[Me Too] XP Pro Hacked: Lost Admin rights on User Account!

noahdfear · 2007/12/08

We're making great progress! Please post the C:\ComboFix.txt log before continuing with the following.

First, verify that the shavon account has administrative rights and the system date is correct.

Download a fresh copy of ComboFix from here and place it on the shavon desktop. Delete all other copies on the system.

Logon to the shavon account. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to the desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)
Code:
DirLook::
C:\0857d8cea1cd281987
C:\WINDOWS\zmki
File::
C:\WINDOWS\system32\tqfettwp.exe
C:\WINDOWS\system32\aacqcycx.exe
C:\WINDOWS\system32\owoylscl.exe
C:\WINDOWS\system32\akqvxueo.exe
C:\WINDOWS\system32\hoctphvc.exe
C:\WINDOWS\system32\uyepujpo.exe
C:\Program Files\Windows Media Player\dirtojuxo.html
Folder::
C:\WINDOWS\zmki
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkkkl] 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "Sen "=-
 "Nrsbg "=-
 "WinTouch "=-
 "SfKg6w "=-
 "Words "=-
 "WinAble "=-
 "QdrModule9 "=-
 "QdrPack9 "=-
 "Insider "=-
 "Spoolsv "=-
 "Ultimate Cleaner "=-
Disable the McAfee monitoring service (I think it can be done via right click on the taskbar icon).
Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Still on the shavon account, right click the desktop and select Properties. Select the Desktop tab, then click the Customize Desktop button. Select the Web tab. Select everything you find in there (except for "My current home page ") and press the delete button on the right. Click OK then Apply and OK again.

Now create another HijackThis log and post it here as well.

taylorwn · 2007/12/08

Combofix.txt log

ComboFix 07-12-07.3 - ADMIN 2007-12-06 21:04:09.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.201 [GMT -7:00]
Running from: C:\Documents and Settings\ADMIN\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\ADMIN\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\aexryowc.ini
C:\WINDOWS\system32\aqawuxvi.ini
C:\WINDOWS\system32\bahjtptx.ini
C:\WINDOWS\system32\clqcbsti.ini
C:\WINDOWS\system32\cmqormrw.ini
C:\WINDOWS\system32\cphfsdbr.ini
C:\WINDOWS\system32\dobcvygc.ini
C:\WINDOWS\system32\dtuqfbgd.ini
C:\WINDOWS\system32\efrcpcvh.ini
C:\WINDOWS\system32\efrcpcvh.tmp
C:\WINDOWS\system32\ergwuhjs.ini
C:\WINDOWS\system32\exxeciop.ini
C:\WINDOWS\system32\ffwxpbuf.ini
C:\WINDOWS\system32\gakyvegu.ini
C:\WINDOWS\system32\gomjleuh.ini
C:\WINDOWS\system32\hacuaotf.ini
C:\WINDOWS\system32\hdldqtcc.ini
C:\WINDOWS\system32\iejklqky.ini
C:\WINDOWS\system32\jghpjwuq.ini
C:\WINDOWS\system32\jkgqauih.ini
C:\WINDOWS\system32\lbaxkhju.ini
C:\WINDOWS\system32\lglpulnr.ini
C:\WINDOWS\system32\lhtuapco.ini
C:\WINDOWS\system32\lptjqqjy.ini
C:\WINDOWS\system32\lwskutal.ini
C:\WINDOWS\system32\mhvuelfa.ini
C:\WINDOWS\system32\mtepmcap.ini
C:\WINDOWS\system32\nbeovpfy.ini
C:\WINDOWS\system32\ntkuliad.ini
C:\WINDOWS\system32\obqjchld.ini
C:\WINDOWS\system32\opnkkkl.dll
C:\WINDOWS\system32\ovabrdey.ini
C:\WINDOWS\system32\ovnverib.ini
C:\WINDOWS\system32\psihvbqg.ini
C:\WINDOWS\system32\pyalrxws.ini
C:\WINDOWS\system32\qitaasvh.ini
C:\WINDOWS\system32\qphyenog.ini
C:\WINDOWS\system32\qspenrtc.ini
C:\WINDOWS\system32\qvgpchpm.ini
C:\WINDOWS\system32\sarmxrip.ini
C:\WINDOWS\system32\sibniysv.ini
C:\WINDOWS\system32\sjkkewie.ini
C:\WINDOWS\system32\tgkolxqp.ini
C:\WINDOWS\system32\ulvvjyfi.ini
C:\WINDOWS\system32\umchuoib.ini
C:\WINDOWS\system32\uuxsbywt.ini
C:\WINDOWS\system32\vigpubks.ini
C:\WINDOWS\system32\vmipfbqx.ini
C:\WINDOWS\system32\vtkllbdr.ini
C:\WINDOWS\system32\wcbwgxhj.ini
C:\WINDOWS\system32\whgenrwu.ini
C:\WINDOWS\system32\xcsumvby.ini
C:\WINDOWS\system32\xircmloj.ini
C:\WINDOWS\system32\xkpwwpgd.ini
C:\WINDOWS\system32\xnbhecwf.ini
C:\WINDOWS\system32\xwfywgsy.ini
C:\WINDOWS\system32\yetnfpgk.ini
C:\WINDOWS\system32\ypkiyesb.ini
C:\WINDOWS\system32\ytwqlhbh.ini
C:\WINDOWS\system32\yvcwkulk.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\trey\Application Data\ultra
C:\WINDOWS\inf\ultra.inf
C:\WINDOWS\system32\aexryowc.ini
C:\WINDOWS\system32\aqawuxvi.ini
C:\WINDOWS\system32\bahjtptx.ini
C:\WINDOWS\system32\clqcbsti.ini
C:\WINDOWS\system32\cmqormrw.ini
C:\WINDOWS\system32\cphfsdbr.ini
C:\WINDOWS\system32\dobcvygc.ini
C:\WINDOWS\system32\dtuqfbgd.ini
C:\WINDOWS\system32\efrcpcvh.ini
C:\WINDOWS\system32\efrcpcvh.tmp
C:\WINDOWS\system32\ergwuhjs.ini
C:\WINDOWS\system32\exxeciop.ini
C:\WINDOWS\system32\ffwxpbuf.ini
C:\WINDOWS\system32\gakyvegu.ini
C:\WINDOWS\system32\gomjleuh.ini
C:\WINDOWS\system32\hacuaotf.ini
C:\WINDOWS\system32\hdldqtcc.ini
C:\WINDOWS\system32\iejklqky.ini
C:\WINDOWS\system32\jghpjwuq.ini
C:\WINDOWS\system32\jkgqauih.ini
C:\WINDOWS\system32\lbaxkhju.ini
C:\WINDOWS\system32\lglpulnr.ini
C:\WINDOWS\system32\lhtuapco.ini
C:\WINDOWS\system32\lptjqqjy.ini
C:\WINDOWS\system32\lwskutal.ini
C:\WINDOWS\system32\mhvuelfa.ini
C:\WINDOWS\system32\mtepmcap.ini
C:\WINDOWS\system32\nbeovpfy.ini
C:\WINDOWS\system32\ntkuliad.ini
C:\WINDOWS\system32\obqjchld.ini
C:\WINDOWS\system32\ovabrdey.ini
C:\WINDOWS\system32\ovnverib.ini
C:\WINDOWS\system32\psihvbqg.ini
C:\WINDOWS\system32\pyalrxws.ini
C:\WINDOWS\system32\qitaasvh.ini
C:\WINDOWS\system32\qphyenog.ini
C:\WINDOWS\system32\qspenrtc.ini
C:\WINDOWS\system32\qvgpchpm.ini
C:\WINDOWS\system32\sarmxrip.ini
C:\WINDOWS\system32\sibniysv.ini
C:\WINDOWS\system32\sjkkewie.ini
C:\WINDOWS\system32\tgkolxqp.ini
C:\WINDOWS\system32\ulvvjyfi.ini
C:\WINDOWS\system32\umchuoib.ini
C:\WINDOWS\system32\uuxsbywt.ini
C:\WINDOWS\system32\vigpubks.ini
C:\WINDOWS\system32\vmipfbqx.ini
C:\WINDOWS\system32\vtkllbdr.ini
C:\WINDOWS\system32\wcbwgxhj.ini
C:\WINDOWS\system32\whgenrwu.ini
C:\WINDOWS\system32\xcsumvby.ini
C:\WINDOWS\system32\xircmloj.ini
C:\WINDOWS\system32\xkpwwpgd.ini
C:\WINDOWS\system32\xnbhecwf.ini
C:\WINDOWS\system32\xwfywgsy.ini
C:\WINDOWS\system32\yetnfpgk.ini
C:\WINDOWS\system32\ypkiyesb.ini
C:\WINDOWS\system32\ytwqlhbh.ini
C:\WINDOWS\system32\yvcwkulk.ini

.
((((((((((((((((((((((((( Files Created from 2007-11-07 to 2007-12-07 )))))))))))))))))))))))))))))))
.

2007-12-05 20:48 . 2007-12-05 20:48 <DIR> d-------- C:\WINDOWS\LastGood
2007-12-03 17:02 . 2007-12-06 17:09 512 --a------ C:\WINDOWS\randseed.rnd
2007-12-02 20:27 . 2007-12-02 20:32 1,372 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-02 14:53 . 2007-12-02 14:53 <DIR> d-------- C:\Deckard
2007-12-02 14:46 . 2007-12-02 14:46 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\Lavasoft
2007-12-01 19:30 . 2007-12-02 21:28 <DIR> d-------- C:\HJT
2007-11-28 20:48 . 2007-11-28 20:48 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-27 21:28 . 2007-12-02 00:05 <DIR> d-------- C:\quarantine
2007-11-27 21:23 . 2007-12-05 20:34 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\Yahoo!
2007-11-27 21:05 . 2007-11-27 21:05 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2007-11-27 21:05 . 2005-01-14 20:00 108,480 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-11-27 21:05 . 2005-01-14 20:00 58,464 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys
2007-11-27 21:01 . 2007-11-27 21:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Network Associates
2007-11-27 21:00 . 2007-11-27 21:05 <DIR> d-------- C:\Program Files\Network Associates
2007-11-27 21:00 . 2007-11-27 21:01 <DIR> d-------- C:\Program Files\Common Files\Network Associates
2007-11-27 20:02 . 2007-12-02 21:37 <DIR> d--h----- C:\Documents and Settings\ADMIN\Application Data\GTek
2007-11-27 20:00 . 2006-02-15 09:48 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\Corel
2007-11-27 14:24 . 2007-11-27 14:39 780,396 ---hs---- C:\WINDOWS\system32\capafgjm.ini
2007-11-26 14:57 . 2007-11-26 15:05 20,944 --a------ C:\Documents and Settings\trey\Application Data\info.dat
2007-11-24 20:04 . 2007-11-24 20:04 <DIR> d-------- C:\Documents and Settings\trey\Application Data\acccore
2007-11-24 13:02 . 2007-11-24 13:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-11-24 12:59 . 2007-11-24 13:06 <DIR> d-------- C:\Program Files\AIM6
2007-11-16 21:33 . 2007-11-16 21:33 118 --a------ C:\WINDOWS\system32\MRT.INI
2007-11-14 19:02 . 2007-11-14 19:02 <DIR> d-------- C:\Documents and Settings\trey\Application Data\Sonic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-03 10:01 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-29 03:40 --------- d-----w C:\Program Files\BFG
2007-11-26 20:29 --------- d-----w C:\Documents and Settings\trey\Application Data\Yahoo!
2007-11-24 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-24 20:04 --------- d-----w C:\Program Files\Viewpoint
2007-11-24 20:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-24 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-24 20:00 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-15 06:47 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Yahoo!
2007-11-03 01:55 --------- d-----w C:\Program Files\LimeWire
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-22 18:03 7,728 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-10-19 22:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2007-10-11 00:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-11 00:57 --------- d-----w C:\Program Files\McAfee
2007-10-07 15:15 --------- d-----w C:\Documents and Settings\trey\Application Data\MySpace
2007-10-07 01:52 --------- d-----w C:\Program Files\MySpace
.

((((((((((((((((((((((((((((( snapshot@2007-12-02_21.24.29.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-06-19 22:19:42 571,184 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2007-10-11 21:12:48 1,468,968 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
- 2006-09-25 23:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-10-08 21:46:18 14,640 ------w C:\WINDOWS\system32\spmsg.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 18:16]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DMXLauncher "= "C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 00:02]
"dlccmon.exe "= "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 12:03]
"Corel Photo Downloader "= "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 10:06]
"ShStatEXE "= "C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00]
"McAfeeUpdaterUI "= "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50]
"Network Associates Error Reporting Service "= "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM "= "C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 17:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkkkl]
opnkkkl.dll

R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-12-07 03:28:05 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job "
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-11-24 01:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (JACKSON-shavon).job "
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-06 21:07:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-06 21:09:29
C:\ComboFix2.txt ... 2007-12-05 20:26
C:\ComboFix3.txt ... 2007-12-02 21:25
.
--- E O F ---

taylorwn · 2007/12/08

new combofix log

Under Display properties, nothing was listed. I will post the HJT log in the next post

ComboFix 07-12-09.1 - shavon 2007-12-08 21:59:32.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.153 [GMT -7:00]
Running from: C:\Documents and Settings\shavon\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\shavon\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Program Files\Windows Media Player\dirtojuxo.html
C:\WINDOWS\system32\aacqcycx.exe
C:\WINDOWS\system32\akqvxueo.exe
C:\WINDOWS\system32\hoctphvc.exe
C:\WINDOWS\system32\owoylscl.exe
C:\WINDOWS\system32\tqfettwp.exe
C:\WINDOWS\system32\uyepujpo.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\carrie\err.log
C:\Documents and Settings\shavon\Application Data.\Ultimate Cleaner
C:\Documents and Settings\shavon\Application Data.\Ultimate Cleaner\settings.dat
C:\Documents and Settings\shavon\Application Data\DriveCleaner Freeware
C:\Documents and Settings\shavon\Application Data\DriveCleaner Freeware\Logs\update.log
C:\Documents and Settings\shavon\Application Data\microsoft\internet explorer\quick launch\Start UltimateCleaner 2007.lnk
C:\Documents and Settings\shavon\Application Data\SSTEM3~1
C:\Documents and Settings\shavon\Application Data\Ultimate Cleaner\settings.dat
C:\Documents and Settings\shavon\Application Data\ultra
C:\Documents and Settings\shavon\Application Data\ultra\uninstall.bat
C:\Documents and Settings\shavon\Application Data\WinAntiSpyware 2007
C:\Documents and Settings\shavon\Application Data\WinAntiSpyware 2007\Logs\update.log
C:\Documents and Settings\shavon\Application Data\WinAntiVirus Pro 2006
C:\Documents and Settings\shavon\Application Data\WinTouch
C:\Documents and Settings\shavon\Application Data\WinTouch\config.cfg.0b60cfc4b6d3e3c37130521350ebc7f6
C:\Documents and Settings\shavon\Application Data\WinTouch\config.cfg.8d68bffad82bfad2a0e1130ad411933c
C:\Documents and Settings\shavon\Application Data\WinTouch\config.cfg.8d97be52b05aa441ca7acabae163fc29
C:\Documents and Settings\shavon\Application Data\WinTouch\config.cfg.c87f90b7f3893b3fd8bffe5ddd65b0f3
C:\Documents and Settings\shavon\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\shavon\err.log
C:\Documents and Settings\shavon\My Documents\ECURIT~1
C:\Documents and Settings\shavon\My Documents\ECURIT~1\?ecurity\
C:\Documents and Settings\shavon\My Documents\SSTEM~1
C:\Documents and Settings\shavon\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\shavon\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\shavon\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Documents and Settings\shavon\Start Menu\Programs\Outerinfo
C:\Documents and Settings\shavon\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\shavon\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\Windows Media Player\dirtojuxo.html
C:\WINDOWS\system32\aacqcycx.exe
C:\WINDOWS\system32\akqvxueo.exe
C:\WINDOWS\system32\hoctphvc.exe
C:\WINDOWS\system32\owoylscl.exe
C:\WINDOWS\system32\tqfettwp.exe
C:\WINDOWS\system32\uyepujpo.exe
C:\WINDOWS\zmki
C:\WINDOWS\zmki\wu
C:\WINDOWS\zmki\zmki.dat

.
((((((((((((((((((((((((( Files Created from 2007-11-09 to 2007-12-09 )))))))))))))))))))))))))))))))
.

2007-12-05 20:48 . 2007-12-05 20:48 <DIR> d-------- C:\WINDOWS\LastGood
2007-12-03 17:02 . 2007-12-08 17:18 512 --a------ C:\WINDOWS\randseed.rnd
2007-12-02 20:27 . 2007-12-02 20:32 1,372 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-02 14:53 . 2007-12-02 14:53 <DIR> d-------- C:\Deckard
2007-12-02 14:46 . 2007-12-02 14:46 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\Lavasoft
2007-12-01 19:30 . 2007-12-08 09:01 <DIR> d-------- C:\HJT
2007-11-28 21:26 . 2007-11-28 21:26 <DIR> d-------- C:\Documents and Settings\shavon\Application Data\Lavasoft
2007-11-28 20:48 . 2007-11-28 20:48 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-27 21:28 . 2007-12-06 22:49 <DIR> d-------- C:\quarantine
2007-11-27 21:23 . 2007-12-05 20:34 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\Yahoo!
2007-11-27 21:05 . 2007-11-27 21:05 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2007-11-27 21:05 . 2005-01-14 20:00 108,480 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-11-27 21:05 . 2005-01-14 20:00 58,464 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys
2007-11-27 21:01 . 2007-11-27 21:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Network Associates
2007-11-27 21:00 . 2007-11-27 21:05 <DIR> d-------- C:\Program Files\Network Associates
2007-11-27 21:00 . 2007-11-27 21:01 <DIR> d-------- C:\Program Files\Common Files\Network Associates
2007-11-27 20:02 . 2007-12-02 21:37 <DIR> d--h----- C:\Documents and Settings\ADMIN\Application Data\GTek
2007-11-27 20:00 . 2006-02-15 09:48 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\Corel
2007-11-27 14:24 . 2007-11-27 14:39 780,396 ---hs---- C:\WINDOWS\system32\capafgjm.ini
2007-11-26 14:57 . 2007-11-26 15:05 20,944 --a------ C:\Documents and Settings\trey\Application Data\info.dat
2007-11-24 20:04 . 2007-11-24 20:04 <DIR> d-------- C:\Documents and Settings\trey\Application Data\acccore
2007-11-24 18:03 . 2007-11-24 18:03 <DIR> d-------- C:\Documents and Settings\shavon\Application Data\acccore
2007-11-24 13:02 . 2007-11-24 13:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-11-24 12:59 . 2007-11-24 13:06 <DIR> d-------- C:\Program Files\AIM6
2007-11-22 10:36 . 2007-11-22 12:21 20,944 --a------ C:\Documents and Settings\shavon\Application Data\info.dat
2007-11-16 21:33 . 2007-11-16 21:33 118 --a------ C:\WINDOWS\system32\MRT.INI
2007-11-14 19:02 . 2007-11-14 19:02 <DIR> d-------- C:\Documents and Settings\trey\Application Data\Sonic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-03 10:01 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-29 03:40 --------- d-----w C:\Program Files\BFG
2007-11-26 20:29 --------- d-----w C:\Documents and Settings\trey\Application Data\Yahoo!
2007-11-24 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-24 20:04 --------- d-----w C:\Program Files\Viewpoint
2007-11-24 20:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-24 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-24 20:00 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-15 06:47 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Yahoo!
2007-11-07 06:49 --------- d-----w C:\Documents and Settings\shavon\Application Data\Zango
2007-11-03 01:55 --------- d-----w C:\Program Files\LimeWire
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-22 18:03 7,728 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-10-19 22:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2007-10-11 00:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-11 00:57 --------- d-----w C:\Program Files\McAfee
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\0857d8cea1cd281987 ----

2007-07-12 23:24 788 --ah----- C:\0857d8cea1cd281987\$shtdwn$.req
2007-06-28 00:01 395346 --a------ C:\0857d8cea1cd281987\mrt.exe._p
2007-06-27 23:57 96216 --a------ C:\0857d8cea1cd281987\mrtstub.exe

---- Directory of C:\WINDOWS\zmki ----

2007-10-15 02:58 4420 --a------ C:\WINDOWS\zmki\zmki.dat
2002-07-26 16:02 153088 --a------ C:\WINDOWS\zmki\wu

((((((((((((((((((((((((((((( snapshot@2007-12-02_21.24.29.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-27 10:58:11 140,288 ----a-w C:\WINDOWS\catchme.exe
+ 2007-12-08 10:32:45 141,824 ----a-w C:\WINDOWS\catchme.exe
- 2006-06-19 22:19:42 571,184 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2007-10-11 21:12:48 1,468,968 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
- 2006-09-25 23:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-10-08 21:46:18 14,640 ------w C:\WINDOWS\system32\spmsg.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 16:43]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"MsnMsgr "= "C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"MySpaceIM "= "C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 17:04]
"AdobeUpdater "= "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" []
"YSearchProtection "= "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 07:59]
"Aim6 "= "C:\Program Files\AIM6\aim6.exe" [2007-10-04 08:20]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DMXLauncher "= "C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 00:02]
"dlccmon.exe "= "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 12:03]
"Corel Photo Downloader "= "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 10:06]
"ShStatEXE "= "C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00]
"McAfeeUpdaterUI "= "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50]
"Network Associates Error Reporting Service "= "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM "= "C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 17:04]

R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8fa74731-bb14-11db-be84-000fdbe71f7c}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-12-09 04:28:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job "
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-12-08 01:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (JACKSON-shavon).job "
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-08 22:03:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-08 22:05:35
C:\ComboFix2.txt ... 2007-12-06 21:09
C:\ComboFix3.txt ... 2007-12-05 20:26
.
--- E O F ---

taylorwn · 2007/12/08

HJT log ran under Shavon's account

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:53 PM, on 12/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe "
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe "
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8974 bytes

noahdfear · 2007/12/09

On the shavon account, scan again with HijackThis and place a check next to the following entry then click Fix Checked.

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

Close HijackThis.

Download ATF Cleaner by Atribune and save it to the drive root (Local Disk C:\).

Double click ATF-Cleaner.exe to run the program.

Check the boxes to the left of:

Windows Temp

Current User Temp

All Users Temp

Temporary Internet Files

Prefetch

Java Cache

Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".

Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to the desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)
Code:
File::
C:\WINDOWS\system32\capafgjm.ini
C:\WINDOWS\system32\MRT.INI
Folder::
C:\0857d8cea1cd281987
C:\Documents and Settings\shavon\Application Data\Zango
Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Just so you know, the MRT.ini file, and the C:\0857d8cea1cd281987 folder belong to the Microsoft malicious file removal tool and are generally automaically removed after it is run. I added then to the combofix script for convenience.

Please create and post a new HijackThis log from the shavon account along with the combofix log.

taylorwn · 2007/12/09

Combofix Log pt1

ComboFix 07-12-09.1 - shavon 2007-12-09 10:41:22.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.180 [GMT -7:00]
Running from: C:\Documents and Settings\shavon\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\shavon\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\capafgjm.ini
C:\WINDOWS\system32\MRT.INI
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\0857d8cea1cd281987
C:\0857d8cea1cd281987\$shtdwn$.req
C:\0857d8cea1cd281987\mrt.exe._p
C:\0857d8cea1cd281987\mrtstub.exe
C:\Documents and Settings\shavon\Application Data\Zango
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\1.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\1026108.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\1031292.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\1055780.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\1055993.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\1058131.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\1058634.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\1059760.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\1064372.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\1065005.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\1066483.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\1066790.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\1067625.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\1070492.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\1168802.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\12077.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\1383448.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\1383771.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\1388761.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\1389807.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\1395210.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\1396657.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\1400602.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\1400989.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\1401002.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\1401613.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\1401913.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\1403732.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\1405661.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\1408423.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\1423234.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\145331.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\2208948.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\221540.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\2451.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\245708.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\2530568.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\266483.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\2883916.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\2884426.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\2884480.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\2884484.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\2896084.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\2899595.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\2899625.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\2904096.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\2904139.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\309565.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\315066.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\3255098.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\3305670.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\3316131.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\334490.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\3421493.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\3428586.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\3435572.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\3442551.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\3468061.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\346907.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\3696057.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\3708684.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\3756141.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\3783086.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\3786211.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\3847351.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\3852347.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\3867634.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\387816.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\3893180.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\3893294.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\3893466.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\3893553.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\3893642.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\390162.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\438839.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\472587.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\487168.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\515176.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\525722.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\592021.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\600583.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\625696.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\694907.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\704166.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\705216.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\706633.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\759155.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\784332.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\789954.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\790561.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\808373.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\835135.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\838614.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\845286.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\952211.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\956277.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\965273.sdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\domains.txt
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000029475
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000037639
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000066851
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\10104
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\10685
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\10807
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\10846
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\10915
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\11028
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\11213
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\11297
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\115205
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\115464
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\116280
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\116977
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\117759
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\117970
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\11891
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\118964
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\121235
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\12486
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1258
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\13035
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\130726
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1337
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\134210
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\13546
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\13562
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\13746
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1382
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\13925
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\14415
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\14435
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\144676
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1458
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\14633
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\14831
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\14837
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1491
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\150213
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\15024
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\15039
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\15040
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\15067
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1509
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\15135
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\153363
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\15473
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1551
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\155411
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\15596
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\15622
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\15623
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\15643
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\156814
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1590
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\159529
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\16087
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\16173
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\161965
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\16197
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\162722
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1643
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\164424
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\17025
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\17026
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\17040
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\17409
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\177983
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\180320
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\18314
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\18383
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\18391
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\184010
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\186521
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\18906
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\18909
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\18948
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\18970
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\19019
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\19052
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\193255
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\193409
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\194248
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\195461
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\19650
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\197434
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\197670
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\19814
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\199413
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20112
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20153
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\2021
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\202699
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20299
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20365
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20478
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20500
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20517
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20549
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20570
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\21017
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\210198
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\21034
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\21060
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\21218
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\212398
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\214525
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\21698
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\21846
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\218665
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\21889
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\22254
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\22257
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\22265
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\22458
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\22657
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\228229
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\22913
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\229154
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\23066
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\23111
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\23147
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\23149
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\23220
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\232221
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\23607
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\236679
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\237467
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\23849
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\23889
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\23923
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\241457
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\241510
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\241998
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\242410
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\24337
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\24341
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\24393
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\244605
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\24483
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\24625
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\24996
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\25043
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\25047
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\250896
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\251492
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\25266
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\253785
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\25424
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\254249
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\25469
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\25481
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\25502
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\25509
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\25735
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\25758
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26082
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26213
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26335
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26336
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26340
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26656
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26664
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26869
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26927
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\27414
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\27419
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\27503
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\27505
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\27533
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\278984
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\279564
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\28026
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\28065
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\281075
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\28207
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\28383
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\286256
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\28812
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\288733
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\29115
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\29135
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\2932
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\29425
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\29509
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\29512
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\29642
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\29671
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\300441
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\3009
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\30455
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\30604
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\30802
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\30854
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\30920
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\30925
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\30930
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\31262
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\31387
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\31537
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32122
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32148
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32171
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32209
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32260
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32276
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32290
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32293
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32326
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32377
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32418
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32541
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32639
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\33069
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\33119
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\33312
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\3338
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\33697
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\338
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\3405
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34107
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34118
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34120
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34150
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\341675
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34174
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34186
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34237
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34267
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34381
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\346498
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34831
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\348553
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34952
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35000
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35006
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35047
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\351786
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\352
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35554
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\356660
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35804
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\36072
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\36079
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\361427
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\362710
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\37081

taylorwn · 2007/12/09

Combofix log pt 2

C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\37161
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\372500
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\38123
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\386635
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\389687
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\39245
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\39280
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\39689
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\39897
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\39947
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\39972
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\39996
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\40037
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\40256
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\40260
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\403537
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\404057
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\404530
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\4078
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\40999
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41519
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41529
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41588
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41952
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41999
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\42208
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\4237
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\42372
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\42685
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\42915
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\43331
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\43384
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\436084
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\43629
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\43638
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\43807
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\43811
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\43907
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\4391
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\43979
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44228
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44229
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44293
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44303
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44313
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44323
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\4442
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44458
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44789
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44878
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\450215
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\45837
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\459052
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\46630
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\4692
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\471969
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\47371
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\475788
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\478987
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\47914
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\481176
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\49432
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\49512
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\49609
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\49627
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\50900
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\50905
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\50924
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\5112
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\51194
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\51495
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\51666
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\51824
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\51988
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\52219
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\52253
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\52335
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\523448
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\526389
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\526532
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\528235
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\53062
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\531510
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\532492
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\53310
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\53312
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\53541
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\5358
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\538263
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\53933
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\54189
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\54469
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\54473
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\5464
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\547723
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\551747
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\55725
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\55778
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\55865
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\560037
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\56113
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\56271
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\563911
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\56815
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\56894
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\5749
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\578081
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\578140
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\578150
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\578907
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\5812
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\58478
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\58804
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\58965
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\59137
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\59234
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\59287
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\59844
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\59905
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\59923
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\59987
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\604347
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6098
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\611216
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\61167
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\61194
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\61207
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\61367
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\614613
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\61779
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\61837
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6292
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6304
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\630791
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\63264
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\63770
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\63806
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64402
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64404
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64429
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64434
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64517
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64678
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64877
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6546
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6552
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6556
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6558
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6565
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\65719
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\662061
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6635
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\66493
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\66836
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\67193
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\67209
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\67215
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\67220
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\67226
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\67357
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\67491
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6751
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\67831
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\68016
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\68019
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\68021
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\68040
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\68055
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\68076
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\68248
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\68370
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\684514
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6873
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\69263
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\69325
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\69626
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\69911
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\7018
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\703336
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\70339
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\70447
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\70449
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\70463
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\704976
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\70598
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\70611
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\70650
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\70773
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\71340
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\71375
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\71542
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\715690
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\716588
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\72807
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\72846
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\72873
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\73119
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\731618
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\73282
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\73484
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\73560
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\73762
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\737665
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\73811
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\73876
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\73905
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\73922
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\741544
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\741901
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\743543
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\7440
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744475
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744742
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744775
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744786
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744805
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744881
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744884
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744934
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744959
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744984
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745017
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745024
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\74503
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745124
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745175
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745201
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745326
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745343
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745395
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745411
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745432
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745433
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745538
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745751
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\74576
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745870
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\747687
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\747716
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\747928
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\748176
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\7482
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\748329
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\748368
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\748402
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\748408
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\748745
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\748893
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\7492
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\750893
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\751230
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\751231
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\7515
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\7518
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\7521
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753267
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753306
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753315
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753317
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753323
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753324
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753326
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753327
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753328
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\76125
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\77468
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\77712
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\77924
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\78424
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\78592
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\78697
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\78788
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\78865
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\7887
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79079
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79207
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79246
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79257
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79432
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79674
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79805
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79806
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79824
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79972
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79977
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\80567
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\80576
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\80644
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\80663
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\8067
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\80670
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\81010
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\81093
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\81561
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\82183
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\82244
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\82292
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\82557
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\82646
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\83139
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\83216
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\83706
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\84369
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\8443
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\85062
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\85064
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\85182
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\85294
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\85365
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\85522
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\85547
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\86146
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\8619
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\86379
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\86587
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\86604
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\87215
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\873
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\87439
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\87555
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\87843
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\87908
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\88739
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\890
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\89075
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\89200
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\8941
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\89623
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\89853
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\90128
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\90163
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\90358
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\90453
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\92930
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93116
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\9332
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93811
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93899
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93909
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93921
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93934
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93958
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\94077
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\94246
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\94404
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\94407
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95115
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95325
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95678
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95704
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95717
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95779
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95803
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95825
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95828
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95917
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\96638
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\9665
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\96702
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\9672
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\96961
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\97134
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\97498
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\97546
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\9770
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\97716
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\97734
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\97964
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\98285

taylorwn · 2007/12/09

Combo Fix Log pt3

C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\9836
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\9859
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\99008
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\9935
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\99739
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\dynamic\ustat\f841.dat
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\btntrans.idx
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\btntrans1.dat
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\buttondir.txt
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\components.cdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\cursors.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_other.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\d_icons_weather.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\default.cdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\Default_511745-514279.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-ca.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-us.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\Default_categorize.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\Default_comparison.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-people.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\Default_favorites.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\Default_Games.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\Default_Hide.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\Default_Hotmail.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\Default_hsskin.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\Default_jemster.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\Default_jemsterie.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\Default_jemsteruk.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\Default_jobsearch.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\Default_Mails.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\Default_MobileSidewalk.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\Default_new.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\Default_premium.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\Default_reun.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\Default_ringtones.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\Default_searchfor.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\Default_searchgo.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\Default_weather.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\Default_yellowpages.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\email-t1-bg.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\icons2.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\ie_games_icon.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\ie_video.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\keywords.idx
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\keywords1.dat
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\layout.cdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\linkpathlegal.txt
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\progress.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\s_icons_buttons.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\sales_buttons.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\t2_bg.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\theweb.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\top7.cdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\Top7_theweb.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\tsd_bg.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\zango_btn.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\1\zango_ie_menu.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\btntrans.idx
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\btntrans1.dat
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\buttondir.txt
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\components.cdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\cursors.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_1000.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_2000.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_3000.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_bar.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_bbar1.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_logos.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_other.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\d_icons_weather.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\default.cdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\Default_511745-514279.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-ca.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-us.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\Default_categorize.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\Default_comparison.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-Mails.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-people.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\Default_favorites.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\Default_Games.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\Default_Hide.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\Default_hotbarcom.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\Default_Hotmail.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\Default_hsskin.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\Default_jemster.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\Default_jemsterie.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\Default_jemsteruk.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\Default_jobsearch.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\Default_Mails.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\Default_MobileSidewalk.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\Default_new.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\Default_premium.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\Default_reun.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\Default_ringtones.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\Default_searchfor.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\Default_searchgo.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\Default_weather.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\Default_yellowpages.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\email-def-511724-548964.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\email-def-511724-9595.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\email-t1-bg.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\icons2.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\ie_games_icon.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\ie_video.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\keywords.idx
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\keywords1.dat
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\layout.cdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\linkpathlegal.txt
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\progress.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\s_icons_buttons.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\sales_buttons.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\t2_bg.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\theweb.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\top7.cdf
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\Top7_theweb.mnu
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\tsd_bg.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\zango_btn.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\2\zango_ie_menu.res
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans.xip
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans1.xip
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\DownLoad\buttondir.xip
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.xip
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\DownLoad\default.xip
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\DownLoad\icons2.xip
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.xip
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.xip
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.xip
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords1.xip
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.xip
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\DownLoad\progress.xip
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\DownLoad\top7.xip
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_btn.xip
C:\Documents and Settings\shavon\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_ie_menu.xip
C:\WINDOWS\system32\capafgjm.ini
C:\WINDOWS\system32\MRT.INI

.
((((((((((((((((((((((((( Files Created from 2007-11-09 to 2007-12-09 )))))))))))))))))))))))))))))))
.

2007-12-09 10:36 . 2007-12-09 10:36 50,688 --a------ C:\ATF-Cleaner.exe
2007-12-03 17:02 . 2007-12-08 17:18 512 --a------ C:\WINDOWS\randseed.rnd
2007-12-02 20:27 . 2007-12-02 20:32 1,372 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-02 14:53 . 2007-12-02 14:53 <DIR> d-------- C:\Deckard
2007-12-02 14:46 . 2007-12-02 14:46 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\Lavasoft
2007-12-01 19:30 . 2007-12-09 10:36 <DIR> d-------- C:\HJT
2007-11-28 21:26 . 2007-11-28 21:26 <DIR> d-------- C:\Documents and Settings\shavon\Application Data\Lavasoft
2007-11-28 20:48 . 2007-11-28 20:48 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-27 21:28 . 2007-12-06 22:49 <DIR> d-------- C:\quarantine
2007-11-27 21:23 . 2007-12-05 20:34 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\Yahoo!
2007-11-27 21:05 . 2007-11-27 21:05 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2007-11-27 21:05 . 2005-01-14 20:00 108,480 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-11-27 21:05 . 2005-01-14 20:00 58,464 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys
2007-11-27 21:01 . 2007-11-27 21:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Network Associates
2007-11-27 21:00 . 2007-11-27 21:05 <DIR> d-------- C:\Program Files\Network Associates
2007-11-27 21:00 . 2007-11-27 21:01 <DIR> d-------- C:\Program Files\Common Files\Network Associates
2007-11-27 20:02 . 2007-12-02 21:37 <DIR> d--h----- C:\Documents and Settings\ADMIN\Application Data\GTek
2007-11-27 20:00 . 2006-02-15 09:48 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\Corel
2007-11-26 14:57 . 2007-11-26 15:05 20,944 --a------ C:\Documents and Settings\trey\Application Data\info.dat
2007-11-24 20:04 . 2007-11-24 20:04 <DIR> d-------- C:\Documents and Settings\trey\Application Data\acccore
2007-11-24 18:03 . 2007-11-24 18:03 <DIR> d-------- C:\Documents and Settings\shavon\Application Data\acccore
2007-11-24 13:02 . 2007-11-24 13:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-11-24 12:59 . 2007-11-24 13:06 <DIR> d-------- C:\Program Files\AIM6
2007-11-22 10:36 . 2007-11-22 12:21 20,944 --a------ C:\Documents and Settings\shavon\Application Data\info.dat
2007-11-14 19:02 . 2007-11-14 19:02 <DIR> d-------- C:\Documents and Settings\trey\Application Data\Sonic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-03 10:01 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-29 03:40 --------- d-----w C:\Program Files\BFG
2007-11-26 20:29 --------- d-----w C:\Documents and Settings\trey\Application Data\Yahoo!
2007-11-24 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-24 20:04 --------- d-----w C:\Program Files\Viewpoint
2007-11-24 20:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-24 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-24 20:00 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-15 06:47 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Yahoo!
2007-11-03 01:55 --------- d-----w C:\Program Files\LimeWire
2007-10-19 22:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2007-10-11 00:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-11 00:57 --------- d-----w C:\Program Files\McAfee
.

((((((((((((((((((((((((((((( snapshot@2007-12-02_21.24.29.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-27 10:58:11 140,288 ----a-w C:\WINDOWS\catchme.exe
+ 2007-12-08 10:32:45 141,824 ----a-w C:\WINDOWS\catchme.exe
- 2006-06-19 22:19:42 571,184 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2007-10-11 21:12:48 1,468,968 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
- 2006-09-25 23:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-10-08 21:46:18 14,640 ------w C:\WINDOWS\system32\spmsg.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 16:43]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"MsnMsgr "= "C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"MySpaceIM "= "C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 17:04]
"AdobeUpdater "= "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" []
"YSearchProtection "= "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 07:59]
"Aim6 "= "C:\Program Files\AIM6\aim6.exe" [2007-10-04 08:20]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DMXLauncher "= "C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 00:02]
"dlccmon.exe "= "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 12:03]
"Corel Photo Downloader "= "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 10:06]
"ShStatEXE "= "C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00]
"McAfeeUpdaterUI "= "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50]
"Network Associates Error Reporting Service "= "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM "= "C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 17:04]

R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8fa74731-bb14-11db-be84-000fdbe71f7c}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-12-09 17:28:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job "
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-12-08 01:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (JACKSON-shavon).job "
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\shavon\LOCALS~1\Temp\ygddlexy.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-09 10:53:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-09 10:58:29 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-09 00:23
C:\ComboFix3.txt ... 2007-12-08 22:05
.
--- E O F ---

noahdfear · 2007/12/09

Most looks great! One thing that worries me.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\shavon\LOCALS~1\Temp\ygddlexy.dll
Click to expand...

Trying to re-infect the system

Make sure you're logged onto the shavon account. Open the Task Manager to the processes tab. Select Explorer and then End Process. The desktop and taskbar will disappear.
Click File>New Task (run). Type C:\ATF-Cleaner.exe and hit enter. Make sure at least the Current User Temp is selected then click Empty selected. Exit when done.
Now close all other open windows except Task Manager. Click File>New Task (run) and type shutdown -r then hit enter to restart the computer. Logon to shavon and post back when completed so we can continue.

taylorwn · 2007/12/11

all done

Sorry I didn't reply back right away, my S.O. caught me and had me re tiling the kitchen

noahdfear · 2007/12/11

No problem. I found out that dll wasn't what it appeared, so no worries there. Skip that last set of instructions. Instead, please post a fresh dss log. I would also like you to create another with the date set to 2 months ago, then again with the date set to 4 months ago and post those as well. Run at least one of them on the shavon account.

taylorwn · 2007/12/17

HJT log Current

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:17:06 PM, on 12/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Network Associates\VirusScan\MCUPDATE.EXE
C:\Program Files\Network Associates\Common Framework\McScript_InUse.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe "
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe "
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8875 bytes

noahdfear · 2007/12/17

Hey taylorwn! Thought I'd lost ya.

Unfortunately, I wanted logs from Deckard's System Scanner with the various dates. Just want to check that we got all of the rogue files that were created prior to the time frame in which dss reports. If my suspicions are correct, we have but a few folders to clean up and then some follow-up scans till we're done.

I'm going to delete the last 2 HJT logs you posted, as they are not needed.

taylorwn · 2007/12/18

Deckard Scan 4 months

Nah, I am still here, just got tight up. Here is the 4 month scan.

Deckard's System Scanner v20071014.68
Run by shavon on 2007-08-18 20:59:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 510 MiB (512 MiB recommended).

-- HijackThis (run as shavon.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:59:11 PM, on 8/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\shavon\Desktop\dss.exe
C:\HJT\shavon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe "
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe "
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1011\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet (User '?')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1011\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1011\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1011\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9243 bytes

-- Files created between 2007-07-18 and 2007-08-18 -----------------------------

2007-12-09 11:36:27 50688 --a------ C:\ATF-Cleaner.exe <Not Verified; Atribune.org; ATF Cleaner>
2007-12-05 21:06:14 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Macromedia
2007-12-02 21:27:22 1372 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-02 15:46:13 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Lavasoft
2007-12-01 20:30:14 0 d-------- C:\HJT
2007-11-28 22:26:23 0 d-------- C:\Documents and Settings\shavon\Application Data\Lavasoft
2007-11-28 21:48:32 0 d-------- C:\Program Files\Lavasoft
2007-11-27 22:28:04 0 d-------- C:\quarantine
2007-11-27 22:23:19 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Yahoo!
2007-11-27 22:05:48 0 d-------- C:\Program Files\Common Files\Cisco Systems
2007-11-27 22:05:25 58464 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
2007-11-27 22:05:24 108480 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
2007-11-27 22:01:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Network Associates
2007-11-27 22:00:13 0 d-------- C:\Program Files\Network Associates
2007-11-27 22:00:13 0 d-------- C:\Program Files\Common Files\Network Associates
2007-11-27 21:02:44 0 d--h----- C:\Documents and Settings\ADMIN\Application Data\GTek
2007-11-27 21:00:55 0 dr------- C:\Documents and Settings\ADMIN\Favorites
2007-11-27 21:00:55 0 d-------- C:\Documents and Settings\ADMIN\Desktop
2007-11-27 21:00:55 0 d--hs---- C:\Documents and Settings\ADMIN\Cookies
2007-11-27 21:00:55 0 dr-h----- C:\Documents and Settings\ADMIN\Application Data
2007-11-27 21:00:55 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Sun
2007-11-27 21:00:55 0 d---s---- C:\Documents and Settings\ADMIN\Application Data\Microsoft
2007-11-27 21:00:55 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Identities
2007-11-27 21:00:55 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Google
2007-11-27 21:00:55 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Corel
2007-11-27 21:00:54 0 d--h----- C:\Documents and Settings\ADMIN\Templates
2007-11-27 21:00:54 0 dr------- C:\Documents and Settings\ADMIN\Start Menu
2007-11-27 21:00:54 0 dr-h----- C:\Documents and Settings\ADMIN\SendTo
2007-11-27 21:00:54 0 dr-h----- C:\Documents and Settings\ADMIN\Recent
2007-11-27 21:00:54 0 d--h----- C:\Documents and Settings\ADMIN\PrintHood
2007-11-27 21:00:54 1572864 --ah----- C:\Documents and Settings\ADMIN\NTUSER.DAT
2007-11-27 21:00:54 0 d--h----- C:\Documents and Settings\ADMIN\NetHood
2007-11-27 21:00:54 0 dr------- C:\Documents and Settings\ADMIN\My Documents
2007-11-27 21:00:54 0 d--h----- C:\Documents and Settings\ADMIN\Local Settings
2007-11-26 15:57:39 20944 --a------ C:\Documents and Settings\trey\Application Data\info.dat
2007-11-24 21:04:07 0 d-------- C:\Documents and Settings\trey\Application Data\acccore
2007-11-24 19:03:56 0 d-------- C:\Documents and Settings\shavon\Application Data\acccore
2007-11-24 14:02:05 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-11-24 13:59:15 0 d-------- C:\Program Files\AIM6
2007-11-22 11:36:52 20944 --a------ C:\Documents and Settings\shavon\Application Data\info.dat
2007-11-15 00:46:47 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2007-11-15 00:42:33 0 d-------- C:\Documents and Settings\LocalService\Application Data\Sun
2007-11-14 20:02:00 0 d-------- C:\Documents and Settings\trey\Application Data\Sonic
2007-10-18 15:24:42 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-10-07 09:15:03 0 d-------- C:\Documents and Settings\trey\Application Data\MySpace
2007-08-22 14:27:22 0 d-------- C:\Program Files\LimeWire
2007-08-03 20:22:38 0 d-------- C:\Program Files\Windows Media Connect 2
2007-08-03 20:18:50 0 d-------- C:\WINDOWS\system32\LogFiles
2007-08-03 20:18:50 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-07-28 21:20:24 0 d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-07-28 21:18:50 0 d-------- C:\Program Files\Nick Arcade

-- Find3M Report ---------------------------------------------------------------

2007-12-13 01:48:44 7728 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-13 01:48:44 152 -r-hs---- C:\WINDOWS\system32\C4A95FEE05.sys
2007-12-05 21:19:46 0 d-a------ C:\Program Files\Common Files
2007-12-03 04:01:05 0 d-------- C:\Program Files\Windows Live Toolbar
2007-11-28 22:50:25 0 d-------- C:\Program Files\MSN Gaming Zone
2007-11-28 21:40:45 0 d-------- C:\Program Files\BFG
2007-11-24 14:04:00 0 d-------- C:\Program Files\Viewpoint
2007-11-24 14:00:05 0 d-------- C:\Program Files\Common Files\AOL
2007-10-10 18:57:40 0 d-------- C:\Program Files\McAfee
2007-10-06 19:52:54 0 d-------- C:\Program Files\MySpace
2007-09-25 16:48:15 0 d-------- C:\Documents and Settings\shavon\Application Data\Yahoo!
2007-09-25 09:32:20 0 d-------- C:\Program Files\Yahoo!
2007-07-28 21:20:24 0 d-------- C:\Documents and Settings\shavon\Application Data\PlayFirst

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DMXLauncher "= "C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [01/27/2005 01:02 AM]
"dlccmon.exe "= "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [07/22/2005 01:03 PM]
"Corel Photo Downloader "= "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [08/31/2005 11:06 AM]
"ShStatEXE "= "C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [09/22/2004 09:00 PM]
"McAfeeUpdaterUI "= "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [08/06/2004 04:50 AM]
"Network Associates Error Reporting Service "= "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [10/07/2003 10:48 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"MsnMsgr "= "C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"MySpaceIM "= "C:\Program Files\MySpace\IM\MySpaceIM.exe" [08/13/2007 06:04 PM]
"AdobeUpdater "= "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" []
"YSearchProtection "= "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 08:59 AM]
"Aim6 "=" " []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM "=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8fa74731-bb14-11db-be84-000fdbe71f7c}]
AutoRun\command- E:\LaunchU3.exe -a

-- End of Deckard's System Scanner: finished at 2007-08-18 20:59:44 ------------

taylorwn · 2007/12/18

Deckard 2 month Scan

Deckard's System Scanner v20071014.68
Run by shavon on 2007-10-18 20:57:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 510 MiB (512 MiB recommended).

-- HijackThis (run as shavon.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:57:36 PM, on 10/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\shavon\Desktop\dss.exe
C:\HJT\shavon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe "
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe "
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1011\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet (User '?')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1011\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1011\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1011\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9244 bytes

-- Files created between 2007-09-18 and 2007-10-18 -----------------------------

2007-12-09 11:36:27 50688 --a------ C:\ATF-Cleaner.exe <Not Verified; Atribune.org; ATF Cleaner>
2007-12-05 21:06:14 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Macromedia
2007-12-02 21:27:22 1372 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-02 15:46:13 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Lavasoft
2007-12-01 20:30:14 0 d-------- C:\HJT
2007-11-28 22:26:23 0 d-------- C:\Documents and Settings\shavon\Application Data\Lavasoft
2007-11-28 21:48:32 0 d-------- C:\Program Files\Lavasoft
2007-11-27 22:28:04 0 d-------- C:\quarantine
2007-11-27 22:23:19 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Yahoo!
2007-11-27 22:05:48 0 d-------- C:\Program Files\Common Files\Cisco Systems
2007-11-27 22:05:25 58464 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
2007-11-27 22:05:24 108480 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
2007-11-27 22:01:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Network Associates
2007-11-27 22:00:13 0 d-------- C:\Program Files\Network Associates
2007-11-27 22:00:13 0 d-------- C:\Program Files\Common Files\Network Associates
2007-11-27 21:02:44 0 d--h----- C:\Documents and Settings\ADMIN\Application Data\GTek
2007-11-27 21:00:55 0 dr------- C:\Documents and Settings\ADMIN\Favorites
2007-11-27 21:00:55 0 d-------- C:\Documents and Settings\ADMIN\Desktop
2007-11-27 21:00:55 0 d--hs---- C:\Documents and Settings\ADMIN\Cookies
2007-11-27 21:00:55 0 dr-h----- C:\Documents and Settings\ADMIN\Application Data
2007-11-27 21:00:55 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Sun
2007-11-27 21:00:55 0 d---s---- C:\Documents and Settings\ADMIN\Application Data\Microsoft
2007-11-27 21:00:55 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Identities
2007-11-27 21:00:55 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Google
2007-11-27 21:00:55 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Corel
2007-11-27 21:00:54 0 d--h----- C:\Documents and Settings\ADMIN\Templates
2007-11-27 21:00:54 0 dr------- C:\Documents and Settings\ADMIN\Start Menu
2007-11-27 21:00:54 0 dr-h----- C:\Documents and Settings\ADMIN\SendTo
2007-11-27 21:00:54 0 dr-h----- C:\Documents and Settings\ADMIN\Recent
2007-11-27 21:00:54 0 d--h----- C:\Documents and Settings\ADMIN\PrintHood
2007-11-27 21:00:54 1572864 --ah----- C:\Documents and Settings\ADMIN\NTUSER.DAT
2007-11-27 21:00:54 0 d--h----- C:\Documents and Settings\ADMIN\NetHood
2007-11-27 21:00:54 0 dr------- C:\Documents and Settings\ADMIN\My Documents
2007-11-27 21:00:54 0 d--h----- C:\Documents and Settings\ADMIN\Local Settings
2007-11-26 15:57:39 20944 --a------ C:\Documents and Settings\trey\Application Data\info.dat
2007-11-24 21:04:07 0 d-------- C:\Documents and Settings\trey\Application Data\acccore
2007-11-24 19:03:56 0 d-------- C:\Documents and Settings\shavon\Application Data\acccore
2007-11-24 14:02:05 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-11-24 13:59:15 0 d-------- C:\Program Files\AIM6
2007-11-22 11:36:52 20944 --a------ C:\Documents and Settings\shavon\Application Data\info.dat
2007-11-15 00:46:47 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2007-11-15 00:42:33 0 d-------- C:\Documents and Settings\LocalService\Application Data\Sun
2007-11-14 20:02:00 0 d-------- C:\Documents and Settings\trey\Application Data\Sonic
2007-10-18 15:24:42 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-10-07 09:15:03 0 d-------- C:\Documents and Settings\trey\Application Data\MySpace

-- Find3M Report ---------------------------------------------------------------

2007-12-13 01:48:44 7728 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-13 01:48:44 152 -r-hs---- C:\WINDOWS\system32\C4A95FEE05.sys
2007-12-05 21:19:46 0 d-a------ C:\Program Files\Common Files
2007-12-03 04:01:05 0 d-------- C:\Program Files\Windows Live Toolbar
2007-11-28 22:50:25 0 d-------- C:\Program Files\MSN Gaming Zone
2007-11-28 21:40:45 0 d-------- C:\Program Files\BFG
2007-11-24 14:04:00 0 d-------- C:\Program Files\Viewpoint
2007-11-24 14:00:05 0 d-------- C:\Program Files\Common Files\AOL
2007-11-02 19:55:05 0 d-------- C:\Program Files\LimeWire
2007-10-10 18:57:40 0 d-------- C:\Program Files\McAfee
2007-10-06 19:52:54 0 d-------- C:\Program Files\MySpace
2007-09-25 16:48:15 0 d-------- C:\Documents and Settings\shavon\Application Data\Yahoo!
2007-09-25 09:32:20 0 d-------- C:\Program Files\Yahoo!
2007-08-21 10:46:03 0 d-------- C:\Program Files\Nick Arcade

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DMXLauncher "= "C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [01/27/2005 01:02 AM]
"dlccmon.exe "= "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [07/22/2005 01:03 PM]
"Corel Photo Downloader "= "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [08/31/2005 11:06 AM]
"ShStatEXE "= "C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [09/22/2004 09:00 PM]
"McAfeeUpdaterUI "= "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [08/06/2004 04:50 AM]
"Network Associates Error Reporting Service "= "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [10/07/2003 10:48 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"MsnMsgr "= "C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"MySpaceIM "= "C:\Program Files\MySpace\IM\MySpaceIM.exe" [08/13/2007 06:04 PM]
"AdobeUpdater "= "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" []
"YSearchProtection "= "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 08:59 AM]
"Aim6 "=" " []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM "=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8fa74731-bb14-11db-be84-000fdbe71f7c}]
AutoRun\command- E:\LaunchU3.exe -a

-- End of Deckard's System Scanner: finished at 2007-10-18 20:58:13 ------------

taylorwn · 2007/12/18

Current Date Deckard Scan Log

Deckard's System Scanner v20071014.68
Run by shavon on 2007-12-18 20:54:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 510 MiB (512 MiB recommended).

-- HijackThis (run as shavon.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:54:54 PM, on 12/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM6\aolsoftware.exe
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Documents and Settings\shavon\Desktop\dss.exe
C:\HJT\shavon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe "
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe "
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1011\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet (User '?')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1011\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1011\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-644677615-402811934-832113696-1011\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9387 bytes

-- Files created between 2007-11-18 and 2007-12-18 -----------------------------

2007-12-09 10:36:27 50688 --a------ C:\ATF-Cleaner.exe <Not Verified; Atribune.org; ATF Cleaner>
2007-12-05 20:06:14 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Macromedia
2007-12-02 20:27:22 1372 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-02 14:46:13 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Lavasoft
2007-12-01 19:30:14 0 d-------- C:\HJT
2007-11-28 21:26:23 0 d-------- C:\Documents and Settings\shavon\Application Data\Lavasoft
2007-11-28 20:48:32 0 d-------- C:\Program Files\Lavasoft
2007-11-27 21:28:04 0 d-------- C:\quarantine
2007-11-27 21:23:19 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Yahoo!
2007-11-27 21:05:48 0 d-------- C:\Program Files\Common Files\Cisco Systems
2007-11-27 21:05:25 58464 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
2007-11-27 21:05:24 108480 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
2007-11-27 21:01:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Network Associates
2007-11-27 21:00:13 0 d-------- C:\Program Files\Network Associates
2007-11-27 21:00:13 0 d-------- C:\Program Files\Common Files\Network Associates
2007-11-27 20:02:44 0 d--h----- C:\Documents and Settings\ADMIN\Application Data\GTek
2007-11-27 20:00:55 0 dr------- C:\Documents and Settings\ADMIN\Favorites
2007-11-27 20:00:55 0 d-------- C:\Documents and Settings\ADMIN\Desktop
2007-11-27 20:00:55 0 d--hs---- C:\Documents and Settings\ADMIN\Cookies
2007-11-27 20:00:55 0 dr-h----- C:\Documents and Settings\ADMIN\Application Data
2007-11-27 20:00:55 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Sun
2007-11-27 20:00:55 0 d---s---- C:\Documents and Settings\ADMIN\Application Data\Microsoft
2007-11-27 20:00:55 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Identities
2007-11-27 20:00:55 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Google
2007-11-27 20:00:55 0 d-------- C:\Documents and Settings\ADMIN\Application Data\Corel
2007-11-27 20:00:54 0 d--h----- C:\Documents and Settings\ADMIN\Templates
2007-11-27 20:00:54 0 dr------- C:\Documents and Settings\ADMIN\Start Menu
2007-11-27 20:00:54 0 dr-h----- C:\Documents and Settings\ADMIN\SendTo
2007-11-27 20:00:54 0 dr-h----- C:\Documents and Settings\ADMIN\Recent
2007-11-27 20:00:54 0 d--h----- C:\Documents and Settings\ADMIN\PrintHood
2007-11-27 20:00:54 1572864 --ah----- C:\Documents and Settings\ADMIN\NTUSER.DAT
2007-11-27 20:00:54 0 d--h----- C:\Documents and Settings\ADMIN\NetHood
2007-11-27 20:00:54 0 dr------- C:\Documents and Settings\ADMIN\My Documents
2007-11-27 20:00:54 0 d--h----- C:\Documents and Settings\ADMIN\Local Settings
2007-11-26 14:57:39 20944 --a------ C:\Documents and Settings\trey\Application Data\info.dat
2007-11-24 20:04:07 0 d-------- C:\Documents and Settings\trey\Application Data\acccore
2007-11-24 18:03:56 0 d-------- C:\Documents and Settings\shavon\Application Data\acccore
2007-11-24 13:02:05 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-11-24 12:59:15 0 d-------- C:\Program Files\AIM6
2007-11-22 10:36:52 20944 --a------ C:\Documents and Settings\shavon\Application Data\info.dat

-- Find3M Report ---------------------------------------------------------------

2007-12-13 00:48:44 7728 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-13 00:48:44 152 -r-hs---- C:\WINDOWS\system32\C4A95FEE05.sys
2007-12-05 20:19:46 0 d-a------ C:\Program Files\Common Files
2007-12-03 03:01:05 0 d-------- C:\Program Files\Windows Live Toolbar
2007-11-28 21:50:25 0 d-------- C:\Program Files\MSN Gaming Zone
2007-11-28 20:40:45 0 d-------- C:\Program Files\BFG
2007-11-24 13:04:00 0 d-------- C:\Program Files\Viewpoint
2007-11-24 13:00:05 0 d-------- C:\Program Files\Common Files\AOL
2007-11-02 18:55:05 0 d-------- C:\Program Files\LimeWire

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DMXLauncher "= "C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [01/27/2005 12:02 AM]
"dlccmon.exe "= "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [07/22/2005 12:03 PM]
"Corel Photo Downloader "= "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [08/31/2005 10:06 AM]
"ShStatEXE "= "C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [09/22/2004 08:00 PM]
"McAfeeUpdaterUI "= "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [08/06/2004 03:50 AM]
"Network Associates Error Reporting Service "= "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [10/07/2003 09:48 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 04:43 PM]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 AM]
"MsnMsgr "= "C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM]
"MySpaceIM "= "C:\Program Files\MySpace\IM\MySpaceIM.exe" [08/13/2007 05:04 PM]
"AdobeUpdater "= "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" []
"YSearchProtection "= "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 07:59 AM]
"Aim6 "=" " []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM "=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8fa74731-bb14-11db-be84-000fdbe71f7c}]
AutoRun\command- E:\LaunchU3.exe -a

-- End of Deckard's System Scanner: finished at 2007-12-18 20:55:25 ------------

noahdfear · 2007/12/18

Looks great!

Please download 1 more updated ComboFix by sUBs from here, saving the file to your desktop. Double click ComboFix to start it and when it gets to the disclaimer screen, choose option 2 to exit the tool. This will properly cleanup the files and folders created by ComboFix, as well as the files it quarantined. Please make sure all copies of ComboFix.exe are removed from the computer.

You can now remove dss.exe and the C:\Deckard folder (if present) as well.

Run ATF Cleaner 1 more time.

Lets run an online scan now. Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:

Once the files have been downloaded click on NEXT

Now click on Scan Settings

In the scan settings make that the following are selected:

Scan using the following Anti-Virus database:

Extended (if available otherwise Standard)

Scan Options:

Scan Archives
Scan Mail Bases

Click OK

Now under select a target to scan:

Select My Computer

This will program will start and scan your system.

The scan will take a while so be patient and let it run.

Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Save the file to your desktop.

Post the Kaspersky log here please. Let me know how the computer is behaving now.

taylorwn · 2007/12/24

It is working great!

I just wanted to thank you once again for all your help. I have been out of practice so long that I would not have been able to do with your your help.

noahdfear · 2007/12/24

That's good news! You're most welcome.

Did you run the online Kaspersky scan as suggested?

taylorwn · 2007/12/24

online Kaspersky and another problem

Yes, I did run it but I forgot to save the log. Also, the owners profile [Carrie] is still missing the control panel I will re-run Kaspersky online.

Log in or Sign up

[Me Too] XP Pro Hacked: Lost Admin rights on User Account!

noahdfear Inactive

taylorwn Inactive Thread Starter

taylorwn Inactive Thread Starter

taylorwn Inactive Thread Starter

noahdfear Inactive

taylorwn Inactive Thread Starter

taylorwn Inactive Thread Starter

taylorwn Inactive Thread Starter

noahdfear Inactive

taylorwn Inactive Thread Starter

noahdfear Inactive

taylorwn Inactive Thread Starter

noahdfear Inactive

taylorwn Inactive Thread Starter

taylorwn Inactive Thread Starter

taylorwn Inactive Thread Starter

noahdfear Inactive

taylorwn Inactive Thread Starter

noahdfear Inactive

taylorwn Inactive Thread Starter

Share This Page

Log in or Sign up

[Me Too] XP Pro Hacked: Lost Admin rights on User Account!

noahdfear Inactive

taylorwn Inactive Thread Starter

taylorwn Inactive Thread Starter

taylorwn Inactive Thread Starter

noahdfear Inactive

taylorwn Inactive Thread Starter

taylorwn Inactive Thread Starter

taylorwn Inactive Thread Starter

noahdfear Inactive

taylorwn Inactive Thread Starter

noahdfear Inactive

taylorwn Inactive Thread Starter

noahdfear Inactive

taylorwn Inactive Thread Starter

taylorwn Inactive Thread Starter

taylorwn Inactive Thread Starter

noahdfear Inactive

taylorwn Inactive Thread Starter

noahdfear Inactive

taylorwn Inactive Thread Starter

Share This Page

Useful Searches