02(M).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Billposter03(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Billposter03(F).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Billposter03(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Billposter03(M).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Blade01(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Blade01(F).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Blade01(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Blade01(M).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Blade02(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Blade02(F).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Blade02(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Blade02(M).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Blade03(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Blade03(F).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Blade03(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Blade03(M).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Elementer01(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Elementer01(F).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Elementer01(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Elementer01(M).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Elementer02(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Elementer02(F).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Elementer02(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Elementer02(M).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Elementer03(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Elementer03(F).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Elementer03(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Elementer03(M).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Flying Images\charaflying1-01.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Flying Images\charaflying1-02.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Flying Images\charaflying1-03.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Flying Images\charaflying1-04.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Flying Images\charaflying2-01.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Flying Images\charaflying2-02.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Flying Images\charaflying2-03.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Flying Images\charaflying2-04.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Flying Images\charaflying3-01.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Flying Images\charaflying3-02.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Flying Images\charaflying3-03.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Flying Images\charaflying3-04.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Flying Images\Thumbs.db : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Flying Images\witch01.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Flying Images\witch09.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Flying Images\witch10.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Flying Images\witch11.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Flying Images\witch12.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Flying Images\witch13.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Flying Images\witch14.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Flying Images\witch15.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Flying Images\witch16.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Flying Images\witch17.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Flying Images\witch18.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Flying Images\witch19.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Knight01(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Knight01(F).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Knight01(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Knight01(M).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Knight02(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Knight02(F).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Knight02(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Knight02(M).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Knight03(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Knight03(F).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Knight03(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Knight03(M).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Magician01(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Magician01(F).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Magician01(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Magician01(M).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Magician02(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Magician02(F).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Magician02(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Magician02(M).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Mercenary01(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Mercenary01(F).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Mercenary01(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Mercenary01(M).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Mercenary02(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Mercenary02(F).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Mercenary02(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Mercenary02(M).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Psykeeper01(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Psykeeper01(F).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Psykeeper01(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Psykeeper01(M).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Psykeeper02(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Psykeeper02(F).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Psykeeper02(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Psykeeper02(M).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Psykeeper03(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Psykeeper03(F).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Psykeeper03(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Psykeeper03(M).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Ringmaster01(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Ringmaster01(F).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Ringmaster01(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Ringmaster01(M).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Ringmaster03(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Ringmaster03(F).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Ringmaster03(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Ringmaster03(M).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Vagrant01(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Vagrant01(F).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Vagrant01(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Vagrant01(M).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Vagrant02(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Vagrant02(F).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Vagrant02(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Vagrant02(M).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Vagrant03(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Vagrant03(F).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Vagrant03(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character\Vagrant03(M).tga : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Assist01(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Assist01(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Assist02(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Assist02(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Billposter01(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Billposter01(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Billposter02(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Billposter02(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Billposter03(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Billposter03(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Blade01(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Blade01(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Blade02(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Blade02(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Blade03(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Blade03(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Elementer01(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Elementer01(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Elementer02(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Elementer02(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Elementer03(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Elementer03(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Flying Images\charaflying1-01.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Flying Images\charaflying1-02.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Flying Images\charaflying1-03.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Flying Images\charaflying1-04.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Flying Images\charaflying2-01.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Flying Images\charaflying2-02.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Flying Images\charaflying2-03.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Flying Images\charaflying2-04.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Flying Images\charaflying3-01.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Flying Images\charaflying3-02.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Flying Images\charaflying3-03.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Flying Images\charaflying3-04.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Flying Images\Thumbs.db : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Flying Images\witch01.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Flying Images\witch09.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Flying Images\witch10.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Flying Images\witch11.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Flying Images\witch12.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Flying Images\witch13.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Flying Images\witch14.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Flying Images\witch15.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Flying Images\witch16.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Flying Images\witch17.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Flying Images\witch18.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Flying Images\witch19.tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Knight01(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Knight01(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Knight02(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Knight02(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Knight03(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Knight03(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Magician01(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Magician01(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Magician02(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Magician02(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Mercenary01(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Mercenary01(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Mercenary02(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Mercenary02(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Psykeeper01(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Psykeeper01(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Psykeeper02(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Psykeeper02(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Psykeeper03(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Psykeeper03(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Ringmaster01(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Ringmaster01(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Ringmaster03(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Ringmaster03(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Vagrant01(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Vagrant01(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Vagrant02(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Vagrant02(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Vagrant03(F).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Character[1]\Vagrant03(M).tga : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\d2save99\amazonka.bak : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\d2save99\amazonka.d2s : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\d2save99\amazonka.key : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\d2save99\amazonka.ma0 : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\d2save99\amazonka.map : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\d2save99\asasinka.bak : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\d2save99\asasinka.d2s : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\d2save99\asasinka.key : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\d2save99\asasinka.ma0 : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\d2save99\asasinka.map : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\d2save99\barbariene.bak : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\d2save99\barbariene.d2s : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\d2save99\barbariene.key : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\d2save99\barbariene.ma0 : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\d2save99\barbariene.map : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\d2save99\duidis.bak : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\d2save99\duidis.d2s : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\d2save99\duidis.key : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\d2save99\duidis.ma0 : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\d2save99\duidis.map : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\d2save99\gameguru.nfo : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\d2save99\necromankas.bak : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\d2save99\necromankas.d2s : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\d2save99\necromankas.key : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\d2save99\necromankas.ma0 : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\d2save99\necromankas.map : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\d2save99\poladinka.bak : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\d2save99\poladinka.d2s : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\d2save99\poladinka.key : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\d2save99\poladinka.ma0 : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\d2save99\poladinka.map : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\d2save99\socress.bak : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\d2save99\socress.d2s : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\d2save99\socress.key : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\d2save99\socress.ma0 : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\d2save99\socress.map : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\dg1.swf[1]\dg1.swf : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\diablo2lodedit\history.txt : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\diablo2lodedit\install.txt : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\diablo2lodedit\license.txt : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\diablo2lodedit\mainframe.html : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\diablo2lodedit\navframe.html : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\diablo2lodedit\readme.txt : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\diablo2lodedit\shadowmaster.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\diablo2lodedit\ShadowmasterManual.html : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\diablo2lord_chareditor\Lodce.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\diablo2lord_trainer16[1]\Diablo 2 Trainer.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\diablo2lord_trainer16[1]\Readme.doc : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\dvnd2ed[1]\dvnd2ed.rar : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\dvnd2ed[1]\dvniso.nfo : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\dvnd2ed[1]\FILE_ID.DIZ : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\fankit_logo\LOGO_ENG(line).gif : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\fankit_logo\LOGO_ENG(no tex).gif : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\fankit_logo\LOGO_ENG(tex).gif : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\fankit_logo\LOGO_gravity.gif : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\fankit_logo\LOGO_KOR(line).gif : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\fankit_logo\LOGO_KOR(no tex).gif : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\fankit_logo\LOGO_KOR(tex).gif : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\fankit_logo\LOGO_KOR.gif : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\fankit_logo\LOGO_The War Of Emperirum.gif : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\fankit_logo\Thumbs.db : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\AoE III Battle Music Sample.mp3 : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\AoE III Main Theme.mp3 : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\age3_800x600.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\age3_thumb.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\beaumont_800x600.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\beaumont_thumb.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\British_800x600.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\British_thumb.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\chilche_800x600.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\chilche_thumb.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\explorer_800x600.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\explorer_thumb.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\farmer_800x600.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\farmer_thumb.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\fredrick_800x600.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\fredrick_thumb.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\grand_vizier_800x600.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\grand_vizier_thumb.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\grenadier_800x600.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\grenadier_thumb.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\jannisary_800x600.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\jannisary_thumb.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\mayan_800x600.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\mayan_thumb.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\musketeer_800x600.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\musketeer_thumb.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\native_spearman_800x600.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\native_spearman_thumb.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\oprichnik_800x600.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\oprichnik_thumb.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\ottoman_800x600.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\ottoman_thumb.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\outlaw_800x600.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\outlaw_thumb.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\pirate_800x600.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\pirate_thumb.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\port_city_800x600.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\port_city_thumb.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\redcoat_800x600.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\redcoat_thumb.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\samurai_800x600.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\samurai_thumb.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\skirm_800x600.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\skirm_thumb.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\Thumbs.db : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\tog_800x600.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Concept\tog_thumb.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Interface\interface_elements.psd : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Interface\interface_elements_more.psd : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Logos\AOE3_logo_horiz.psd : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Logos\AOE3_logo_stacked.psd : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Quotes.doc : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Fansitekit\FansiteKit\Screenshots\SS.zip : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Aeris's_Death.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Aeris_theme1.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Aeris_theme2.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Aeris_theme3.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Aeris_theme4.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Aeris_theme5.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Aeris_theme6.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Aeris_theme7.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Airship.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Ancients.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Barret_theme1.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Barret_theme2.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Battle_theme1.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Battle_theme2.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Battle_theme3.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Bone_Town.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Boss_Battle.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Bugenhagen.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Caitsith_theme.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Chocobo_Dance1.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Chocobo_Dance2.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Chocobo_Farm.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Chocobo_Races.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Chocobo_theme.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Cid_theme.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Cloud's_March.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Cloud_Flashbacks.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Cloud_theme.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Cosmo_Canyon1.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Cosmo_Canyon2.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Cosmo_Canyon3.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Cosmo_Canyon4.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Costa_Del_Sol1.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Costa_Del_Sol2.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Costa_Del_Sol3.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Credits_theme.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Don_Conero.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Fanfare1.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Fanfare2.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Final_Battle_First_Form.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Final_Battle_Second_Form.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Final_Battle_Third_Form1.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Final_Battle_Third_Form2.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Final_Dungeon1.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Final_Dungeon2.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Fort_Condor.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Game_Over.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Gold_Saucer1.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Gold_Saucer2.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Gold_Saucer_Play.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Jenova_Battle1.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Jenova_Battle2.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Kalm_&_Junon_Harbor1.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Kalm_&_Junon_Harbor2.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Main_theme.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Mako_Reactor1.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Mako_Reactor2.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Miniboss_theme1.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Miniboss_theme2.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Miniboss_theme3.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Miniboss_theme4.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Miniboss_theme5.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Mog_Game.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Motorcycle_theme.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Mount_Corel1.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Mount_Corel2.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Nibelheim.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Opening_theme.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Overworld_theme.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Pillar_07_Defeat.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Prelude_theme1.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Prelude_theme2.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Reactor_Escape.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Red13_Learning_Truth.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Red13_theme1.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Red13_theme2.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Searching_Sephroth.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Sephroth_theme1.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Sephroth_theme2.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Sheila_theme.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Shinra_theme.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Sleeping.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Sleeping_Forest.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Slums_of_Midgar1.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Slums_of_Midgar2.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Temple_of_Ancients.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Tifa_theme1.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Tifa_theme2.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\To_Sector_5_Reactor.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Turks_theme1.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Turks_theme2.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\WEAPON_Raiding_Midgar.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Yuffie_Stealing_Materia.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Yuffie_theme1.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\ff7collection\Yuffie_theme2.mid : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\gypsycursefont[1]\Font2\Gypsy Curse.ttf : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\gypsycursefont[1]\Font2\Gypsy_Curse_Font_Info_and_ReadMe.txt : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Helgast_Fansite_kit\Helgast_Fansite_kit\01.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Helgast_Fansite_kit\Helgast_Fansite_kit\AirRaid_Siren2.wav : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Helgast_Fansite_kit\Helgast_Fansite_kit\Artillery.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Helgast_Fansite_kit\Helgast_Fansite_kit\Assault_Rifle_Shotgun_textu.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Helgast_Fansite_kit\Helgast_Fansite_kit\Assault_shotgun2.wav : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Helgast_Fansite_kit\Helgast_Fansite_kit\back-texture.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Helgast_Fansite_kit\Helgast_Fansite_kit\DROP_JUM.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Helgast_Fansite_kit\Helgast_Fansite_kit\elite-hellghast.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Helgast_Fansite_kit\Helgast_Fansite_kit\Grenade_Launcher.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Helgast_Fansite_kit\Helgast_Fansite_kit\gun02.wav : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Helgast_Fansite_kit\Helgast_Fansite_kit\helgastgunner.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Helgast_Fansite_kit\Helgast_Fansite_kit\helgast_hidden.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Helgast_Fansite_kit\Helgast_Fansite_kit\helgast_transport.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Helgast_Fansite_kit\Helgast_Fansite_kit\Helghast close up glow.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Helgast_Fansite_kit\Helgast_Fansite_kit\Helghast rally small.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Helgast_Fansite_kit\Helgast_Fansite_kit\Helghast-action-pose.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Helgast_Fansite_kit\Helgast_Fansite_kit\HELL_RAI.psd : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Helgast_Fansite_kit\Helgast_Fansite_kit\HELL_RENDER_ZOOM copy.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Helgast_Fansite_kit\Helgast_Fansite_kit\Hell_Zoom_panorama.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Helgast_Fansite_kit\Helgast_Fansite_kit\HG_logo.gif : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Helgast_Fansite_kit\Helgast_Fansite_kit\HG_logo.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Helgast_Fansite_kit\Helgast_Fansite_kit\Hshot_grab.wav : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Helgast_Fansite_kit\Helgast_Fansite_kit\Killzone Web Logos.psd : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Helgast_Fansite_kit\Helgast_Fansite_kit\KZ Helghast patrol.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Helgast_Fansite_kit\Helgast_Fansite_kit\KZ logo cropped.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Helgast_Fansite_kit\Helgast_Fansite_kit\logo_transparent_sm.gif : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\Helgast_Fansite_kit\Helgast_Fansite_kit\Thumbs.db : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\hijackthis\HijackThis.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\HostsXpert\HostsXpert\HostsXpert.chm : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\HostsXpert\HostsXpert\HostsXpert.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\kerd2lod110edit[1]\Lodce.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\RPG Maker XP\RPG Maker XP\RPG Maker XP\Setup1\InstMsiA.Exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\RPG Maker XP\RPG Maker XP\RPG Maker XP\Setup1\InstMsiW.Exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\RPG Maker XP\RPG Maker XP\RPG Maker XP\Setup1\RTP_Standard_102.msi : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\RPG Maker XP\RPG Maker XP\RPG Maker XP\Setup1\Setup.Exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\RPG Maker XP\RPG Maker XP\RPG Maker XP\Setup1\Setup.Ini : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\RPG Maker XP\RPG Maker XP\RPG Maker XP\Setup2\InstMsiA.Exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\RPG Maker XP\RPG Maker XP\RPG Maker XP\Setup2\InstMsiW.Exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\RPG Maker XP\RPG Maker XP\RPG Maker XP\Setup2\RPGXP_102a.msi : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\RPG Maker XP\RPG Maker XP\RPG Maker XP\Setup2\Setup.Exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\RPG Maker XP\RPG Maker XP\RPG Maker XP\Setup2\Setup.Ini : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\RPG Maker XP\RPG Maker XP\RPG Maker XP\SetupMenu.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\V1-10-2123-Immortal_King_SET\2123-Immortal_King_SET.htm : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\V1-10-2123-Immortal_King_SET\2123.zip : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\V1-10-2123-Immortal_King_SET\banner.D2tradingpost.1.GIF : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\V1-10-2123-Immortal_King_SET\disclaimer.txt : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\V1-10-2123-Immortal_King_SET\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\wallpaper200512_1600[1]\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\wallpaper200512_1600[1]\wallpaper200512_1600.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\wp01_1280[1]\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\Unzipped\wp01_1280[1]\wp01_1280.jpg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\WebCam Center\Capture\20060604\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Tambra Plummer\My Documents\winzip111.exe : Zone.Identifier (26 bytes)
C:\gametap_setup.exe : Zone.Identifier (26 bytes)
C:\knight_online_setup_121306.exe : Zone.Identifier (26 bytes)
C:\license.txt : Zone.Identifier (26 bytes)
C:\My Games\InstallTumblebugs.exe : Zone.Identifier (26 bytes)
C:\My Music\levon.wmv : Zone.Identifier (26 bytes)
C:\My Music\streets.wmv : Zone.Identifier (26 bytes)
C:\My Music\Taylor Hicks\DoIMakeYouProud-StudioVersion.mp3 : Zone.Identifier (26 bytes)
C:\My Music\Taylor Hicks\Taylor Hicks & Toni Braxton - In The Ghetto.mp3 : Zone.Identifier (26 bytes)
C:\My Music\Taylor Hicks\Taylor Hicks - Change Is Gonna Come.mp3 : Zone.Identifier (26 bytes)
C:\My Music\Taylor Hicks\Taylor Hicks - Crazy Little Thing Called Love.mp3 : Zone.Identifier (26 bytes)
C:\My Music\Taylor Hicks\Taylor Hicks - Dancing In The Dark.mp3 : Zone.Identifier (26 bytes)
C:\My Music\Taylor Hicks\Taylor Hicks - Do I Make You Proud (Finale).mp3 : Zone.Identifier (26 bytes)
C:\My Music\Taylor Hicks\Taylor Hicks - Do I Make You Proud.mp3 : Zone.Identifier (26 bytes)
C:\My Music\Taylor Hicks\Taylor Hicks - Easy.mp3 : Zone.Identifier (26 bytes)
C:\My Music\Taylor Hicks\Taylor Hicks - Harmonica.mp3 : Zone.Identifier (26 bytes)
C:\My Music\Taylor Hicks\Taylor Hicks - In The Ghetto.mp3 : Zone.Identifier (26 bytes)
C:\My Music\Taylor Hicks\Taylor Hicks - Jailhouse Rock (Results).mp3 : Zone.Identifier (26 bytes)
C:\My Music\Taylor Hicks\Taylor Hicks - Jailhouse Rock.mp3 : Zone.Identifier (26 bytes)
C:\My Music\Taylor Hicks\Taylor Hicks - Just Once.mp3 : Zone.Identifier (26 bytes)
C:\My Music\Taylor Hicks\Taylor Hicks - Levon (Top 2).mp3 : Zone.Identifier (26 bytes)
C:\My Music\Taylor Hicks\Taylor Hicks - Levon.mp3 : Zone.Identifier (26 bytes)
C:\My Music\Taylor Hicks\Taylor Hicks - Livin' For The City (Top 2).mp3 : Zone.Identifier (26 bytes)
C:\My Music\Taylor Hicks\Taylor Hicks - Livinâ_T For The City.mp3 : Zone.Identifier (26 bytes)
C:\My Music\Taylor Hicks\Taylor Hicks - Not Fade Away.mp3 : Zone.Identifier (26 bytes)
C:\My Music\Taylor Hicks\Taylor Hicks - Play That Funky Music.mp3 : Zone.Identifier (26 bytes)
C:\My Music\Taylor Hicks\Taylor Hicks - Something.mp3 : Zone.Identifier (26 bytes)
C:\My Music\Taylor Hicks\Taylor Hicks - Take Me Home Country Road.mp3 : Zone.Identifier (26 bytes)
C:\My Music\Taylor Hicks\Taylor Hicks - Takin' It To The Streets (Top 3 Results).mp3 : Zone.Identifier (26 bytes)
C:\My Music\Taylor Hicks\Taylor Hicks - Takinâ_T It To The Streets.mp3 : Zone.Identifier (26 bytes)
C:\My Music\Taylor Hicks\Taylor Hicks - The First Cut Is The Deepest.mp3 : Zone.Identifier (26 bytes)
C:\My Music\Taylor Hicks\Taylor Hicks - Trouble.mp3 : Zone.Identifier (26 bytes)
C:\My Music\Taylor Hicks\Taylor Hicks - Try A Little Tenderness.mp3 : Zone.Identifier (26 bytes)
C:\My Music\Taylor Hicks\Taylor Hicks - You Are So Beautiful.mp3 : Zone.Identifier (26 bytes)
C:\My Music\Taylor Hicks\Taylor Hicks - You Send Me.mp3 : Zone.Identifier (26 bytes)
C:\My Music\Taylor Hicks\Taylor, Katharine, Carrie - Made It Through The Rain.mp3 : Zone.Identifier (26 bytes)
C:\My Music\Taylor Hicks.zip : Zone.Identifier (26 bytes)
C:\My Music\Thumbs.db : encryptable (0 bytes)
C:\Norton_Removal_Tool.exe : Zone.Identifier (26 bytes)
C:\Program Files\aawsepersonal.exe : Zone.Identifier (26 bytes)
C:\Program Files\amarafpa.exe : Zone.Identifier (26 bytes)
C:\Program Files\Application Files\WoWgasmic Launcher_1_9_0_5\wowgasm.ico : Zone.Identifier (26 bytes)
C:\Program Files\Application Files\WoWgasmic Launcher_1_9_0_5\WoWgasmic Launcher.application : Zone.Identifier (26 bytes)
C:\Program Files\Application Files\WoWgasmic Launcher_1_9_0_5\WoWgasmic Launcher.exe : Zone.Identifier (26 bytes)
C:\Program Files\Application Files\WoWgasmic Launcher_1_9_0_5\WoWgasmic Launcher.exe.config : Zone.Identifier (26 bytes)
C:\Program Files\Application Files\WoWgasmic Launcher_1_9_0_5\WoWgasmic Launcher.exe.manifest : Zone.Identifier (26 bytes)
C:\Program Files\CCleaner\ccsetup202.exe : Zone.Identifier (26 bytes)
C:\Program Files\CCleaner\ccsetup203.exe : Zone.Identifier (26 bytes)
C:\Program Files\ccsetup141.exe : Zone.Identifier (26 bytes)
C:\Program Files\FilmLoopSetup.exe : Zone.Identifier (26 bytes)
C:\Program Files\gmer.exe : Zone.Identifier (26 bytes)
C:\Program Files\gmer.zip : Zone.Identifier (26 bytes)
C:\Program Files\HiJackThis.exe : Zone.Identifier (26 bytes)
C:\Program Files\HostsXpert.zip : Zone.Identifier (26 bytes)
C:\Program Files\instsoe.exe : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\D2Editor.exe : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\license.txt : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\readme.txt : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\Character.cpp : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\Character.h : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\CharacterConstants.h : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\Constants.h : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\D2AboutForm.cpp : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\D2AboutForm.ddp : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\D2AboutForm.dfm : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\D2AboutForm.h : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\D2Editor.bpr : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\D2Editor.cesettings : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\D2Editor.cpp : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\D2Editor.res : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\D2GemsForm.cpp : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\D2GemsForm.ddp : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\D2GemsForm.dfm : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\D2GemsForm.h : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\D2LevelInfoForm.cpp : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\D2LevelInfoForm.ddp : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\D2LevelInfoForm.dfm : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\D2LevelInfoForm.h : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\D2MainForm.cpp : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\D2MainForm.ddp : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\D2MainForm.dfm : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\D2MainForm.h : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\D2QuestsForm.cpp : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\D2QuestsForm.ddp : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\D2QuestsForm.dfm : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\D2QuestsForm.h : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\D2SkillTreeForm.cpp : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\D2SkillTreeForm.ddp : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\D2SkillTreeForm.dfm : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\D2SkillTreeForm.h : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\D2WaypointsForm.cpp : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\D2WaypointsForm.ddp : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\D2WaypointsForm.dfm : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\D2WaypointsForm.h : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\DataTypes.h : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\ExperienceConstants.h : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\Item.cpp : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\Item.h : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\ItemConstants.h : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\MainFormConstants.h : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\SkillConstants.h : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\source\WaypointConstants.h : Zone.Identifier (26 bytes)
C:\Program Files\Internet Explorer\UserGuide.pdf : Zone.Identifier (26 bytes)
C:\Program Files\iTunesSetup.exe : Zone.Identifier (26 bytes)
C:\Program Files\Java\jre-1_5_0_06-windows-i586-p-iftw.exe : Zone.Identifier (26 bytes)
C:\Program Files\jdk-6-windows-i586-iftw.exe : Zone.Identifier (26 bytes)
C:\Program Files\MySpace\MySpaceIM_Setup.exe : Zone.Identifier (26 bytes)
C:\Program Files\PC030904.doc : Zone.Identifier (26 bytes)
C:\Program Files\setup.exe : Zone.Identifier (26 bytes)
C:\Program Files\Shockwave.com\Thumbs.db : encryptable (0 bytes)
C:\Program Files\Silent Runners.vbs : Zone.Identifier (26 bytes)
C:\Program Files\spybotsd14.exe : Zone.Identifier (26 bytes)
C:\Program Files\sspsetup1_1857056449.exe : Zone.Identifier (26 bytes)
C:\Program Files\Symantec\CrimsonNight.zip : Zone.Identifier (26 bytes)
C:\Program Files\Symantec\es_greycat_ver8exe-self-installing-yahoo-messenger-skins.exe : Zone.Identifier (26 bytes)
C:\Program Files\Tambra Plummer.exe : Zone.Identifier (26 bytes)
C:\Program Files\The Rise of Atlantis\The Rise of Atlantis.exe : {3AFC5537-92EB-25C2-F460-09F7D8CE46C9} (99 bytes)
C:\Program Files\The Rise of Atlantis\The Rise of Atlantis.exe : {5EC5255C-14BD-45EC-FB42-ABDE1B09E9C4} (99 bytes)
C:\Program Files\The Rise of Atlantis\The Rise of Atlantis.exe : {5F016BD5-AAD6-F1A3-0924-25A30BA36EB7} (99 bytes)
C:\Program Files\The Rise of Atlantis\The Rise of Atlantis.exe : {8A083889-ED43-4C2E-1D15-953C0A306B30} (99 bytes)
C:\Program Files\uqm-0[1].4.0-win32-installer.exe : Zone.Identifier (26 bytes)
C:\Program Files\Webroot\sspsetup1_.exe : Zone.Identifier (26 bytes)
C:\Program Files\winamp521_full_emusic-7plus.exe : Zone.Identifier (26 bytes)
C:\Program Files\Windows Media Player\04 25 06 Just Once.mp3 : Zone.Identifier (26 bytes)
C:\Program Files\WindowsDefenderX64.msi : Zone.Identifier (26 bytes)
C:\Program Files\WinZip\falche.zip : Zone.Identifier (26 bytes)
C:\Program Files\WinZip\winzip100.exe : Zone.Identifier (26 bytes)
C:\Program Files\WinZip\winzip110.exe : Zone.Identifier (26 bytes)
C:\Program Files\winzip100.exe : Zone.Identifier (26 bytes)
C:\Program Files\winzip110.exe : Zone.Identifier (26 bytes)
C:\Program Files\wmp11-windowsxp-x86-enu.exe : Zone.Identifier (26 bytes)
C:\Program Files\WordPerfect Office 12\CBP_0323.exe : Zone.Identifier (26 bytes)
C:\Program Files\wowclient-downloader.exe : Zone.Identifier (26 bytes)
C:\Program Files\Yahoo!\Messenger\msgr75us.exe : Zone.Identifier (26 bytes)
C:\Program Files\Yahoo! Games\Scrabble\GHScrabble.exe : {06E59DF7-F01E-C020-AC88-CD3A6F9A4B59} (137 bytes)
C:\Program Files\yahoo61.exe : Zone.Identifier (26 bytes)
C:\Program Files\yahoo_magicmatch1-1_tm5-3.exe : Zone.Identifier (26 bytes)
C:\Program Files\yinst_current.exe : Zone.Identifier (26 bytes)
C:\readme.txt : Zone.Identifier (26 bytes)
C:\RECYCLER\S-1-5-21-967004240-1806797463-2485432410-1009\Dc8.exe : Zone.Identifier (26 bytes)
C:\source\Character.cpp : Zone.Identifier (26 bytes)
C:\source\Character.h : Zone.Identifier (26 bytes)
C:\source\CharacterConstants.h : Zone.Identifier (26 bytes)
C:\source\Constants.h : Zone.Identifier (26 bytes)
C:\source\D2AboutForm.cpp : Zone.Identifier (26 bytes)
C:\source\D2AboutForm.ddp : Zone.Identifier (26 bytes)
C:\source\D2AboutForm.dfm : Zone.Identifier (26 bytes)
C:\source\D2AboutForm.h : Zone.Identifier (26 bytes)
C:\source\D2Editor.bpr : Zone.Identifier (26 bytes)
C:\source\D2Editor.cesettings : Zone.Identifier (26 bytes)
C:\source\D2Editor.cpp : Zone.Identifier (26 bytes)
C:\source\D2Editor.res : Zone.Identifier (26 bytes)
C:\source\D2GemsForm.cpp : Zone.Identifier (26 bytes)
C:\source\D2GemsForm.ddp : Zone.Identifier (26 bytes)
C:\source\D2GemsForm.dfm : Zone.Identifier (26 bytes)
C:\source\D2GemsForm.h : Zone.Identifier (26 bytes)
C:\source\D2LevelInfoForm.cpp : Zone.Identifier (26 bytes)
C:\source\D2LevelInfoForm.ddp : Zone.Identifier (26 bytes)
C:\source\D2LevelInfoForm.dfm : Zone.Identifier (26 bytes)
C:\source\D2LevelInfoForm.h : Zone.Identifier (26 bytes)
C:\source\D2MainForm.cpp : Zone.Identifier (26 bytes)
C:\source\D2MainForm.ddp : Zone.Identifier (26 bytes)
C:\source\D2MainForm.dfm : Zone.Identifier (26 bytes)
C:\source\D2MainForm.h : Zone.Identifier (26 bytes)
C:\source\D2QuestsForm.cpp : Zone.Identifier (26 bytes)
C:\source\D2QuestsForm.ddp : Zone.Identifier (26 bytes)
C:\source\D2QuestsForm.dfm : Zone.Identifier (26 bytes)
C:\source\D2QuestsForm.h : Zone.Identifier (26 bytes)
C:\source\D2SkillTreeForm.cpp : Zone.Identifier (26 bytes)
C:\source\D2SkillTreeForm.ddp : Zone.Identifier (26 bytes)
C:\source\D2SkillTreeForm.dfm : Zone.Identifier (26 bytes)
C:\source\D2SkillTreeForm.h : Zone.Identifier (26 bytes)
C:\source\D2WaypointsForm.cpp : Zone.Identifier (26 bytes)
C:\source\D2WaypointsForm.ddp : Zone.Identifier (26 bytes)
C:\source\D2WaypointsForm.dfm : Zone.Identifier (26 bytes)
C:\source\D2WaypointsForm.h : Zone.Identifier (26 bytes)
C:\source\DataTypes.h : Zone.Identifier (26 bytes)
C:\source\ExperienceConstants.h : Zone.Identifier (26 bytes)
C:\source\Item.cpp : Zone.Identifier (26 bytes)
C:\source\Item.h : Zone.Identifier (26 bytes)
C:\source\ItemConstants.h : Zone.Identifier (26 bytes)
C:\source\MainFormConstants.h : Zone.Identifier (26 bytes)
C:\source\SkillConstants.h : Zone.Identifier (26 bytes)
C:\source\WaypointConstants.h : Zone.Identifier (26 bytes)
C:\sspsetup1_.exe : Zone.Identifier (26 bytes)
C:\UserGuide.pdf : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\animlicn.zip : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\balloon10.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\balloon11.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\balloon12.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\balloon20.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\balloon21.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\balloon30.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\balloon31.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\balloon32.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\balloon33.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\balloon34.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\balloon35.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\balloon36.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\balloon37.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\balloonicn.zip : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\baretree.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\bear.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\bee.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\bird.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\birdhouse.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\birdiehse.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Bow.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\bulb.ani : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\bulb.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\bunny face.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\buttrfly1.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\buttrfly2.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\buttrfly3.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\candles.ani : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\candles.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\candycane.cur : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\cat.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\christmasicn1.zip : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\cndycan1.ani : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\cndycan2.ani : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\cndycan3.ani : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\cndycan4.ani : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\cocoaf.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\cow.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\dog.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\door.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\duck.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\eastericons.zip : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\egg.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\eggbasket1.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\eggbasket2.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\eggbasket3.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\eggbasket4.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\faceicon.zip : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\fbol.ani : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\flamingo.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\floppy.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\floppyb3.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\flowerfac1.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\flowerfac2.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\flowerfac3.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\flowerfac4.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\flowerfac5.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\football.ani : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\frog.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\futbol.zip : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\gift1.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\gift2.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\gift3.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\girl30.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\girl31.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\girl32.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\girl33.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\gngrbrdhouse.cur : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\heart.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\heartballoon.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\holidayhome.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\holly.cur : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\holly.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\hotairbln.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 01.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 02.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 03.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 04.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 05.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 06.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 07.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 08.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 09.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 10.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 11.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 12.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 13.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 14.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 15.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 16.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 17.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 18.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 19.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 20.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 21.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 22.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 23.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 24.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 25.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 26.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 27.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 28.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 29.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 30.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 31.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 32.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 33.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 34.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 35.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 36.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 37.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 38.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 39.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 40.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 41.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 42.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 43.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 44.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 45.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 46.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 47.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 48.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 49.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 50.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 51.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 52.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 53.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 54.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 55.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 56.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 57.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 58.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 59.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 60.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 61.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 62.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 63.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 64.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 65.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 66.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 67.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 68.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 69.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 70.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 71.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 72.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 73.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 74.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 75.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 76.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 77.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 78.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 79.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 80.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 81.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 82.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 83.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse Icon 84.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse.iconpackage : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Impulse.ip : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\inchworm.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\ladybug.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\lion.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\mad50.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\mad51.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\mad52.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\mad53.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\mad54.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\monkey.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\piggy.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\rat.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\rose.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\roseani.zip : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\roses.ani : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\seahorse.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\smilie10.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\smilie11.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\smilie12.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\smilie13.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\smilie14.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\smilie20.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\smilie21.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\smilie22.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\smilie23.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\snail.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\snowball.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\snowcapmntns.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\snowflake1.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\snowflake2.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\snowflake3.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\snowflake4.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\snowhome.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\snowman.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\snowtree.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\snowyfence.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\snowypath.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\sspsetup1_.exe : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\star.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\star1.ani : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\star2.ani : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\star3.ani : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\star4.ani : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\surprise40.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\surprise41.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\surprise42.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\surprise43.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\surprise44.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\tongue60.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\tongue60b.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\tongue61.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\tongue61b.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\tongue62.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\tongue62b.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\tongue63.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\tongue63b.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\tree1.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\Tree2.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\tree3.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\tree4.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\tree5.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\turtle.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\twinklearrow.ani : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\twinklearrow2.ani : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\twinklearrow3.ani : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\twinklearrow4.ani : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\twinklearrow5.ani : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\twinklearrow6.ani : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\window.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\wintericon.zip : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\wreath.ico : Zone.Identifier (26 bytes)
C:\WINDOWS\Cursors\xmascur.zip : Zone.Identifier (26 bytes)
C:\WINDOWS\gmer.exe : Zone.Identifier (26 bytes)
C:\WINDOWS\WindowsDefenderX64.msi : Zone.Identifier (26 bytes)
C:\yahoo_ghscrabble_tm5-3.exe : Zone.Identifier (26 bytes)

Final Hijack This report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:27 PM, on 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\CWDefScn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Browser Mouse\MOffice.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Browser Mouse\MOUSE32A.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mycablespeed.com/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: XTN Monitor - {8F8292B7-353C-427D-A52F-8EA4120E3A6F} - C:\WINDOWS\ddwlxtqnow.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ncoOSCheck] "C:\Program Files\Norton Confidential\osCheck.exe"
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] "C:\Program Files\Browser Mouse\MOffice.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AcctMgr] "C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" /startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CAMTRAY.EXE"
O4 - HKCU\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKUS\S-1-5-21-967004240-1806797463-2485432410-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Art Plummer')
O4 - HKUS\S-1-5-21-967004240-1806797463-2485432410-1007\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Art Plummer')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-21-967004240-1806797463-2485432410-1007 Startup: PowerReg Scheduler V3.exe (User 'Art Plummer')
O4 - S-1-5-21-967004240-1806797463-2485432410-1007 User Startup: PowerReg Scheduler V3.exe (User 'Art Plummer')
O4 - S-1-5-18 Startup: PowerReg Scheduler V3.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: PowerReg Scheduler V3.exe (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\gui1.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Branden Plummer\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v46/share...GamesLoader.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex...wareControl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/downl...lscbase3401.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141959034171
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://dell.kodakgallery.com/downloads/BUM..._1/axofupld.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://www.shockwave.com/content/dreamchro...web.1.0.0.9.cab
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - https://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v45/wordmojo/wordmojo.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v55/cubis/cubis.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v45/sol/sol.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v48/luxor/luxor.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) - http://www.shockwave.com/content/zenerchi/...eb.1.0.0.10.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.gamehouse.com/games/zylom/zylomplayer.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} (CPlayFirstSandScriptControl Object) - http://www.gamehouse.com/realarcade-webgam.../SandScript.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin.cab
O21 - SSODL: agrlmvp - {94112937-2C4F-4DBF-8791-6C53776F8ED0} - C:\WINDOWS\agrlmvp.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 16247 bytes
"What doesn't kill you, Makes you stronger"

#15 mistressbluz

mistressbluz
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Location:Maryland
  • Local time:06:52 AM

Posted 16 January 2008 - 05:43 AM

Sorry these are the names of the 3 things I can't get rid of....GRRRRRRRR!!!!!!

Smitfraudc.msvpc
Smitfraudc
Zlob downloader.vcd

I have ran spybot search and destroy 7 times and it is still with me and all I keep getting is pop up after pop up after pop all asking me to download some type of adaware or something because my computer needs to be cleaned, it's so bad that one of them is crimson red and takes over my whole computer screen.....It just wont go away! :thumbsup:
"What doesn't kill you, Makes you stronger"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users