Solved AVG found IRC/BackDoor.Flood

[Resolved]AVG found IRC/BackDoor.Flood

Our ISP sent us a message saying it thought we might be sending out spam unintentially due to a large amount of email coming from our computer. I ran AVG virus scan and it found two items. The first was filename script.ini and the result/infection was Virus found IRC/BackDoor.Flood and the path was C:\WINDOWS\System\Script.ini. The second item was filename ati3aexx.sys and the result/infection was Trojan horse BackDoor.Agent.zce and the path was C:\WINNT\system32\drivers\ati3aexx.sys. It was able to delete the second item but not the first. When I right click on the script.ini item in AVG my choices are to heal it or move it to the virus vault. I tried healing it and got an error message. I didn't try moving it to the virus vault because I wasn't sure what that meant.

Any advice will be appreciated. Below is the results from the dds scan requested.


DDS (Ver_09-02-01.01) - NTFSx86
Run by Owner at 19:37:13.29 on Mon 03/02/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.184 [GMT -5:00]

AV: AVG 7.5.552 *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\WINNT\System32\svchost.exe -k netsvcs
C:\WINNT\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Documents and Settings\Owner\Desktop\CDTrayPalN\cdtray.exe
C:\WINNT\system32\WDBtnMgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINNT\System32\rs32net.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINNT\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINNT\System32\rs32net.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINNT\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\svchost.exe -k hpdevmgmt
C:\Program Files\iWin Games\iWinGamesInstaller.exe
C:\WINNT\System32\svchost.exe -k HPZ12
C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
C:\WINNT\System32\svchost.exe -k HPZ12
C:\PROGRA~1\Webshots\Webshots.scr
C:\WINNT\system32\slserv.exe
C:\WINNT\System32\svchost.exe -k imgsvc
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
C:\WINNT\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://portal.wowway.net/index.php
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.net/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.0.1225.9868\swg.dll
TB: Webshots Toolbar: {c17590d2-ecb4-4b15-8820-f58798dcc118} - c:\program files\webshots\WSToolbar4IE.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
uRun: [<NO NAME>]
uRun: [ATI Launchpad]
uRun: [ATI Remote Control] c:\program files\ati multimedia\remctrl\ATIRW.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe "
uRun: [rs32net] c:\winnt\system32\rs32net.exe
uRunOnce: [SWHelper] "c:\winnt\system32\macromed\shockwave 10\PostUpdate.exe" 1014020
mRun: [IgfxTray] c:\winnt\system32\igfxtray.exe
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe "
mRun: [HotKeysCmds] c:\winnt\system32\hkcmd.exe
mRun: [<NO NAME>]
mRun: [ATI DeviceDetect] c:\program files\ati multimedia\main\ATIDtct.EXE
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [AVG7_CC] c:\progra~1\grisoft\avgfre~1\avgcc.exe /STARTUP
mRun: [CDTrayPal] c:\documents and settings\owner\desktop\cdtraypaln\cdtray.exe
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [PhotoExplosionCalCheck] c:\program files\nova development\photo explosion deluxe 3.0\calcheck.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [rs32net] c:\winnt\system32\rs32net.exe
dRun: [Nszzgvi] c:\winnt\system32\w?crtupd.exe
dRun: [Ltho] c:\program files\sder\dees.exe
dRun: [AVG7_Run] c:\progra~1\grisoft\avgfre~1\avgw.exe /RUNONCE
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\mysurv~1.lnk - c:\program files\mysurvey messenger\MySurveyMessenger.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdanyw~1.lnk - c:\winnt\installer\{649c4b1a-6a76-499a-9aec-0c9530fa7d2c}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe
IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm
IE: &Webshots Photo Search - c:\program files\webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: MyPoints - file://c:\program files\mypoints_pointalert\sy800\tp800\scri800a.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
Trusted Zone: advancerx.com
DPF: ChatSpace Full Java Client 3.1.0.229 - hxxp://64.55.105.205/Java/cfs31229.cab
DPF: DirectAnimation Java Classes - file://c:\i386\DAJAVA.CAB
DPF: Microsoft XML Parser for Java - file://c:\i386\XMLDSO.CAB
DPF: Yahoo! Bingo - hxxp://download2.games.yahoo.com/games/clients/y/xt0_x.cab
DPF: Yahoo! Chat - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15009/CTSUEng.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB
DPF: {0F04992B-E661-4DB9-B223-903AB628225D} - file://c:\program files\gateway\do more\DoMoreRunExe.CAB
DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} - hxxp://www1.snapfish.com/SnapfishOutlookImport.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Slingo%20Quest%20Hawaii/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://www.playfirst.com/play/game/trijinx/trijinx.cab
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxp://web-student-3.udayton.edu/iNotes6W.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.snapfish.com/SnapfishActivia.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
DPF: {4FA3D392-9349-4D85-8FB9-18733534CFE3} - hxxp://www.spybouncer.com/downloader/gdownloader.ocx
DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} - hxxps://www.webiqonline.com/WebIQ/bin/WebIQ.cab
DPF: {511073AD-BE56-4D43-AE68-93390514385E} - file://c:\program files\gateway\helpspot\TechTools.CAB
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} - hxxp://www.webshots.com/samplers/WSDownloader.ocx
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} - hxxp://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.53.cab
DPF: {64CEA9F9-7116-4ECA-A905-FA3EA28BD0FE} - hxxp://www.tripadvisor.com/cab/wabparser.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202843377078
DPF: {7142BA01-8BDF-11CF-9E23-0000E8A37440} - hxxp://admission.udayton.edu//VirTour/svideo.cab
DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} - file://c:\program files\gateway\helpspot\RunExeActiveX.CAB
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://www.shockwave.com/content/tumblebugs/axhost.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - hxxp://a14.g.akamai.net/f/14/7141/1d/www.nielsennetpanel.com/netmeter4_6/NetMeter_preinstaller_activex_en_4.60.38.0_MEGAPANEL_USA.cab
DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} - hxxp://support.gateway.com/eSupport/static/weblaunch/weblaunch.cab
DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/1452/ftp.coupons.com/r3302/cpbrkpie.cab
DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxps://support.gateway.com/support/serialharvest/gwCID.CAB
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37865.5665625
DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} - hxxp://community.webshots.com/html/WSPhotoUploader.CAB
DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - hxxp://install.wildtangent.com/bgn/partners/shockwave/honeycombs/install.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - hxxp://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Lottery%20Ticket/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - hxxp://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://www.shockwave.com/content/cinematycoon/cinematycoon.cab
DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} - hxxp://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://www.playfirst.com/play/game/dinerdash/dinerdash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/chuzzle/popcaploader_v6.cab
DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} - hxxp://www.playfirst.com/play/game/weddingdash/WeddingDash.1.0.0.44.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15010/CTPID.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll
SEH: CShellExecuteHookImpl Object: {54d9498b-cf93-414f-8984-8ce7fde0d391} - c:\program files\ewido anti-malware\shellhook.dll

============= SERVICES / DRIVERS ===============

R0 ati0ydxx;ati0ydxx;c:\winnt\system32\drivers\ati0ydxx.sys [2009-3-2 32768]
R1 ATMhelpr;ATMhelpr;c:\winnt\system32\drivers\ATMHELPR.SYS [2003-8-31 4064]
R1 Avg7Core;AVG7 Kernel;c:\winnt\system32\drivers\avg7core.sys [2006-5-23 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\winnt\system32\drivers\avg7rsw.sys [2005-12-16 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;c:\winnt\system32\drivers\avg7rsxp.sys [2006-3-14 27776]
R1 AvgClean;AVG7 Clean Driver;c:\winnt\system32\drivers\avgclean.sys [2006-11-17 10760]
R1 KLIF;KLIF;c:\winnt\system32\drivers\klif.sys [2009-1-19 127768]
R1 vsdatant;vsdatant;c:\winnt\system32\vsdatant.sys [2004-5-7 394952]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avgfre~1\avgamsvr.exe [2005-12-16 418816]
R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avgfre~1\avgupsvc.exe [2005-12-16 49664]
R2 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avgfre~1\avgemc.exe [2005-12-16 406528]
R2 AvgTdi;AVG Network Redirector;c:\winnt\system32\drivers\avgtdi.sys [2005-12-16 4960]
R2 ewido security suite control;ewido security suite control;c:\program files\ewido anti-malware\ewidoctrl.exe [2005-11-30 13888]
R2 iWinGamesInstaller;iWinGamesInstaller;c:\program files\iwin games\iWinGamesInstaller.exe [2008-9-9 78104]
R3 DCamUSB20;AVerDVD EZMaker USB 2.0 Video Capture;c:\winnt\system32\drivers\CsMini20.sys [2003-3-18 46248]
S0 ati0vaxx;ati0vaxx;c:\winnt\system32\drivers\ati0vaxx.sys --> c:\winnt\system32\drivers\ati0vaxx.sys [?]
S0 ati3aexx;ati3aexx;c:\winnt\system32\drivers\ati3aexx.sys --> c:\winnt\system32\drivers\ati3aexx.sys [?]
S3 Boonty Games;Boonty Games;c:\program files\common files\boonty shared\service\Boonty.exe [2006-5-12 69120]
S3 kbeepm;kbeepm;\??\c:\docume~1\owner\locals~1\temp\kbeepm.sys --> c:\docume~1\owner\locals~1\temp\kbeepm.sys [?]
S3 PCDRDRV;Pcdr Helper Driver; [x]

=============== Created Last 30 ================

2009-03-02 13:12 32,768 a------- c:\winnt\system32\drivers\ati0ydxx.sys
2009-03-02 12:37 23,552 a------- c:\winnt\system32\rs32net.exe
2009-02-28 14:45 <DIR> --d----- c:\program files\Farm Frenzy
2009-02-28 06:00 <DIR> --d----- C:\GameHouse Games
2009-02-27 05:45 <DIR> --d----- c:\program files\Build-a-lot 2 - Town of the Year
2009-02-24 08:13 <DIR> --d----- c:\docume~1\owner\applic~1\blg
2009-02-24 08:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\blg
2009-02-21 22:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Big Fish Games Vancouver
2009-02-21 22:37 <DIR> --d----- c:\program files\Unwell Mel
2009-02-19 14:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FarmFrenzy-PizzaParty
2009-02-15 07:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Lifetime
2009-02-09 19:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AlawarWrapper
2009-02-08 13:32 <DIR> --d----- C:\WINDOWS
2009-02-07 05:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Alawar Stargaze
2009-02-07 05:47 <DIR> --d----- c:\program files\Fashion Season
2009-02-04 07:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GameHouse
2009-02-03 11:48 <DIR> --d----- c:\program files\Shop-n-Spree

==================== Find3M ====================

2009-03-02 15:56 462,296 a--sh--- c:\winnt\system32\drivers\fidbox.idx
2009-03-02 15:56 41,412,640 a--sh--- c:\winnt\system32\drivers\fidbox.dat
2009-01-19 18:19 4,212 ----h--- c:\winnt\system32\zllictbl.dat
2009-01-16 21:35 3,594,752 a------- c:\winnt\system32\dllcache\mshtml.dll
2008-12-25 21:06 89,435 a------- c:\winnt\pchealth\helpctr\offlinecache\index.dat
2008-12-19 04:10 70,656 -------- c:\winnt\system32\dllcache\ie4uinit.exe
2008-12-19 04:10 13,824 -------- c:\winnt\system32\dllcache\ieudinit.exe
2008-12-19 00:25 634,024 a------- c:\winnt\system32\dllcache\iexplore.exe
2008-12-19 00:23 161,792 a------- c:\winnt\system32\dllcache\ieakui.dll
2008-12-11 05:57 333,952 -------- c:\winnt\system32\dllcache\srv.sys
2008-03-02 07:53 0 a------- c:\program files\temp01
2007-10-09 19:01 76,720 a------- c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT
2006-06-05 11:19 311 a------- c:\docume~1\owner\applic~1\bbbconfig.dat
2006-01-23 08:31 774,144 a------- c:\program files\RngInterstitial.dll
2005-04-19 14:47 280,064 a------- c:\docume~1\owner\applic~1\tizhook.bin
2005-04-19 14:47 152,804 a------- c:\docume~1\owner\applic~1\tizupd.bin

============= FINISH: 19:39:48.14 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/16/2003 2:13:06 PM
System Uptime: 3/2/2009 3:57:08 PM (4 hours ago)

Motherboard: Intel Corporation | | D845GVSR
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | J2E1 | 2399/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 190 GiB total, 41.244 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 37 GiB total, 17.722 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) 82845G/GL/GE/PE/GV Graphics Controller
Device ID: PCI\VEN_8086&DEV_2562&SUBSYS_2010107B&REV_03\3&267A616A&0&10
Manufacturer: Intel Corporation
Name: Intel(R) 82845G/GL/GE/PE/GV Graphics Controller
PNP Device ID: PCI\VEN_8086&DEV_2562&SUBSYS_2010107B&REV_03\3&267A616A&0&10
Service: ialm

==== System Restore Points ===================

RP991: 12/3/2008 2:37:33 PM - System Checkpoint
RP992: 12/4/2008 2:56:50 PM - System Checkpoint
RP993: 12/5/2008 3:50:52 PM - System Checkpoint
RP994: 12/6/2008 4:36:02 PM - System Checkpoint
RP995: 12/7/2008 5:12:45 PM - System Checkpoint
RP996: 12/8/2008 5:57:11 PM - System Checkpoint
RP997: 12/9/2008 6:04:13 PM - System Checkpoint
RP998: 12/10/2008 6:28:12 PM - System Checkpoint
RP999: 12/11/2008 3:56:37 PM - Software Distribution Service 3.0
RP1000: 12/12/2008 12:15:30 PM - Software Distribution Service 3.0
RP1001: 12/13/2008 12:29:42 PM - System Checkpoint
RP1002: 12/14/2008 12:42:22 PM - System Checkpoint
RP1003: 12/15/2008 1:27:12 PM - System Checkpoint
RP1004: 12/16/2008 1:39:06 PM - System Checkpoint
RP1005: 12/17/2008 1:46:14 PM - System Checkpoint
RP1006: 12/17/2008 10:23:10 PM - Software Distribution Service 3.0
RP1007: 12/18/2008 11:15:58 PM - System Checkpoint
RP1008: 12/20/2008 12:25:37 AM - System Checkpoint
RP1009: 12/21/2008 6:07:20 AM - System Checkpoint
RP1010: 12/22/2008 6:30:51 AM - System Checkpoint
RP1011: 12/23/2008 7:32:11 AM - System Checkpoint
RP1012: 12/24/2008 8:16:49 AM - System Checkpoint
RP1013: 12/25/2008 10:20:18 AM - System Checkpoint
RP1014: 12/25/2008 7:44:11 PM - Software Distribution Service 3.0
RP1015: 12/25/2008 8:18:34 PM - pre service pack 3
RP1016: 12/25/2008 8:19:46 PM - Software Distribution Service 3.0
RP1017: 12/26/2008 10:15:33 AM - Software Distribution Service 3.0
RP1018: 12/27/2008 10:30:53 AM - System Checkpoint
RP1019: 12/28/2008 9:14:45 AM - Installed Photo Explosion Deluxe 3.0.
RP1020: 12/29/2008 9:23:40 AM - System Checkpoint
RP1021: 12/30/2008 9:50:26 AM - System Checkpoint
RP1022: 12/31/2008 10:17:18 AM - System Checkpoint
RP1023: 1/1/2009 11:09:46 AM - System Checkpoint
RP1024: 1/2/2009 12:00:44 PM - System Checkpoint
RP1025: 1/3/2009 12:43:50 PM - System Checkpoint
RP1026: 1/4/2009 1:36:18 PM - System Checkpoint
RP1027: 1/5/2009 2:17:15 PM - System Checkpoint
RP1028: 1/6/2009 2:23:54 PM - System Checkpoint
RP1029: 1/7/2009 3:09:18 PM - System Checkpoint
RP1030: 1/8/2009 6:07:01 PM - System Checkpoint
RP1031: 1/9/2009 6:53:09 PM - System Checkpoint
RP1032: 1/10/2009 7:09:44 PM - System Checkpoint
RP1033: 1/11/2009 9:31:57 PM - System Checkpoint
RP1034: 1/12/2009 10:56:04 PM - System Checkpoint
RP1035: 1/13/2009 11:35:19 PM - System Checkpoint
RP1036: 1/14/2009 11:45:54 PM - System Checkpoint
RP1037: 1/15/2009 12:36:35 PM - Software Distribution Service 3.0
RP1038: 1/16/2009 12:54:09 PM - System Checkpoint
RP1039: 1/17/2009 1:05:06 PM - System Checkpoint
RP1040: 1/18/2009 1:58:28 PM - System Checkpoint
RP1041: 1/19/2009 2:09:03 PM - System Checkpoint
RP1042: 1/20/2009 2:40:06 PM - System Checkpoint
RP1043: 1/21/2009 2:43:43 PM - System Checkpoint
RP1044: 1/22/2009 2:47:24 PM - System Checkpoint
RP1045: 1/23/2009 5:57:41 PM - System Checkpoint
RP1046: 1/24/2009 9:55:53 PM - System Checkpoint
RP1047: 1/25/2009 11:17:24 PM - System Checkpoint
RP1048: 1/26/2009 11:45:47 PM - System Checkpoint
RP1049: 1/28/2009 12:27:25 AM - System Checkpoint
RP1050: 1/29/2009 1:10:57 AM - System Checkpoint
RP1051: 1/30/2009 1:50:39 AM - System Checkpoint
RP1052: 1/31/2009 2:35:32 AM - System Checkpoint
RP1053: 2/1/2009 2:51:21 AM - System Checkpoint
RP1054: 2/2/2009 3:01:10 AM - System Checkpoint
RP1055: 2/3/2009 3:59:54 AM - System Checkpoint
RP1056: 2/4/2009 4:47:15 AM - System Checkpoint
RP1057: 2/5/2009 4:52:59 AM - System Checkpoint
RP1058: 2/6/2009 6:11:04 AM - System Checkpoint
RP1059: 2/7/2009 7:45:16 AM - System Checkpoint
RP1060: 2/8/2009 8:38:42 AM - System Checkpoint
RP1061: 2/9/2009 10:41:27 AM - System Checkpoint
RP1062: 2/10/2009 11:34:10 AM - System Checkpoint
RP1063: 2/11/2009 12:46:58 PM - System Checkpoint
RP1064: 2/12/2009 1:22:09 PM - System Checkpoint
RP1065: 2/13/2009 2:20:27 PM - System Checkpoint
RP1066: 2/14/2009 3:43:18 PM - System Checkpoint
RP1067: 2/15/2009 6:33:06 AM - Software Distribution Service 3.0
RP1068: 2/16/2009 8:41:56 AM - System Checkpoint
RP1069: 2/17/2009 9:20:26 AM - System Checkpoint
RP1070: 2/17/2009 8:17:12 PM - pre burner uninstall
RP1071: 2/17/2009 9:21:14 PM - Installed HP Product Assistant
RP1072: 2/17/2009 9:22:24 PM - Removed HPSU306Stub
RP1073: 2/17/2009 9:22:33 PM - Removed HP Update
RP1074: 2/17/2009 9:22:51 PM - Installed HP Update
RP1075: 2/18/2009 9:39:04 PM - System Checkpoint
RP1076: 2/21/2009 8:24:37 AM - System Checkpoint
RP1077: 2/22/2009 9:00:57 AM - System Checkpoint
RP1078: 2/23/2009 9:14:43 AM - System Checkpoint
RP1079: 2/24/2009 9:45:04 AM - System Checkpoint
RP1080: 2/25/2009 11:20:13 AM - System Checkpoint
RP1081: 2/26/2009 12:04:03 PM - System Checkpoint
RP1082: 2/27/2009 12:59:03 AM - Software Distribution Service 3.0
RP1083: 2/28/2009 7:51:27 AM - System Checkpoint
RP1084: 3/1/2009 2:39:22 PM - System Checkpoint

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
ABBYY FineReader 5.0 Sprint
ACTive Prep
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe PhotoDeluxe Home Edition 3.1
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player
Adobe Type Manager 4.0
AIM Toolbar
AIO_Scan
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression
ATI - Software Uninstall Utility
ATI Control Panel
ATI Decoder
ATI Display Driver
ATI HYDRAVISION
ATI Multimedia Center
ATI Multimedia Center 9.01
ATI Remote Wonder 2.3
ATIRW2
Audio Conversion Wizard 1.8
AVerDVD EZMaker USB 2.0 Driver
AVG Free Edition
Battlefield 1942
Battlefield 1942: Secret Weapons of WWII
Battlefield 1942: The Road To Rome
Battlefield Vietnam(TM)
Battlefield Vietnam: WW2 Mod
Be Rich
Beach Party Craze
Big Fish Games Client
Blackhawk Striker
Blasterball 2
Bonjour
BufferChm
Build-a-lot
Build-a-lot 2: Town of the Year
Burger Island (remove only)
Call of Duty
Call of Duty - United Offensive
Call of Duty(R) 2
Circulate
Coffee Rush
Copy
Coupon Printer for Windows
Creative System Information
CustomerResearchQFolder
CutePDF Writer 2.7
DAO
Deal or No Deal
Delicious - Emily's Tea Garden (remove only)
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DH Driver Cleaner Professional Edition
Diner Dash 2
Disney's Lilo and Stitch Pinball
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
DVD
Easy CD Creator 5 Basic
ewido anti-malware
F4100
F4100_doccd
F4100_Help
Farm Frenzy
Farm Frenzy - Pizza Party
Farm Frenzy - Pizza Party!
Farm Mania
FarmMania
Fashion Season
Fenomen Games Downloader (remove only)
Flash Dating
Foxit Reader
G-Zapper v1.4
GameHouse
Gateway Drivers and Applications Recovery
GemMaster 2
Google Earth
Google Toolbar for Internet Explorer
Google Video Player
Google Video Uploader
HijackThis 1.99.1
HomeInventory
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 9.0
HP Deskjet All-In-One Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Product Assistant
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
Intel(R) Extreme Graphics Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
InterActual Player
iTunes
iWin Games (remove only)
Logitech Gaming Software
MarketResearch
MaxBlast 4
Medal of Honor Allied Assault
Medal of Honor Allied Assault(tm) Breakthrough
Medal of Honor Allied Assault(tm) Spearhead
Media-Motor
Megaplex Madness: Now Playing
Men In Black II CROSSFIRE Trial Version
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB886906)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Combat Flight Simulator
Microsoft Combat Flight Simulator 2
Microsoft Combat Flight Simulator 3.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2003
Microsoft Flight Simulator 2002
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Picture It! Photo 7.0
Microsoft Software Update for Web Folders (English) 12
Microsoft Streets and Trips 2002
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Web Publishing Wizard 1.52
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
Move Networks Media Player for Internet Explorer
MovieShop
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MTV Music Generator
MUSICMATCH® Jukebox
MyPoints Point Alert!
MyPublisher BookMaker
MySpaceIM
MySurvey Messenger
NASCAR® Racing 2003 Season
neoDVDstandard
neoDVDstandard4
Nero Suite
Network Play System (Patching)
OpenMG Limited Patch 4.1-05-14-24-01
OpenMG Secure Module 4.1.00
PC-Doctor for Windows
Photo Explosion Deluxe 3.0
Photo Mania
Picture Navigator
Pig Pen
Porsche Design Studio Screen Saver
PowerDVD
Presto! BizCard 4.1 Eng
Presto! Mr. Photo
PrimoPDF
PrimoPDF Redistribution Package
PSSWCORE
PunkBuster for Battlefield 1942
PunkBuster for Battlefield Vietnam
Q-Xpress Installer 1.1.9
QuickTime
Realtek AC'97 Audio
Rhapsody Player Engine
RollerCoaster Tycoon Deluxe
RollerCoaster Tycoon® 3
Safari
Samsung Music Studio
Sandlot Games Client Services 1.2.2
Scan
ScanToWeb
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Shape Shifter
Shop-n-Spree
Slingo Supreme (remove only)
Smart Link 56K Modem
SmartDraw 2007
SolutionCenter
Sound Blaster Live! 24-bit
Space Rocks
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster 4.1
Status
Symantec Network Drivers Update
TestDrive Client
The Movies(TM)
The new 911 Turbo Cabriolet Wallpaper
The Sims 2
The Sims 2 Family Fun Stuff
The Sims 2 Glamour Life Stuff
The Sims 2 Nightlife
The Sims 2 Pets
The Sims 2 University
The Simsâ„¢ 2 Celebration! Stuff
The Simsâ„¢ 2 FreeTime
The Simsâ„¢ 2 H&M® Fashion Stuff
The Simsâ„¢ 2 Seasons
TI Connect 1.6
Toolbox
TrayApp
Ultimate Ride
UltimateZip 2007
UnloadSupport
Unwell Mel
upapp
Update for Office 2007 (KB946691)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VideoToolkit01
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Virtual Warfare
Virus 3 - Trial Version 1.0
WD Anywhere Backup
WD Diagnostics
WDCSAM Driver
WebFldrs XP
WebIQ Client Software
WebReg
Webshots Desktop
Webshots Toolbar
WildTangent GameChannel (remove only)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (12/05/2006 1.0.0007.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WMAConvert 2.3.1
WordJong(TM)
Works Suite OS Pack
YP-F1
ZoneAlarm

==== Event Viewer Messages From Past Week ========

3/2/2009 7:37:32 PM, error: Service Control Manager [7016] - The SmartLinkService service has reported an invalid current state 0.

==== End Of File ===========================

 

Hi and welcome


Save these instructions to wordpad/notepad or print them out, while some of the fix will have to be done in safemode this page will not be available for you to follow.



Download SDFix or from Here and save it to your Desktop

Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following
:

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows
  icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.cmd to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load
  your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the
  forum).
• Finally paste the contents of the SDFix Report.txt back on the forum

NEXT**

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3





--------------------------------------------------------------------
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
(Click on this link to see a list of programs that should be disabled.)
http://www.bleepingcomputer.com/forums/topic114351.html


Double click on Combo-Fix.exe & follow the prompts.

Please allow ComboFix to install, if needed, Windows Recovery Console. It is a simple procedure that will only take a few moments of your time.

No Validation is Required.

Please only run the tool once, ty.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.



** Please Note:
At times ComboFix may appear to stall, please be patient.

• When finished, it will produce a report for you.
• Please post the
  
  SDFix report.txt
  C:\ComboFix.txt
  new DDS log so we can continue cleaning the system.

You may need several replies to post the requested logs, otherwise they might get cut off.

 

Thank you for your help so far. My ISP has now temporarily suspended our email due to the spam we're sending out!

I have completed the instructions up to the point of pasteing the contents of the SDFix Report.txt back to the forum, which I have done below. I will continue forward with the remaining instructions.


SDFix: Version 1.240
Run by Owner on Tue 03/03/2009 at 06:51 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Rootkit Found :
C:\WINNT\system32\drivers\ATI0YDXX.sys - Rootkit Pandex/Cutwail - Protect.sys

Name :
ATI0YDXX

Path :
System32\Drivers\ati0ydxx.sys

ATI0YDXX - Deleted



Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Service ATI0YDXX - Deleted after Reboot

Checking Files :

Trojan Files Found:

C:\WINNT\SETDEBUG.EXE - Deleted
C:\WINNT\UNVISE32.EXE - Deleted
C:\WINNT\system32\rs32net.exe - Deleted
C:\WINNT\system32\drivers\ATI0YDXX.sys - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 19:19:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe "= "C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe "
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe "= "C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe "
"C:\\Program Files\\AIM\\aim.exe "= "C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe "= "C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe "
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe "= "C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe "
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote "
"C:\\Program Files\\Bonjour\\mDNSResponder.exe "= "C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour "
"C:\\Program Files\\iTunes\\iTunes.exe "= "C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes "
"C:\\Program Files\\iWin Games\\iWinGames.exe "= "C:\\Program Files\\iWin Games\\iWinGames.exe:*:Enabled:iWin Games application. "
"C:\\Program Files\\iWin Games\\WebUpdater.exe "= "C:\\Program Files\\iWin Games\\WebUpdater.exe:*:Enabled:iWin Games updater. "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\AIM\\aim.exe "= "C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 2 Dec 2005 4 A..H. --- "C:\WINNT\uccspecb.sys "
Wed 5 Sep 2007 31 A..H. --- "C:\WINNT\uccspecc.sys "
Mon 8 Jan 2007 630,784 A..H. --- "C:\My Games\Family Feud(TM) 2\FamilyFeud.exe "
Tue 20 Jan 2009 2,262,352 ...H. --- "C:\Program Files\Be Rich\game.exe "
Mon 17 Nov 2008 2,557,264 ...H. --- "C:\Program Files\Build-a-lot 2 - Town of the Year\Buildalot2.exe "
Fri 29 Feb 2008 19,153,296 ...H. --- "C:\Program Files\Coffee Rush\CoffeeRush.exe "
Thu 11 Sep 2008 1,807,688 ...H. --- "C:\Program Files\Farm Frenzy\farm.exe "
Thu 5 Feb 2009 4,175,184 ...H. --- "C:\Program Files\Fashion Season\game.exe "
Fri 31 Oct 2008 857,424 ...H. --- "C:\Program Files\Megaplex Madness - Now Playing\MegaplexMadness.exe "
Mon 2 Feb 2009 3,450,192 ...H. --- "C:\Program Files\Shop-n-Spree\shopnspree.exe "
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe "
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe "
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe "
Thu 12 Jul 2007 2,532,680 ...H. --- "C:\Program Files\Turbo Pizza\TurboPizza.exe "
Thu 19 Feb 2009 2,487,632 ...H. --- "C:\Program Files\Unwell Mel\UnwelMel.exe "
Mon 15 Sep 2003 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak "
Tue 3 Mar 2009 108 A..H. --- "C:\Program Files\ATI Multimedia\RemCtrl\x10prod.sys "
Wed 3 Oct 2007 49,352,704 A..H. --- "C:\Program Files\Build-a-lot\gamefiles\Buildalot.exe "
Tue 8 May 2007 1,183,744 A..H. --- "C:\Program Files\Happy Hour\gamefiles\Happy Hour 1.0.1.exe "
Sat 22 Nov 2008 291 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti13D.tmp "
Mon 9 Feb 2009 167,964 ...H. --- "C:\Program Files\Yahoo! Games\Beach Party Craze\Uninstall.exe "
Wed 4 Feb 2009 197,715 ...H. --- "C:\Program Files\Yahoo! Games\Delicious - Emily's Tea Garden\Uninstall.exe "
Sun 8 Feb 2009 234,550 ...H. --- "C:\Program Files\Yahoo! Games\Slingo Supreme\Uninstall.exe "
Sat 20 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp "
Sun 9 Jan 2005 30,208 ...H. --- "C:\Documents and Settings\Owner\My Documents\Katie's Stuff!!!\~WRL3154.tmp "
Sun 14 Sep 2003 1,206 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg.reg "
Mon 1 Sep 2003 1,206 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg_old.reg "
Sun 14 Sep 2003 12,368 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient.reg "
Mon 1 Sep 2003 12,368 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient_old.reg "
Fri 2 May 2008 3,493,888 A..H. --- "C:\Documents and Settings\Owner\Application Data\U3\temp\Launchpad Removal.exe "
Fri 17 Dec 2004 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp "

Finished!

 

Welcome back

SDFix found a rootkit and deleted it....

We're you able to get ComboFix onboard before your internet was cut off?

 

OK, below is the ComboFix result. I have to cut it into three posts to get it to fit.

ComboFix 09-03-02.03 - Owner 2009-03-03 20:38:43.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.309 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: AVG 7.5.552 *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Starware316
c:\documents and settings\All Users\Application Data\Starware316\buttons\775_button_1b_def.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\FindIt.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\FindItHot.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\findithotxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\finditxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\Free_Credit_Score0.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\Free_Music0.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\logo.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\logoxp.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\Reference.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\ReferenceHot.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\referencehotxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\referencexp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\Ringtones0.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\Screensavers0.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\Weather.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\WeatherHot.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\weatherhotxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\weatherxp.png
c:\documents and settings\All Users\Application Data\Starware316\contexts\error.xml
c:\documents and settings\All Users\Application Data\Starware316\contexts\Related.xml
c:\documents and settings\All Users\Application Data\Starware316\contexts\Travel.xml
c:\documents and settings\All Users\Application Data\Starware316\images\walertXP.bmp
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\search.html
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\temp.dmf
c:\winnt\a3kebook.ini
c:\winnt\akebook.ini
c:\winnt\ANS2000.INI
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\cup.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\customer_cup.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\heart.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\menu_down.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\menu_up.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\plates.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\ticket.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\tray.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\music\mainmenumusic.ogg
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_bring_check_1_snd.ogg
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_diner.ogg
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_food_ready_1_snd.ogg
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_gain_heart_1.ogg
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_pencil_write_2.ogg
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_rollover_1.ogg
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_seat_people_snd.ogg
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\choosedifficulty.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\credits.jpg
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\flo_lose.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\flo_win.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\help1.jpg
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\help2.jpg
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\highscores.jpg
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\levelintro.jpg
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\levelintro_mask.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\levelover.jpg
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\levelover_mask.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\mainmenu.jpg
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\popup.jpg
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\popup_mask.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\upgradegrid.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\upgradetitle.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\upsell.jpg
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\arrowleft_blue.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\arrowleft_yellow.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\arrowright_blue.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\arrowright_yellow.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\back_blue.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\back_yellow.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\backchalk.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\backchalkup.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\backtomenu_blue.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\backtomenu_yellow.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\cancel.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\cancelup.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\career.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\career_over.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\close.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\closeup.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\continue.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\continueover.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\credits_blue.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\credits_yellow.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\download_blue.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\download_yellow.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\easy.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\easy_over.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\endlessshift.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\endlessshift_over.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\hard.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\hard_over.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\help.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\help_over.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\highscores.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\highscores_over.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\instructions_blue.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\instructions_yellow.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\letsplay.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\letsplayover.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\medium.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\medium_over.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\moreinfo.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\moreinfoup.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\off.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\off_on.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\on.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\on_on.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\pause.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\pauseover.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\quit.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\quitgame.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\quitgameover.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\quitover.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\resumegame.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\resumegameover.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\submit.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\submitup.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\tryagain.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\tryagainover.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\upgrade_over.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\upgrade_up.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewglobal.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewglobalup.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewhighscore.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewhighscoreon.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewlocal.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewlocalup.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\comics\webcomic.jpg
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\career.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\customer.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\endless.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\global.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\powerups.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\cook\cook.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\cook\cook.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\cook\stove.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\arrow.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\click.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\click2.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\grab.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\open.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\anim.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\blue\anim.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\blue\anim.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\blue\sit_legs.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\green\anim.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\green\anim.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\green\sit_legs.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\purple\anim.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\purple\anim.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\purple\sit_legs.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\red\anim.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\red\anim.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\red\sit_legs.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\yellow\anim.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\yellow\anim.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\yellow\sit_legs.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\anim.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\blue\anim.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\blue\anim.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\blue\sit_legs.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\green\anim.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\green\anim.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\green\sit_legs.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\purple\anim.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\purple\anim.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\purple\sit_legs.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\red\anim.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\red\anim.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\red\sit_legs.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\yellow\anim.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\yellow\anim.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\yellow\sit_legs.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\idle.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\idle.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\lower.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\lower.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\upper.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\upper.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\fonts\arial.mvec
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\fonts\komikaaxis.mvec
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\chair.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\chair.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\dirt2top.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\dirt4top.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\dishcart.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\dishcart.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\drinkstation_off.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\drinkstation_on1.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\drinkstation_on2.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\ticketstation.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\ticketstation.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowdown.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowdownon.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowleft.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowlefton.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowright.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowrighton.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowup.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowupon.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\p1icon.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\textedit.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\title.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_1.txt
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_1_a.txt
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_1_b.txt
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_1_c.txt
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2.txt
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2_a.txt
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2_b.txt
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2_c.txt
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2_d.txt
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3.txt
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3_a.txt
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3_b.txt
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3_c.txt
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3_d.txt
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\fifth_level_diner.txt
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\first_level_diner.txt
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\fourth_level_diner.txt
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\second_level_diner.txt
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\playfirst_logo.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\background.jpg
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food1.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food1.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food2.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food2.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food3.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food3.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\frames\upgrade_0001.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\tables\2top.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\tables\2top.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\tables\4top.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\tables\4top.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\upgrades.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\tableshadow.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\choosedifficulty.lua
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\chooseplayer.lua
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\chooserestaurant.lua
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\credits.lua
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\game.lua
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\gothighscore.lua
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\help.lua
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\help2.lua
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\hiscore.lua
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\hiscoreinfo.lua
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\hiscoresubmit.lua
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\levelintro.lua
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\levelover.lua
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\loading.lua
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\mainloop.lua
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\mainmenu.lua
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\ok.lua
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\pause.lua
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\style.lua
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\tutorialintro.lua
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\upgrade.lua
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\upsell.lua
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\webcomic.lua
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\yesno.lua
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\splash\gamelabsplash.jpg
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\splash\playfirst_logo.jpg
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\strings.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\angersmoke.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\angersmoke.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\chairflags.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\chairflags.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\check.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\checkmark.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\clock.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\closed.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\closingtime.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\coinflip.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\coinflip.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\dollar.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\doodles\coffee.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\doodles\tables.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\doodles\wallpaper.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\expert.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\expertscore.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\foodpoof.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\foodpoof.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\fork_timer.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\goalcompleted.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\heartgrow.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\heartgrow.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\jar.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\jar.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\level.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\level_career.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\score.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\sound.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\staroff.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\staron.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tablenumber.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tablenumberup.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\traynumber.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tutorial_character.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tutorialarrow.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tutorialbox.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgradeanim.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgradeanim.xml
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\drinks.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\maitred.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\oven.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\select.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\shoes.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\stereo.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\table.png
c:\winnt\Downloaded Program Files\DinerDash.1.0.0.58\dinerdash.exe
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\dirty_dishes.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\foodtray.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart1.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart2.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart3.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\menu_down.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\menu_up.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\mop_prop.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\ticket.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a1.ogg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a2.ogg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a3.ogg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a4.ogg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\mainmenumusic.ogg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\baby_cry.ogg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\chef_cook1.ogg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\closing_time.ogg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\customer_ditch.ogg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_down.ogg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_up.ogg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\drink_table.ogg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\expert.ogg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_deliver.ogg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_pickup.ogg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\keystroke2.ogg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\level_lose.ogg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\level_win.ogg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\menu_click.ogg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\menu_rollover.ogg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\mop_pickup.ogg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\mop_spill.ogg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_bring_check_1_snd.ogg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dropoff_drinks_1.ogg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_food_ready_1_snd.ogg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_gain_heart_1.ogg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_menu_down.ogg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pencil_write_2.ogg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_seat_people_snd.ogg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\spill.ogg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\table_drink.ogg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\tip_2.ogg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\flo_lose.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\flo_win.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\fullscreendialog.jpg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\high_score_menu_bg.jpg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.jpg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelover.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.jpg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu.jpg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu_logo.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\popup.jpg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\popup.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\textfield.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\upgrade_lines.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_a.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_b.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_c.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_a.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_b.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_c.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_a.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_b.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_a.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_b.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_highlight.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_normal.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_selected.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_1.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_2.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_3.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_1.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_2.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_3.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a1.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a2.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a3.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_a.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_b.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_c.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_a.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_b.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_c.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_mask.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_a.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_b.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_c.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_mask.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_a.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_b.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_c.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_a.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_b.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_c.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_down.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_over.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_up.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\welcome_player.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\actionpoints.bin
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\career.bin
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\customer.bin
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\endless.bin
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\global.bin
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\powerups.bin
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cook\stove.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\arrow.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\click.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\click2.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\grab.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\open.png

 

c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.anm
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\blue.pal
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\blue_legs.pal
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\legs.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\red.pal
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\red_legs.pal
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.anm
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\blue.pal
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\blue_legs.pal
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\legs.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\red.pal
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\red_legs.pal
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.anm
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.anm
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue.pal
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_baby.pal
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_legs.pal
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\legs.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red.pal
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red_baby.pal
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red_legs.pal
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\anim.anm
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\anim.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\blue.pal
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\blue_legs.pal
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\legs.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\red.pal
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\red_legs.pal
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\idle.anm
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\idle.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\lower.anm
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\lower.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\upper.anm
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\upper.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\fonts\mercurius.mvec
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\bench.anm
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\bench.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\blue_highchairbaby.pal
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\chair.anm
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\chair.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dirt2top.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dirt4top.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dishcart.anm
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dishcart.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\green_highchairbaby.pal
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_a.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_b.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.anm
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.anm
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_a.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_b.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_c.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium_heart.anm
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium_heart.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\purple_highchairbaby.pal
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\radio.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\red_highchairbaby.pal
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\spill.anm
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\spill.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\stereo.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\ticketstation.anm
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\ticketstation.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\yellow_highchairbaby.pal
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\family.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help_dividerline.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_colormatch1.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_colormatch2.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_noise.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_score.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_cleardishes.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_givecheck.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_pickupfood.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_servefood.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_takeorder.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\hiscore\local-hs-bb.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\hiscore\p1icon.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_1.bin
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_2.bin
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_3.bin
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_4.bin
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_5.bin
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_6.bin
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1.bin
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_a.bin
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_b.bin
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_c.bin
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\playfirstlogo.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\background.jpg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\blue.pal
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.anm
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\grey.pal
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\red.pal
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\cup1.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.anm
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_0.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_1.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_a.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_b.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_c.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.anm
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\props\cup_prop1.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.anm
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.anm
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrades.xml
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\tableshadow.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\careerupgrade.lua
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\choosedifficulty.lua
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\closeconfirm.lua
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\entername.lua
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\game.lua
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\getmoregames.lua
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\help1.lua
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\help2.lua
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscore.lua
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscoreinfo.lua
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscoresubmit.lua
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\levelintro.lua
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\levelover.lua
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\loading.lua
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\mainloop.lua
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\mainmenu.lua
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\ok.lua
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\pause.lua
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\style.lua
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\upgrade.lua
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\upsell.lua
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\yesno.lua
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\splash\aol_logo.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\splash\playfirst_logo.jpg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\strings.xml
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\angersmoke.anm
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\angersmoke.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_bubble.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_mop.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_rejectmeal.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\chairflags.anm
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\chairflags.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\check.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\checkmark.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\closed.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\coinflip.anm
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\coinflip.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\decor_lines.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\dollar.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\expert.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\foodpoof.anm
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\foodpoof.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\heartgrow.anm
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\heartgrow.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\jar.anm
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\jar.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\lives_icon.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\noisering.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_a.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_b.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_c.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_d.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_e.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_f.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tablenumber_a.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tablenumber_b.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\traynumber.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tutorialarrow.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tutorialbox.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_base.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_hand.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_timer_off.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_timer_on.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgradeanim.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_a.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_b.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_c.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_a.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_b.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_c.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_a.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_b.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_c.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_a.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_b.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_c.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_a.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_b.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_c.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_a.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_b.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_c.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_a.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_b.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_c.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_a.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_b.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_c.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_a.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_b.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_c.png
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd1.jpg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd2.jpg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd3.jpg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd4.jpg
c:\winnt\Downloaded Program Files\DinerDash2.1.0.0.53\dinerdash2.exe
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\music\mainmenumusic.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\areabomb.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\beetlezap.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\bonusrow.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\bonustimer.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\bucketfilled.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\clearpyramid.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle1a.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle1b.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle1c.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle2a.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle2b.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle2c.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\colorchain.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\dialogbox.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\drumbeat.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\fillrow.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\gateopen.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\helptip.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\powerup.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\rotateboardleft.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\timerup.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\warning.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\warning2.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\artifacts-bb.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\bar.jpg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\chamber0.jpg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\chamber1.jpg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\circledoor.jpg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\full_screen_dialog.jpg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\global-hs-bb_large.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\global-hs-bb_small.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\help-bb_large.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\help-bb_small.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\hexfield.jpg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\hidden-artifact_icon.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\large_dialog.jpg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\local-hs-bb.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\mainmenu.jpg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\small_dialog.jpg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\textfield.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\trifield.jpg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetlehover1.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetlehover2.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetlehover3.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetlehover4.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetleshock1.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetleshock2.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetleshock3.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetleshock4.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetletatoo.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\dirt.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\scarabpost.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\scarabpostovr.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\tritop.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowdown_down.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowdown_over.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowdown_up.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowleft_down.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowleft_over.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowleft_up.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowright_down.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowright_over.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowright_up.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowup_down.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowup_over.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowup_up.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowleft_down.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowleft_over.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowleft_up.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowright_down.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowright_over.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowright_up.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\checkdown.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\checkup.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\long_button_down.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\long_button_over.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\long_button_up.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\orange-button_down.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\orange-button_over.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\orange-button_up.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotleft_down.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotleft_over.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotleft_up.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotright_down.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotright_over.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotright_up.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\simplebutton_down.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\simplebutton_over.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\simplebutton_up.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\sliderknob.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\sliderknobover.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\sliderrail.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\characters\anwar\look\pl0001.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\characters\bast\look\bl0001.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\characters\kristine\look\kl0001.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\crackedstopper.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\cursor.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\doorlights.txt
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\fonts\jackarmstrong.mvec
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\fonts\lithos.mvec
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\greybomb.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\helptips\arrowkeys.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\helptips\helptip.jpg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\levels\levels.dat
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\disk.mesh
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\equilateraltriangle.mesh
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\flattri.mesh
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\pyramid.mesh
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\quad.mesh
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\rotatingpyramid.mesh
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\scarabpanel.mesh
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\p1icon.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\scenes\page1-0.xml
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\scenes\page1-1.xml
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\scenes\panel1-0-1.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\scenes\panel1-1-1.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\scorecloud.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\setup.xml
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\areashockwave.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_1.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_2.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_3.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_4.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_starter.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_tail.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\flash.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\rubble.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\smoke.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\smoke2.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\smoke3.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\splash\playfirst_logo.jpg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\statues\statue0\snake_dirty.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\statues\statue1\arm01_dirty.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\statues\statue1\mask01_1.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\statues\statue1\statue01_dirty.jpg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\stopper.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\timer.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\timerglow.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\timericon.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\tm.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseblue1.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseblue2.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseblue3.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousegreen1.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousegreen2.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousegreen3.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousered1.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousered2.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousered3.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseyellow1.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseyellow2.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseyellow3.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\areabomb.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\areabombrollover.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\blue.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\bluerollover.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\boardfill.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\brick.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\brick1.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\brick2.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\brick3.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\bricktip.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared1.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared2.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared3.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared4.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared5.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared6.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\eye1.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\eye2.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\eye3.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\eye4.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\green.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\greenrollover.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-blue.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-bluerollover.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-green.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-greenrollover.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-red.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-redrollover.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-yellow.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-yellowrollover.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\red.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\redrollover.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\wild.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\wildrollover.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\yellow.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\yellowrollover.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\upsell\image0.jpg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\upsell\image1.jpg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\upsell\image2.jpg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\upsell\image3.jpg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\bluebucket.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\buckettriangle.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\chainlink.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\chaintip.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\genericbucket.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\greenbucket.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\redbucket.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\smallblue.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\smallgreen.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\smallred.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\smallyellow.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\urnglow.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\urnplatform.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\yellowbucket.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\assets\warning.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\screens\error.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\screens\game.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\screens\gameover.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\screens\hiscore.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\screens\hiscoreinfo.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\screens\hiscoresubmit.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\screens\instructions.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\screens\leveldesign.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\screens\levelover.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\screens\mainarcade.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\screens\mainconfirm.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\screens\maincontinue.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\screens\maingames.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\screens\mainpuzzle.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\screens\maphelptip.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\screens\options.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\screens\pause.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\screens\quitconfirm.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\screens\start.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\screens\storyplayer.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\screens\style.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\screens\upsell.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\strings.xml
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.55\TriJinx.exe
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\audio\music\mainmenumusic.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\audio\sfx\areabomb.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\audio\sfx\beetlezap.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\audio\sfx\bonusrow.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\audio\sfx\bonustimer.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\audio\sfx\bucketfilled.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\audio\sfx\clearpyramid.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\audio\sfx\cleartriangle1a.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\audio\sfx\cleartriangle1b.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\audio\sfx\cleartriangle1c.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\audio\sfx\cleartriangle2a.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\audio\sfx\cleartriangle2b.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\audio\sfx\cleartriangle2c.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\audio\sfx\colorchain.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\audio\sfx\dialogbox.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\audio\sfx\drumbeat.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\audio\sfx\fillrow.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\audio\sfx\gateopen.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\audio\sfx\helptip.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\audio\sfx\powerup.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\audio\sfx\rotateboardleft.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\audio\sfx\timerup.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\audio\sfx\warning.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\audio\sfx\warning2.ogg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\backgrounds\artifacts-bb.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\backgrounds\bar.jpg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\backgrounds\chamber0.jpg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\backgrounds\chamber1.jpg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\backgrounds\circledoor.jpg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\backgrounds\full_screen_dialog.jpg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\backgrounds\global-hs-bb_large.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\backgrounds\global-hs-bb_small.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\backgrounds\help-bb_large.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\backgrounds\help-bb_small.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\backgrounds\hexfield.jpg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\backgrounds\hidden-artifact_icon.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\backgrounds\large_dialog.jpg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\backgrounds\local-hs-bb.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\backgrounds\mainmenu.jpg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\backgrounds\small_dialog.jpg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\backgrounds\textfield.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\backgrounds\trifield.jpg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\beetles\beetlehover1.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\beetles\beetlehover2.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\beetles\beetlehover3.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\beetles\beetlehover4.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\beetles\beetleshock1.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\beetles\beetleshock2.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\beetles\beetleshock3.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\beetles\beetleshock4.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\beetles\beetletatoo.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\beetles\dirt.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\beetles\scarabpost.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\beetles\scarabpostovr.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\beetles\tritop.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\arrowdown_down.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\arrowdown_over.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\arrowdown_up.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\arrowleft_down.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\arrowleft_over.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\arrowleft_up.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\arrowright_down.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\arrowright_over.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\arrowright_up.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\arrowup_down.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\arrowup_over.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\arrowup_up.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\bluearrowleft_down.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\bluearrowleft_over.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\bluearrowleft_up.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\bluearrowright_down.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\bluearrowright_over.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\bluearrowright_up.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\checkdown.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\checkup.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\long_button_down.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\long_button_over.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\long_button_up.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\orange-button_down.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\orange-button_over.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\orange-button_up.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\rotleft_down.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\rotleft_over.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\rotleft_up.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\rotright_down.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\rotright_over.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\rotright_up.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\simplebutton_down.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\simplebutton_over.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\simplebutton_up.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\sliderknob.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\sliderknobover.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\buttons\sliderrail.png

 

c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\characters\anwar\look\pl0001.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\characters\bast\look\bl0001.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\characters\kristine\look\kl0001.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\crackedstopper.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\cursor.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\doorlights.txt
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\fonts\jackarmstrong.mvec
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\fonts\lithos.mvec
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\greybomb.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\helptips\arrowkeys.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\helptips\helptip.jpg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\levels\levels.dat
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\models\disk.mesh
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\models\equilateraltriangle.mesh
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\models\flattri.mesh
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\models\pyramid.mesh
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\models\quad.mesh
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\models\rotatingpyramid.mesh
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\models\scarabpanel.mesh
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\p1icon.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\scenes\page1-0.xml
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\scenes\page1-1.xml
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\scenes\panel1-0-1.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\scenes\panel1-1-1.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\scorecloud.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\setup.xml
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\sfx\areashockwave.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\sfx\bolt_1.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\sfx\bolt_2.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\sfx\bolt_3.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\sfx\bolt_4.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\sfx\bolt_starter.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\sfx\bolt_tail.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\sfx\flash.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\sfx\rubble.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\sfx\smoke.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\sfx\smoke2.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\sfx\smoke3.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\splash\aol_logo.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\splash\playfirst_logo.jpg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\statues\statue0\snake_dirty.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\statues\statue1\arm01_dirty.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\statues\statue1\mask01_1.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\statues\statue1\statue01_dirty.jpg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\stopper.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\timer.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\timerglow.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\timericon.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\tm.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\trails\mouseblue1.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\trails\mouseblue2.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\trails\mouseblue3.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\trails\mousegreen1.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\trails\mousegreen2.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\trails\mousegreen3.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\trails\mousered1.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\trails\mousered2.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\trails\mousered3.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\trails\mouseyellow1.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\trails\mouseyellow2.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\trails\mouseyellow3.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\triangles\areabomb.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\triangles\areabombrollover.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\triangles\blue.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\triangles\bluerollover.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\triangles\boardfill.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\triangles\brick.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\triangles\brick1.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\triangles\brick2.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\triangles\brick3.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\triangles\bricktip.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\triangles\clearanim\cleared1.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\triangles\clearanim\cleared2.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\triangles\clearanim\cleared3.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\triangles\clearanim\cleared4.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\triangles\clearanim\cleared5.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\triangles\clearanim\cleared6.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\triangles\eye1.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\triangles\eye2.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\triangles\eye3.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\triangles\eye4.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\triangles\green.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\triangles\greenrollover.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\triangles\plain_tri-blue.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\triangles\plain_tri-bluerollover.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\triangles\plain_tri-green.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\triangles\plain_tri-greenrollover.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\triangles\plain_tri-red.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\triangles\plain_tri-redrollover.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\triangles\plain_tri-yellow.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\triangles\plain_tri-yellowrollover.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\triangles\red.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\triangles\redrollover.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\triangles\wild.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\triangles\wildrollover.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\triangles\yellow.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\triangles\yellowrollover.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\upsell\image0.jpg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\upsell\image1.jpg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\upsell\image2.jpg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\upsell\image3.jpg
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\urns\bluebucket.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\urns\buckettriangle.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\urns\chainlink.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\urns\chaintip.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\urns\genericbucket.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\urns\greenbucket.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\urns\redbucket.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\urns\smallblue.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\urns\smallgreen.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\urns\smallred.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\urns\smallyellow.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\urns\urnglow.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\urns\urnplatform.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\urns\yellowbucket.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\assets\warning.png
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\screens\error.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\screens\game.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\screens\gameover.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\screens\hiscore.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\screens\hiscoreinfo.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\screens\hiscoresubmit.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\screens\instructions.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\screens\leveldesign.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\screens\levelover.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\screens\mainarcade.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\screens\mainconfirm.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\screens\maincontinue.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\screens\maingames.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\screens\mainpuzzle.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\screens\maphelptip.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\screens\options.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\screens\pause.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\screens\quitconfirm.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\screens\start.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\screens\storyplayer.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\screens\style.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\screens\upsell.lua
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\strings.xml
c:\winnt\Downloaded Program Files\TriJinx.1.0.0.58\TriJinx.exe
c:\winnt\IE4 Error Log.txt
c:\winnt\jestertb.dll
c:\winnt\patch.exe
c:\winnt\system32\AutoRun.inf
c:\winnt\system32\Process.exe
c:\winnt\system32\SrchSTS.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_IWINGAMESINSTALLER
-------\Service_Boonty Games
-------\Service_iWinGamesInstaller


((((((((((((((((((((((((( Files Created from 2009-02-04 to 2009-03-04 )))))))))))))))))))))))))))))))
.

2009-03-03 18:49 . 2009-03-03 18:49 578,560 --a------ c:\winnt\system32\dllcache\user32.dll
2009-03-03 18:40 . 2009-03-03 18:41 <DIR> d-------- c:\winnt\ERUNT
2009-03-03 18:17 . 2009-03-03 19:39 <DIR> d-------- C:\SDFix
2009-03-03 12:04 . 2009-03-03 14:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\FarmFrenzy2
2009-03-03 12:03 . 2009-03-03 12:03 <DIR> d-------- c:\documents and settings\Owner\Application Data\WildTangent
2009-03-03 12:01 . 2009-03-03 12:03 <DIR> d-------- c:\program files\WildGames
2009-02-28 14:45 . 2009-03-01 09:36 <DIR> d-------- c:\program files\Farm Frenzy
2009-02-28 06:00 . 2009-02-28 06:00 <DIR> d-------- C:\GameHouse Games
2009-02-27 05:45 . 2009-02-27 05:45 <DIR> d-------- c:\program files\Build-a-lot 2 - Town of the Year
2009-02-24 08:13 . 2009-02-24 08:13 <DIR> d-------- c:\documents and settings\Owner\Application Data\blg
2009-02-24 08:13 . 2009-02-24 08:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\blg
2009-02-21 22:40 . 2009-02-21 22:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Big Fish Games Vancouver
2009-02-21 22:37 . 2009-02-21 22:38 <DIR> d-------- c:\program files\Unwell Mel
2009-02-19 14:01 . 2009-02-19 14:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\FarmFrenzy-PizzaParty
2009-02-15 07:21 . 2009-02-15 07:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lifetime
2009-02-09 19:03 . 2009-02-28 05:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\AlawarWrapper
2009-02-08 13:32 . 2009-02-08 13:32 <DIR> d-------- C:\WINDOWS
2009-02-07 05:48 . 2009-02-07 05:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Alawar Stargaze
2009-02-07 05:47 . 2009-02-07 05:48 <DIR> d-------- c:\program files\Fashion Season
2009-02-04 07:44 . 2009-02-04 07:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\GameHouse

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-04 02:02 469,832 --sha-w c:\winnt\system32\drivers\fidbox.idx
2009-03-04 02:02 41,412,640 --sha-w c:\winnt\system32\drivers\fidbox.dat
2009-03-04 01:13 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-03 17:01 --------- d-----w c:\documents and settings\All Users\Application Data\WildTangent
2009-03-03 13:00 --------- d-----w c:\documents and settings\LocalService\Application Data\AVG7
2009-03-03 12:13 --------- d-----w c:\program files\SpywareBlaster
2009-03-03 10:37 --------- d-----w c:\documents and settings\Owner\Application Data\AVG7
2009-03-01 22:06 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-03-01 18:59 --------- d-----w c:\documents and settings\Owner\Application Data\EleFun Games
2009-03-01 13:26 --------- d-----w c:\program files\GameHouse
2009-03-01 13:26 --------- d-----w c:\documents and settings\Owner\Application Data\GameHouse
2009-02-28 10:59 --------- d-----w c:\program files\RealArcade
2009-02-25 18:59 --------- d-----w c:\documents and settings\Owner\Application Data\PlayFirst
2009-02-24 13:43 --------- d-----w c:\program files\Yahoo! Games
2009-02-21 12:01 --------- d-----w c:\program files\Alawar
2009-02-14 10:33 --------- d-----w c:\documents and settings\All Users\Application Data\SugarGames
2009-02-10 17:47 --------- d-----w c:\program files\Shockwave.com
2009-02-10 13:43 --------- d-----w c:\program files\PlayFirst
2009-02-09 01:39 --------- d--h--w c:\documents and settings\Owner\Application Data\Move Networks
2009-02-06 21:10 --------- d-----w c:\program files\UltimateZip 2007
2009-02-03 16:49 --------- d-----w c:\program files\Shop-n-Spree
2009-02-03 16:49 --------- d-----w c:\documents and settings\Owner\Application Data\ViquaSoft
2009-01-26 15:09 --------- d-----w c:\program files\Be Rich
2009-01-26 14:58 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2009-01-24 18:55 --------- d-----w c:\documents and settings\All Users\Application Data\HipSoft
2009-01-21 13:18 --------- d-----w c:\documents and settings\Owner\Application Data\AlterLab
2009-01-19 23:13 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
2009-01-19 13:32 --------- d-----w c:\documents and settings\Owner\Application Data\Boomzap
2009-01-13 12:56 --------- d-----w c:\documents and settings\All Users\Application Data\DivoGames
2009-01-10 21:08 --------- d-----w c:\documents and settings\Owner\Application Data\Sahmon Games
2008-03-02 12:53 0 ----a-w c:\program files\temp01
2007-10-10 00:01 76,720 ----a-w c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2006-06-05 16:19 311 ----a-w c:\documents and settings\Owner\Application Data\bbbconfig.dat
2006-01-23 13:31 774,144 ----a-w c:\program files\RngInterstitial.dll
2005-04-19 19:47 280,064 ----a-w c:\documents and settings\Owner\Application Data\tizhook.bin
2005-04-19 19:47 152,804 ----a-w c:\documents and settings\Owner\Application Data\tizupd.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\winnt\system32\ctfmon.exe" [2008-04-13 15360]
"ATI Remote Control "= "c:\program files\ATI Multimedia\RemCtrl\ATIRW.exe" [2004-04-16 196608]
"AdobeUpdater "= "c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-09 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\winnt\System32\igfxtray.exe" [2004-07-01 155648]
"AdaptecDirectCD "= "c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-03-26 684032]
"HotKeysCmds "= "c:\winnt\System32\hkcmd.exe" [2004-07-01 118784]
"ATI DeviceDetect "= "c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2004-06-15 69705]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 339968]
"AVG7_CC "= "c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-10-17 590848]
"CDTrayPal "= "c:\documents and settings\Owner\Desktop\CDTrayPalN\cdtray.exe" [2005-09-21 139264]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"PhotoExplosionCalCheck "= "c:\program files\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe" [2006-05-10 69632]
"ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"WD Button Manager "= "WDBtnMgr.exe" [2008-01-21 c:\winnt\system32\WDBtnMgr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nszzgvi "= "c:\winnt\system32\w?crtupd.exe" [?]
"AVG7_Run "= "c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 219136]
"MySpaceIM "= "c:\program files\MySpace\IM\MySpaceIM.exe" [2007-03-07 5181440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator "= "Narrator.exe" [2008-04-13 c:\winnt\system32\narrator.exe]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
MySurvey Messenger.lnk - c:\program files\MySurvey Messenger\MySurveyMessenger.exe [2007-07-02 651264]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2004-10-02 45056]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
WD Anywhere Backup Launcher.lnk - c:\winnt\Installer\{649C4B1A-6A76-499A-9AEC-0C9530FA7D2C}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe [2008-06-09 9662]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.MI-SC4 "= MI-SC4.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0vaxx.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3aexx.sys]
@= "Driver "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\winnt\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\winnt\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Army Men World War(TM).lnk]
backup=c:\winnt\pss\Army Men World War(TM).lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
backup=c:\winnt\pss\iWin Desktop Alerts.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\winnt\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
backup=c:\winnt\pss\PowerReg Scheduler.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=c:\winnt\pss\RollerCoaster Tycoon 3 Registration.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DKQXE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iefeatures
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSVersion
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchNavVersion

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2008-11-09 05:40 2356088 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-22 19:42 116040 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2002-11-03 14:56 188416 c:\winnt\system32\spool\drivers\w32x86\3\hpztsb07.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IEXPLORE.EXE]
--a------ 2008-12-19 00:25 634024 c:\program files\Internet Explorer\iexplore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 09:47 289064 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2002-07-16 20:21 28672 c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2003-02-11 15:44 143360 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
--a------ 2002-07-17 11:00 200767 c:\program files\Microsoft Money\System\mnyexpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-03-07 00:06 5181440 c:\program files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2004-09-22 15:10 1871872 c:\progra~1\Ahead\NEROBA~1\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\winnt\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 19:42 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-08-28 05:38 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a------ 2005-05-03 16:47 100056 c:\progra~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 c:\winnt\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe "=
"c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe "=
"c:\\Program Files\\AIM\\aim.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe "=
"c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\iWin Games\\iWinGames.exe "=

R1 ATMhelpr;ATMhelpr;c:\winnt\system32\drivers\ATMHELPR.SYS [2003-08-31 4064]
R3 DCamUSB20;AVerDVD EZMaker USB 2.0 Video Capture;c:\winnt\system32\drivers\CsMini20.sys [2003-03-18 46248]
S0 ati0vaxx;ati0vaxx;c:\winnt\system32\Drivers\ati0vaxx.sys --> c:\winnt\system32\Drivers\ati0vaxx.sys [?]
S0 ati3aexx;ati3aexx;c:\winnt\system32\Drivers\ati3aexx.sys --> c:\winnt\system32\Drivers\ati3aexx.sys [?]
S3 kbeepm;kbeepm;\??\c:\docume~1\Owner\LOCALS~1\Temp\kbeepm.sys --> c:\docume~1\Owner\LOCALS~1\Temp\kbeepm.sys [?]
S3 PCDRDRV;Pcdr Helper Driver; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d816fda-c85f-11dc-baa5-0007e9436f41}]
\Shell\AutoRun\command - g:\wd_windows_tools\WDEULA.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7c55951-2fe1-11dd-bbe5-0007e9436f41}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-27 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2009-03-03 c:\winnt\Tasks\FRU Task #Hewlett-Packard#Deskjet#3420.job
- c:\program files\Hewlett-Packard\upapp\hpqfruv.exe []

2003-08-16 c:\winnt\Tasks\ISP signup reminder 1.job
- c:\winnt\System32\OOBE\oobebaln.exe [2008-04-13 19:12]

2003-08-16 c:\winnt\Tasks\ISP signup reminder 2.job
- c:\winnt\System32\OOBE\oobebaln.exe [2008-04-13 19:12]

2003-08-31 c:\winnt\Tasks\ISP signup reminder 3.job
- c:\winnt\System32\OOBE\oobebaln.exe [2008-04-13 19:12]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-rs32net - c:\winnt\System32\rs32net.exe
HKCU-Run-ATI Launchpad - (no file)
HKU-Default-Run-Ltho - c:\program files\sder\dees.exe
MSConfigStartUp-AltnetPointsManager - c:\program files\altnet\points manager\points manager.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-ccRegVfy - c:\program files\Common Files\Symantec Shared\ccRegVfy.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-gqunjjpo - c:\winnt\ecngzghk.exe
MSConfigStartUp-MyDailyHoroscope - c:\progra~1\MYDAIL~1\MYDAIL~1.EXE
MSConfigStartUp-MyPointsPointAlert0 - c:\program files\MyPoints_PointAlert\MyPointsPointAlert0.exe
MSConfigStartUp-NI - c:\winnt\Downloaded Program Files\UWFX5LP_0001_0715NetInstaller.exe
MSConfigStartUp-P2P Networking - c:\winnt\System32\P2P Networking\P2P Networking.exe
MSConfigStartUp-RFAgent - c:\program files\RFA\rfagent.exe
MSConfigStartUp-TBPS - c:\progra~1\Toolbar\TBPS.exe
MSConfigStartUp-Trickler - c:\winnt\temp\adware\fsg_4104h.exe
MSConfigStartUp-updmgr - c:\program files\Common files\updmgr\updmgr.exe
MSConfigStartUp-wcmdmgr - c:\winnt\wt\updater\wcmdmgrl.exe
MSConfigStartUp-Weather - c:\program files\AWS\WeatherBug\Weather.EXE
MSConfigStartUp-WT GameChannel - c:\program files\WildTangent\Apps\GameChannel.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://portal.wowway.net/index.php
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.net/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: MyPoints - file://c:\program files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm
Trusted Zone: advancerx.com
DPF: ChatSpace Full Java Client 3.1.0.229 - hxxp://64.55.105.205/Java/cfs31229.cab
DPF: DirectAnimation Java Classes - file://c:\i386\DAJAVA.CAB
DPF: Microsoft XML Parser for Java - file://c:\i386\XMLDSO.CAB
DPF: Yahoo! Chat - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
DPF: {0F04992B-E661-4DB9-B223-903AB628225D} - file://c:\program files\Gateway\Do More\DoMoreRunExe.CAB
DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://www.playfirst.com/play/game/trijinx/trijinx.cab
DPF: {511073AD-BE56-4D43-AE68-93390514385E} - file://c:\program files\gateway\helpspot\TechTools.CAB
DPF: {64CEA9F9-7116-4ECA-A905-FA3EA28BD0FE} - hxxp://www.tripadvisor.com/cab/wabparser.cab
DPF: {7142BA01-8BDF-11CF-9E23-0000E8A37440} - hxxp://admission.udayton.edu//VirTour/svideo.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://www.shockwave.com/content/tumblebugs/axhost.cab
DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} - hxxp://support.gateway.com/eSupport/static/weblaunch/weblaunch.cab
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://www.playfirst.com/play/game/dinerdash/dinerdash.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 21:05:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\winnt\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\winnt\system32\ati2evxx.exe
c:\winnt\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\progra~1\Grisoft\AVGFRE~1\avgamsvr.exe
c:\progra~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\progra~1\Grisoft\AVGFRE~1\avgemc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ewido anti-malware\ewidoctrl.exe
c:\winnt\system32\rundll32.exe
c:\progra~1\Webshots\Webshots.scr
c:\winnt\system32\wscntfy.exe
c:\winnt\system32\ZoneLabs\vsmon.exe
c:\program files\WD\WD Anywhere Backup\MemeoBackup.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-03-03 21:16:13 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2009-03-04 02:16:07

Pre-Run: 44,848,373,760 bytes free
Post-Run: 44,820,733,952 bytes free

1429 --- E O F --- 2009-02-27 06:01:15

Next I'll post a new DDS log as instructed.

 

DDS (Ver_09-02-01.01) - NTFSx86
Run by Owner at 21:37:45.20 on Tue 03/03/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.282 [GMT -5:00]

AV: AVG 7.5.552 *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\WINNT\System32\svchost.exe -k netsvcs
C:\WINNT\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINNT\system32\svchost.exe -k hpdevmgmt
C:\WINNT\System32\svchost.exe -k HPZ12
C:\WINNT\System32\svchost.exe -k HPZ12
C:\WINNT\System32\svchost.exe -k imgsvc
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Documents and Settings\Owner\Desktop\CDTrayPalN\cdtray.exe
C:\WINNT\system32\WDBtnMgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\WINNT\system32\wscntfy.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINNT\explorer.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://portal.wowway.net/index.php
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.net/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.0.1225.9868\swg.dll
TB: Webshots Toolbar: {c17590d2-ecb4-4b15-8820-f58798dcc118} - c:\program files\webshots\WSToolbar4IE.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
uRun: [ATI Remote Control] c:\program files\ati multimedia\remctrl\ATIRW.exe
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe "
mRun: [IgfxTray] c:\winnt\system32\igfxtray.exe
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe "
mRun: [HotKeysCmds] c:\winnt\system32\hkcmd.exe
mRun: [ATI DeviceDetect] c:\program files\ati multimedia\main\ATIDtct.EXE
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [AVG7_CC] c:\progra~1\grisoft\avgfre~1\avgcc.exe /STARTUP
mRun: [CDTrayPal] c:\documents and settings\owner\desktop\cdtraypaln\cdtray.exe
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [PhotoExplosionCalCheck] c:\program files\nova development\photo explosion deluxe 3.0\calcheck.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [Nszzgvi] c:\winnt\system32\w?crtupd.exe
dRun: [AVG7_Run] c:\progra~1\grisoft\avgfre~1\avgw.exe /RUNONCE
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\mysurv~1.lnk - c:\program files\mysurvey messenger\MySurveyMessenger.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdanyw~1.lnk - c:\winnt\installer\{649c4b1a-6a76-499a-9aec-0c9530fa7d2c}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe
IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm
IE: &Webshots Photo Search - c:\program files\webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: MyPoints - file://c:\program files\mypoints_pointalert\sy800\tp800\scri800a.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
Trusted Zone: advancerx.com
DPF: ChatSpace Full Java Client 3.1.0.229 - hxxp://64.55.105.205/Java/cfs31229.cab
DPF: DirectAnimation Java Classes - file://c:\i386\DAJAVA.CAB
DPF: Microsoft XML Parser for Java - file://c:\i386\XMLDSO.CAB
DPF: Yahoo! Bingo - hxxp://download2.games.yahoo.com/games/clients/y/xt0_x.cab
DPF: Yahoo! Chat - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15009/CTSUEng.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB
DPF: {0F04992B-E661-4DB9-B223-903AB628225D} - file://c:\program files\gateway\do more\DoMoreRunExe.CAB
DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} - hxxp://www1.snapfish.com/SnapfishOutlookImport.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Slingo%20Quest%20Hawaii/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://www.playfirst.com/play/game/trijinx/trijinx.cab
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxp://web-student-3.udayton.edu/iNotes6W.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.snapfish.com/SnapfishActivia.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} - hxxps://www.webiqonline.com/WebIQ/bin/WebIQ.cab
DPF: {511073AD-BE56-4D43-AE68-93390514385E} - file://c:\program files\gateway\helpspot\TechTools.CAB
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} - hxxp://www.webshots.com/samplers/WSDownloader.ocx
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} - hxxp://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.53.cab
DPF: {64CEA9F9-7116-4ECA-A905-FA3EA28BD0FE} - hxxp://www.tripadvisor.com/cab/wabparser.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202843377078
DPF: {7142BA01-8BDF-11CF-9E23-0000E8A37440} - hxxp://admission.udayton.edu//VirTour/svideo.cab
DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} - file://c:\program files\gateway\helpspot\RunExeActiveX.CAB
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://www.shockwave.com/content/tumblebugs/axhost.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - hxxp://a14.g.akamai.net/f/14/7141/1d/www.nielsennetpanel.com/netmeter4_6/NetMeter_preinstaller_activex_en_4.60.38.0_MEGAPANEL_USA.cab
DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} - hxxp://support.gateway.com/eSupport/static/weblaunch/weblaunch.cab
DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxps://support.gateway.com/support/serialharvest/gwCID.CAB
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37865.5665625
DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} - hxxp://community.webshots.com/html/WSPhotoUploader.CAB
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - hxxp://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Lottery%20Ticket/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - hxxp://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://www.shockwave.com/content/cinematycoon/cinematycoon.cab
DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} - hxxp://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://www.playfirst.com/play/game/dinerdash/dinerdash.cab
DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} - hxxp://www.playfirst.com/play/game/weddingdash/WeddingDash.1.0.0.44.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15010/CTPID.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll
SEH: CShellExecuteHookImpl Object: {54d9498b-cf93-414f-8984-8ce7fde0d391} - c:\program files\ewido anti-malware\shellhook.dll

============= SERVICES / DRIVERS ===============

R1 ATMhelpr;ATMhelpr;c:\winnt\system32\drivers\ATMHELPR.SYS [2003-8-31 4064]
R1 Avg7Core;AVG7 Kernel;c:\winnt\system32\drivers\avg7core.sys [2006-5-23 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\winnt\system32\drivers\avg7rsw.sys [2005-12-16 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;c:\winnt\system32\drivers\avg7rsxp.sys [2006-3-14 27776]
R1 AvgClean;AVG7 Clean Driver;c:\winnt\system32\drivers\avgclean.sys [2006-11-17 10760]
R1 KLIF;KLIF;c:\winnt\system32\drivers\klif.sys [2009-1-19 127768]
R1 vsdatant;vsdatant;c:\winnt\system32\vsdatant.sys [2004-5-7 394952]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avgfre~1\avgamsvr.exe [2005-12-16 418816]
R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avgfre~1\avgupsvc.exe [2005-12-16 49664]
R2 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avgfre~1\avgemc.exe [2005-12-16 406528]
R2 AvgTdi;AVG Network Redirector;c:\winnt\system32\drivers\avgtdi.sys [2005-12-16 4960]
R2 ewido security suite control;ewido security suite control;c:\program files\ewido anti-malware\ewidoctrl.exe [2005-11-30 13888]
R2 vsmon;TrueVector Internet Monitor;c:\winnt\system32\zonelabs\vsmon.exe -service --> c:\winnt\system32\zonelabs\vsmon.exe -service [?]
R3 DCamUSB20;AVerDVD EZMaker USB 2.0 Video Capture;c:\winnt\system32\drivers\CsMini20.sys [2003-3-18 46248]
S0 ati0vaxx;ati0vaxx;c:\winnt\system32\drivers\ati0vaxx.sys --> c:\winnt\system32\drivers\ati0vaxx.sys [?]
S0 ati3aexx;ati3aexx;c:\winnt\system32\drivers\ati3aexx.sys --> c:\winnt\system32\drivers\ati3aexx.sys [?]
S3 kbeepm;kbeepm;\??\c:\docume~1\owner\locals~1\temp\kbeepm.sys --> c:\docume~1\owner\locals~1\temp\kbeepm.sys [?]
S3 PCDRDRV;Pcdr Helper Driver; [x]

=============== Created Last 30 ================

2009-03-03 20:19 <DIR> --d----- C:\cmdcons
2009-03-03 20:16 161,792 a------- c:\winnt\SWREG.exe
2009-03-03 20:16 98,816 a------- c:\winnt\sed.exe
2009-03-03 18:49 578,560 a------- c:\winnt\system32\dllcache\user32.dll
2009-03-03 18:40 <DIR> --d----- c:\winnt\ERUNT
2009-03-03 18:17 <DIR> --d----- C:\SDFix
2009-03-03 12:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FarmFrenzy2
2009-03-03 12:03 <DIR> --d----- c:\docume~1\owner\applic~1\WildTangent
2009-03-03 12:01 <DIR> --d----- c:\program files\WildGames
2009-02-28 14:45 <DIR> --d----- c:\program files\Farm Frenzy
2009-02-28 06:00 <DIR> --d----- C:\GameHouse Games
2009-02-27 05:45 <DIR> --d----- c:\program files\Build-a-lot 2 - Town of the Year
2009-02-24 08:13 <DIR> --d----- c:\docume~1\owner\applic~1\blg
2009-02-24 08:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\blg
2009-02-21 22:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Big Fish Games Vancouver
2009-02-21 22:37 <DIR> --d----- c:\program files\Unwell Mel
2009-02-19 14:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FarmFrenzy-PizzaParty
2009-02-15 07:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Lifetime
2009-02-09 19:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AlawarWrapper
2009-02-08 13:32 <DIR> --d----- C:\WINDOWS
2009-02-07 05:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Alawar Stargaze
2009-02-07 05:47 <DIR> --d----- c:\program files\Fashion Season
2009-02-04 07:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GameHouse
2009-02-03 11:48 <DIR> --d----- c:\program files\Shop-n-Spree

==================== Find3M ====================

2009-03-03 21:02 41,412,640 a--sh--- c:\winnt\system32\drivers\fidbox.dat
2009-03-03 21:02 469,832 a--sh--- c:\winnt\system32\drivers\fidbox.idx
2009-01-19 18:19 4,212 ----h--- c:\winnt\system32\zllictbl.dat
2009-01-16 21:35 3,594,752 a------- c:\winnt\system32\dllcache\mshtml.dll
2008-12-25 21:06 89,435 a------- c:\winnt\pchealth\helpctr\offlinecache\index.dat
2008-12-19 04:10 70,656 -------- c:\winnt\system32\dllcache\ie4uinit.exe
2008-12-19 04:10 13,824 -------- c:\winnt\system32\dllcache\ieudinit.exe
2008-12-19 00:25 634,024 a------- c:\winnt\system32\dllcache\iexplore.exe
2008-12-19 00:23 161,792 a------- c:\winnt\system32\dllcache\ieakui.dll
2008-12-11 05:57 333,952 -------- c:\winnt\system32\dllcache\srv.sys
2008-03-02 07:53 0 a------- c:\program files\temp01
2007-10-09 19:01 76,720 a------- c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT
2006-06-05 11:19 311 a------- c:\docume~1\owner\applic~1\bbbconfig.dat
2006-01-23 08:31 774,144 a------- c:\program files\RngInterstitial.dll
2005-04-19 14:47 280,064 a------- c:\docume~1\owner\applic~1\tizhook.bin
2005-04-19 14:47 152,804 a------- c:\docume~1\owner\applic~1\tizupd.bin

============= FINISH: 21:38:32.45 ===============


OK, now I am going to re-start my virus and spyware software.

 

Welcome back


Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the CODE box below:
Save this as "CFScript.txt " including quotes and change the "Save as type" to "All Files" and place it on your desktop.

Code:

File:: 
c:\program files\temp01
c:\documents and settings\Owner\Application Data\tizhook.bin
c:\documents and settings\Owner\Application Data\tizupd.bin

Driver::
ati0vaxx
ati3aexx

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
 "Nszzgvi "=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0vaxx.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3aexx.sys]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iefeatures]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSVersion]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchNavVersion]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DKQXE]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
 "c:\\Program Files\\iWin Games\\iWinGames.exe "=-

DDS::
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://www.playfirst.com/play/game/dinerdash/dinerdash.cab
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
dRun: [Nszzgvi] c:\winnt\system32\w?crtupd.exe
DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - hxxp://a14.g.akamai.net/f/14/7141/1d/www.nielsennetpanel.com/netmeter4_6/NetMeter_preinstaller_activex_en_4.60.38.0_MEGAPANEL_USA.cab

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


In your next reply please post:
Combofix.txt


How long will your internet be suspended?

I would like to see you run an online scan?

 

ComboFix 09-03-02.03 - Owner 2009-03-04 7:30:58.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.313 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG 7.5.552 *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
* Created a new restore point

FILE ::
c:\documents and settings\Owner\Application Data\tizhook.bin
c:\documents and settings\Owner\Application Data\tizupd.bin
c:\program files\temp01
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\tizhook.bin
c:\documents and settings\Owner\Application Data\tizupd.bin
c:\program files\temp01

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ati0vaxx
-------\Service_ati3aexx


((((((((((((((((((((((((( Files Created from 2009-02-04 to 2009-03-04 )))))))))))))))))))))))))))))))
.

2009-03-03 18:49 . 2009-03-03 18:49 578,560 --a------ c:\winnt\system32\dllcache\user32.dll
2009-03-03 18:40 . 2009-03-03 18:41 <DIR> d-------- c:\winnt\ERUNT
2009-03-03 18:17 . 2009-03-03 19:39 <DIR> d-------- C:\SDFix
2009-03-03 12:04 . 2009-03-03 14:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\FarmFrenzy2
2009-03-03 12:03 . 2009-03-03 12:03 <DIR> d-------- c:\documents and settings\Owner\Application Data\WildTangent
2009-03-03 12:01 . 2009-03-03 12:03 <DIR> d-------- c:\program files\WildGames
2009-02-28 14:45 . 2009-03-01 09:36 <DIR> d-------- c:\program files\Farm Frenzy
2009-02-28 06:00 . 2009-02-28 06:00 <DIR> d-------- C:\GameHouse Games
2009-02-27 05:45 . 2009-02-27 05:45 <DIR> d-------- c:\program files\Build-a-lot 2 - Town of the Year
2009-02-24 08:13 . 2009-02-24 08:13 <DIR> d-------- c:\documents and settings\Owner\Application Data\blg
2009-02-24 08:13 . 2009-02-24 08:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\blg
2009-02-21 22:40 . 2009-02-21 22:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Big Fish Games Vancouver
2009-02-21 22:37 . 2009-02-21 22:38 <DIR> d-------- c:\program files\Unwell Mel
2009-02-19 14:01 . 2009-02-19 14:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\FarmFrenzy-PizzaParty
2009-02-15 07:21 . 2009-02-15 07:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lifetime
2009-02-09 19:03 . 2009-02-28 05:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\AlawarWrapper
2009-02-08 13:32 . 2009-02-08 13:32 <DIR> d-------- C:\WINDOWS
2009-02-07 05:48 . 2009-02-07 05:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Alawar Stargaze
2009-02-07 05:47 . 2009-02-07 05:48 <DIR> d-------- c:\program files\Fashion Season
2009-02-04 07:44 . 2009-02-04 07:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\GameHouse

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-04 12:43 472,232 --sha-w c:\winnt\system32\drivers\fidbox.idx
2009-03-04 12:43 41,412,640 --sha-w c:\winnt\system32\drivers\fidbox.dat
2009-03-04 12:23 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-03 17:01 --------- d-----w c:\documents and settings\All Users\Application Data\WildTangent
2009-03-03 13:00 --------- d-----w c:\documents and settings\LocalService\Application Data\AVG7
2009-03-03 12:13 --------- d-----w c:\program files\SpywareBlaster
2009-03-03 10:37 --------- d-----w c:\documents and settings\Owner\Application Data\AVG7
2009-03-01 22:06 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-03-01 18:59 --------- d-----w c:\documents and settings\Owner\Application Data\EleFun Games
2009-03-01 13:26 --------- d-----w c:\program files\GameHouse
2009-03-01 13:26 --------- d-----w c:\documents and settings\Owner\Application Data\GameHouse
2009-02-28 10:59 --------- d-----w c:\program files\RealArcade
2009-02-25 18:59 --------- d-----w c:\documents and settings\Owner\Application Data\PlayFirst
2009-02-24 13:43 --------- d-----w c:\program files\Yahoo! Games
2009-02-21 12:01 --------- d-----w c:\program files\Alawar
2009-02-14 10:33 --------- d-----w c:\documents and settings\All Users\Application Data\SugarGames
2009-02-10 17:47 --------- d-----w c:\program files\Shockwave.com
2009-02-10 13:43 --------- d-----w c:\program files\PlayFirst
2009-02-09 01:39 --------- d--h--w c:\documents and settings\Owner\Application Data\Move Networks
2009-02-06 21:10 --------- d-----w c:\program files\UltimateZip 2007
2009-02-03 16:49 --------- d-----w c:\program files\Shop-n-Spree
2009-02-03 16:49 --------- d-----w c:\documents and settings\Owner\Application Data\ViquaSoft
2009-01-26 15:09 --------- d-----w c:\program files\Be Rich
2009-01-26 14:58 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2009-01-24 18:55 --------- d-----w c:\documents and settings\All Users\Application Data\HipSoft
2009-01-21 13:18 --------- d-----w c:\documents and settings\Owner\Application Data\AlterLab
2009-01-19 23:13 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
2009-01-19 13:32 --------- d-----w c:\documents and settings\Owner\Application Data\Boomzap
2009-01-13 12:56 --------- d-----w c:\documents and settings\All Users\Application Data\DivoGames
2009-01-10 21:08 --------- d-----w c:\documents and settings\Owner\Application Data\Sahmon Games
2007-10-10 00:01 76,720 ----a-w c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2006-06-05 16:19 311 ----a-w c:\documents and settings\Owner\Application Data\bbbconfig.dat
2006-01-23 13:31 774,144 ----a-w c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\winnt\system32\ctfmon.exe" [2008-04-13 15360]
"ATI Remote Control "= "c:\program files\ATI Multimedia\RemCtrl\ATIRW.exe" [2004-04-16 196608]
"AdobeUpdater "= "c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-09 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\winnt\System32\igfxtray.exe" [2004-07-01 155648]
"AdaptecDirectCD "= "c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-03-26 684032]
"HotKeysCmds "= "c:\winnt\System32\hkcmd.exe" [2004-07-01 118784]
"ATI DeviceDetect "= "c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2004-06-15 69705]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 339968]
"AVG7_CC "= "c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-10-17 590848]
"CDTrayPal "= "c:\documents and settings\Owner\Desktop\CDTrayPalN\cdtray.exe" [2005-09-21 139264]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"PhotoExplosionCalCheck "= "c:\program files\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe" [2006-05-10 69632]
"ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"WD Button Manager "= "WDBtnMgr.exe" [2008-01-21 c:\winnt\system32\WDBtnMgr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run "= "c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 219136]
"MySpaceIM "= "c:\program files\MySpace\IM\MySpaceIM.exe" [2007-03-07 5181440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator "= "Narrator.exe" [2008-04-13 c:\winnt\system32\narrator.exe]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
MySurvey Messenger.lnk - c:\program files\MySurvey Messenger\MySurveyMessenger.exe [2007-07-02 651264]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2004-10-02 45056]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
WD Anywhere Backup Launcher.lnk - c:\winnt\Installer\{649C4B1A-6A76-499A-9AEC-0C9530FA7D2C}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe [2008-06-09 9662]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.MI-SC4 "= MI-SC4.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\winnt\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\winnt\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Army Men World War(TM).lnk]
backup=c:\winnt\pss\Army Men World War(TM).lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
backup=c:\winnt\pss\iWin Desktop Alerts.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\winnt\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
backup=c:\winnt\pss\PowerReg Scheduler.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=c:\winnt\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2008-11-09 05:40 2356088 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-22 19:42 116040 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2002-11-03 14:56 188416 c:\winnt\system32\spool\drivers\w32x86\3\hpztsb07.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IEXPLORE.EXE]
--a------ 2008-12-19 00:25 634024 c:\program files\Internet Explorer\iexplore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 09:47 289064 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2002-07-16 20:21 28672 c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2003-02-11 15:44 143360 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
--a------ 2002-07-17 11:00 200767 c:\program files\Microsoft Money\System\mnyexpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-03-07 00:06 5181440 c:\program files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2004-09-22 15:10 1871872 c:\progra~1\Ahead\NEROBA~1\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\winnt\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 19:42 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-08-28 05:38 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a------ 2005-05-03 16:47 100056 c:\progra~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 c:\winnt\Updreg.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer "=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe "=
"c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe "=
"c:\\Program Files\\AIM\\aim.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe "=
"c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

R1 ATMhelpr;ATMhelpr;c:\winnt\system32\drivers\ATMHELPR.SYS [2003-08-31 4064]
R3 DCamUSB20;AVerDVD EZMaker USB 2.0 Video Capture;c:\winnt\system32\drivers\CsMini20.sys [2003-03-18 46248]
S3 kbeepm;kbeepm;\??\c:\docume~1\Owner\LOCALS~1\Temp\kbeepm.sys --> c:\docume~1\Owner\LOCALS~1\Temp\kbeepm.sys [?]
S3 PCDRDRV;Pcdr Helper Driver; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d816fda-c85f-11dc-baa5-0007e9436f41}]
\Shell\AutoRun\command - g:\wd_windows_tools\WDEULA.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7c55951-2fe1-11dd-bbe5-0007e9436f41}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-27 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2009-03-03 c:\winnt\Tasks\FRU Task #Hewlett-Packard#Deskjet#3420.job
- c:\program files\Hewlett-Packard\upapp\hpqfruv.exe []

2003-08-16 c:\winnt\Tasks\ISP signup reminder 1.job
- c:\winnt\System32\OOBE\oobebaln.exe [2008-04-13 19:12]

2003-08-16 c:\winnt\Tasks\ISP signup reminder 2.job
- c:\winnt\System32\OOBE\oobebaln.exe [2008-04-13 19:12]

2003-08-31 c:\winnt\Tasks\ISP signup reminder 3.job
- c:\winnt\System32\OOBE\oobebaln.exe [2008-04-13 19:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://portal.wowway.net/index.php
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.net/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: MyPoints - file://c:\program files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm
Trusted Zone: advancerx.com
DPF: ChatSpace Full Java Client 3.1.0.229 - hxxp://64.55.105.205/Java/cfs31229.cab
DPF: DirectAnimation Java Classes - file://c:\i386\DAJAVA.CAB
DPF: Microsoft XML Parser for Java - file://c:\i386\XMLDSO.CAB
DPF: Yahoo! Chat - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
DPF: {0F04992B-E661-4DB9-B223-903AB628225D} - file://c:\program files\Gateway\Do More\DoMoreRunExe.CAB
DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://www.playfirst.com/play/game/trijinx/trijinx.cab
DPF: {511073AD-BE56-4D43-AE68-93390514385E} - file://c:\program files\gateway\helpspot\TechTools.CAB
DPF: {64CEA9F9-7116-4ECA-A905-FA3EA28BD0FE} - hxxp://www.tripadvisor.com/cab/wabparser.cab
DPF: {7142BA01-8BDF-11CF-9E23-0000E8A37440} - hxxp://admission.udayton.edu//VirTour/svideo.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://www.shockwave.com/content/tumblebugs/axhost.cab
DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} - hxxp://support.gateway.com/eSupport/static/weblaunch/weblaunch.cab
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://www.playfirst.com/play/game/dinerdash/dinerdash.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-04 07:46:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\winnt\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\winnt\system32\ati2evxx.exe
c:\winnt\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\progra~1\Grisoft\AVGFRE~1\avgamsvr.exe
c:\progra~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\progra~1\Grisoft\AVGFRE~1\avgemc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ewido anti-malware\ewidoctrl.exe
c:\winnt\system32\rundll32.exe
c:\progra~1\Webshots\Webshots.scr
c:\winnt\system32\wscntfy.exe
c:\winnt\system32\ZoneLabs\vsmon.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\WD\WD Anywhere Backup\MemeoBackup.exe
.
**************************************************************************
.
Completion time: 2009-03-04 7:56:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-04 12:56:36
ComboFix2.txt 2009-03-04 02:16:17

Pre-Run: 44,733,681,664 bytes free
Post-Run: 44,716,056,576 bytes free

277 --- E O F --- 2009-02-27 06:01:15


My ISP has only suspended our ability to send emails. We can still receive emails and access the internet.

I am now going to re-start all of my disabled onboard security programs.

Then, I've been at work all night so I'm going to bed! I'll continue with the next instructions when I get up. Thanks for all of the help so far.

 

Your very welcome.


Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the CODE box below:
Save this as "CFScript.txt " including quotes and change the "Save as type" to "All Files" and place it on your desktop.

Code:

File:: 
c:\docume~1\Owner\LOCALS~1\Temp\kbeepm.sys 

Driver::
kbeepm

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.




Please download ATF Cleaner by Atribune From Here and save it to your Desktop.
Follow the instructions for the browser you use.
Read the instructions about the cookies. Delete what you do not need.

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Java Cache
The rest are optional - if you want to remove the lot, check "Select All ".
Finally click Empty Selected. When you get the "Done Cleaning " message, click OK.
If you use the Firefox or Opera browsers, you can use this program
as a quick way to tidy those up as well.
When you have finished, click on the Exit button in the Main menu.
========================


NEXT**
I'd like for you to run this next online scan to check for remnants or anything that might be hidden.
The below scan can take up to an hour or longer, please be patient.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.


Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Other available links
Kaspersky Online Scanner or from here
http://www.kaspersky.com/virusscanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition
  files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run. (At times it may appear to stall)
  * Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  * Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  * Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  
• Once the scan is complete, click on View scan report To obtain the report:

Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:
Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in
your reply.

Animated tutorial
http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif

(Note.. for Internet Explorer 7 users:
If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
Or use Firefox with IE-Tab plugin
https://addons.mozilla.org/en-US/firefox/addon/1419


In your next reply post:
ComboFix.txt
Kaspersky log
New HJT log taken after the above scans have run


You may need several replies to post the requested logs, otherwise they might get cut off.


How's the computer?

 

Sorry for the delay, but it took six hours alone for the Kaspersky scan to run. I'll submit the logs below in however many posts it takes. The computer has been running fine all along. We just can't get our email fully restored until this is resolved.

ComboFix 09-03-02.03 - Owner 2009-03-04 17:19:57.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.379 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG 7.5.552 *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
* Created a new restore point

FILE ::
c:\docume~1\Owner\LOCALS~1\Temp\kbeepm.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KBEEPM
-------\Service_kbeepm


((((((((((((((((((((((((( Files Created from 2009-02-04 to 2009-03-04 )))))))))))))))))))))))))))))))
.

2009-03-04 17:11 . 2009-03-04 17:11 <DIR> d-------- c:\program files\Trend Micro
2009-03-04 14:26 . 2009-03-04 14:26 <DIR> d-------- c:\program files\Farm Frenzy 2
2009-03-03 18:49 . 2009-03-03 18:49 578,560 --a------ c:\winnt\system32\dllcache\user32.dll
2009-03-03 18:40 . 2009-03-03 18:41 <DIR> d-------- c:\winnt\ERUNT
2009-03-03 18:17 . 2009-03-03 19:39 <DIR> d-------- C:\SDFix
2009-03-03 12:04 . 2009-03-03 14:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\FarmFrenzy2
2009-03-03 12:03 . 2009-03-03 12:03 <DIR> d-------- c:\documents and settings\Owner\Application Data\WildTangent
2009-03-03 12:01 . 2009-03-03 12:03 <DIR> d-------- c:\program files\WildGames
2009-02-28 14:45 . 2009-03-01 09:36 <DIR> d-------- c:\program files\Farm Frenzy
2009-02-28 06:00 . 2009-02-28 06:00 <DIR> d-------- C:\GameHouse Games
2009-02-27 05:45 . 2009-02-27 05:45 <DIR> d-------- c:\program files\Build-a-lot 2 - Town of the Year
2009-02-24 08:13 . 2009-02-24 08:13 <DIR> d-------- c:\documents and settings\Owner\Application Data\blg
2009-02-24 08:13 . 2009-02-24 08:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\blg
2009-02-21 22:40 . 2009-02-21 22:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Big Fish Games Vancouver
2009-02-21 22:37 . 2009-02-21 22:38 <DIR> d-------- c:\program files\Unwell Mel
2009-02-19 14:01 . 2009-02-19 14:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\FarmFrenzy-PizzaParty
2009-02-15 07:21 . 2009-02-15 07:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lifetime
2009-02-09 19:03 . 2009-02-28 05:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\AlawarWrapper
2009-02-08 13:32 . 2009-02-08 13:32 <DIR> d-------- C:\WINDOWS
2009-02-07 05:48 . 2009-02-07 05:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Alawar Stargaze
2009-02-07 05:47 . 2009-02-07 05:48 <DIR> d-------- c:\program files\Fashion Season
2009-02-04 07:44 . 2009-02-04 07:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\GameHouse

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-04 22:32 474,488 --sha-w c:\winnt\system32\drivers\fidbox.idx
2009-03-04 22:32 41,412,640 --sha-w c:\winnt\system32\drivers\fidbox.dat
2009-03-04 22:14 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-04 21:58 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-03-04 13:00 --------- d-----w c:\documents and settings\LocalService\Application Data\AVG7
2009-03-03 17:01 --------- d-----w c:\documents and settings\All Users\Application Data\WildTangent
2009-03-03 12:13 --------- d-----w c:\program files\SpywareBlaster
2009-03-03 10:37 --------- d-----w c:\documents and settings\Owner\Application Data\AVG7
2009-03-01 18:59 --------- d-----w c:\documents and settings\Owner\Application Data\EleFun Games
2009-03-01 13:26 --------- d-----w c:\program files\GameHouse
2009-03-01 13:26 --------- d-----w c:\documents and settings\Owner\Application Data\GameHouse
2009-02-28 10:59 --------- d-----w c:\program files\RealArcade
2009-02-25 18:59 --------- d-----w c:\documents and settings\Owner\Application Data\PlayFirst
2009-02-24 13:43 --------- d-----w c:\program files\Yahoo! Games
2009-02-21 12:01 --------- d-----w c:\program files\Alawar
2009-02-14 10:33 --------- d-----w c:\documents and settings\All Users\Application Data\SugarGames
2009-02-10 17:47 --------- d-----w c:\program files\Shockwave.com
2009-02-10 13:43 --------- d-----w c:\program files\PlayFirst
2009-02-09 01:39 --------- d--h--w c:\documents and settings\Owner\Application Data\Move Networks
2009-02-06 21:10 --------- d-----w c:\program files\UltimateZip 2007
2009-02-03 16:49 --------- d-----w c:\program files\Shop-n-Spree
2009-02-03 16:49 --------- d-----w c:\documents and settings\Owner\Application Data\ViquaSoft
2009-01-26 15:09 --------- d-----w c:\program files\Be Rich
2009-01-26 14:58 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2009-01-24 18:55 --------- d-----w c:\documents and settings\All Users\Application Data\HipSoft
2009-01-21 13:18 --------- d-----w c:\documents and settings\Owner\Application Data\AlterLab
2009-01-19 23:13 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
2009-01-19 13:32 --------- d-----w c:\documents and settings\Owner\Application Data\Boomzap
2009-01-13 12:56 --------- d-----w c:\documents and settings\All Users\Application Data\DivoGames
2009-01-10 21:08 --------- d-----w c:\documents and settings\Owner\Application Data\Sahmon Games
2007-10-10 00:01 76,720 ----a-w c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2006-06-05 16:19 311 ----a-w c:\documents and settings\Owner\Application Data\bbbconfig.dat
2006-01-23 13:31 774,144 ----a-w c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\winnt\system32\ctfmon.exe" [2008-04-13 15360]
"ATI Remote Control "= "c:\program files\ATI Multimedia\RemCtrl\ATIRW.exe" [2004-04-16 196608]
"AdobeUpdater "= "c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-09 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\winnt\System32\igfxtray.exe" [2004-07-01 155648]
"AdaptecDirectCD "= "c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-03-26 684032]
"HotKeysCmds "= "c:\winnt\System32\hkcmd.exe" [2004-07-01 118784]
"ATI DeviceDetect "= "c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2004-06-15 69705]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 339968]
"AVG7_CC "= "c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-10-17 590848]
"CDTrayPal "= "c:\documents and settings\Owner\Desktop\CDTrayPalN\cdtray.exe" [2005-09-21 139264]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"PhotoExplosionCalCheck "= "c:\program files\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe" [2006-05-10 69632]
"ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"WD Button Manager "= "WDBtnMgr.exe" [2008-01-21 c:\winnt\system32\WDBtnMgr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run "= "c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 219136]
"MySpaceIM "= "c:\program files\MySpace\IM\MySpaceIM.exe" [2007-03-07 5181440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator "= "Narrator.exe" [2008-04-13 c:\winnt\system32\narrator.exe]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
MySurvey Messenger.lnk - c:\program files\MySurvey Messenger\MySurveyMessenger.exe [2007-07-02 651264]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2004-10-02 45056]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
WD Anywhere Backup Launcher.lnk - c:\winnt\Installer\{649C4B1A-6A76-499A-9AEC-0C9530FA7D2C}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe [2008-06-09 9662]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.MI-SC4 "= MI-SC4.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0vaxx.sys]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3aexx.sys]
@=" "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\winnt\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\winnt\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Army Men World War(TM).lnk]
backup=c:\winnt\pss\Army Men World War(TM).lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
backup=c:\winnt\pss\iWin Desktop Alerts.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\winnt\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
backup=c:\winnt\pss\PowerReg Scheduler.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=c:\winnt\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2008-11-09 05:40 2356088 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-22 19:42 116040 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2002-11-03 14:56 188416 c:\winnt\system32\spool\drivers\w32x86\3\hpztsb07.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IEXPLORE.EXE]
--a------ 2008-12-19 00:25 634024 c:\program files\Internet Explorer\iexplore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 09:47 289064 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2002-07-16 20:21 28672 c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2003-02-11 15:44 143360 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
--a------ 2002-07-17 11:00 200767 c:\program files\Microsoft Money\System\mnyexpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-03-07 00:06 5181440 c:\program files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2004-09-22 15:10 1871872 c:\progra~1\Ahead\NEROBA~1\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\winnt\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 19:42 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-08-28 05:38 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a------ 2005-05-03 16:47 100056 c:\progra~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 c:\winnt\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe "=
"c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe "=
"c:\\Program Files\\AIM\\aim.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe "=
"c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

R1 ATMhelpr;ATMhelpr;c:\winnt\system32\drivers\ATMHELPR.SYS [2003-08-31 4064]
R3 DCamUSB20;AVerDVD EZMaker USB 2.0 Video Capture;c:\winnt\system32\drivers\CsMini20.sys [2003-03-18 46248]
S3 PCDRDRV;Pcdr Helper Driver; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d816fda-c85f-11dc-baa5-0007e9436f41}]
\Shell\AutoRun\command - g:\wd_windows_tools\WDEULA.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7c55951-2fe1-11dd-bbe5-0007e9436f41}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-27 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2009-03-04 c:\winnt\Tasks\FRU Task #Hewlett-Packard#Deskjet#3420.job
- c:\program files\Hewlett-Packard\upapp\hpqfruv.exe []

2003-08-16 c:\winnt\Tasks\ISP signup reminder 1.job
- c:\winnt\System32\OOBE\oobebaln.exe [2008-04-13 19:12]

2003-08-16 c:\winnt\Tasks\ISP signup reminder 2.job
- c:\winnt\System32\OOBE\oobebaln.exe [2008-04-13 19:12]

2003-08-31 c:\winnt\Tasks\ISP signup reminder 3.job
- c:\winnt\System32\OOBE\oobebaln.exe [2008-04-13 19:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://portal.wowway.net/index.php
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.net/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: MyPoints - file://c:\program files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm
Trusted Zone: advancerx.com
DPF: ChatSpace Full Java Client 3.1.0.229 - hxxp://64.55.105.205/Java/cfs31229.cab
DPF: DirectAnimation Java Classes - file://c:\i386\DAJAVA.CAB
DPF: Microsoft XML Parser for Java - file://c:\i386\XMLDSO.CAB
DPF: Yahoo! Chat - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
DPF: {0F04992B-E661-4DB9-B223-903AB628225D} - file://c:\program files\Gateway\Do More\DoMoreRunExe.CAB
DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://www.playfirst.com/play/game/trijinx/trijinx.cab
DPF: {511073AD-BE56-4D43-AE68-93390514385E} - file://c:\program files\gateway\helpspot\TechTools.CAB
DPF: {64CEA9F9-7116-4ECA-A905-FA3EA28BD0FE} - hxxp://www.tripadvisor.com/cab/wabparser.cab
DPF: {7142BA01-8BDF-11CF-9E23-0000E8A37440} - hxxp://admission.udayton.edu//VirTour/svideo.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://www.shockwave.com/content/tumblebugs/axhost.cab
DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} - hxxp://support.gateway.com/eSupport/static/weblaunch/weblaunch.cab
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://www.playfirst.com/play/game/dinerdash/dinerdash.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-04 17:35:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\winnt\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\winnt\system32\ati2evxx.exe
c:\winnt\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\progra~1\Grisoft\AVGFRE~1\avgamsvr.exe
c:\progra~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\progra~1\Grisoft\AVGFRE~1\avgemc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ewido anti-malware\ewidoctrl.exe
c:\winnt\system32\rundll32.exe
c:\progra~1\Webshots\Webshots.scr
c:\winnt\system32\ZoneLabs\vsmon.exe
c:\winnt\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\WD\WD Anywhere Backup\MemeoBackup.exe
.
**************************************************************************
.
Completion time: 2009-03-04 17:46:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-04 22:45:58
ComboFix2.txt 2009-03-04 12:56:46
ComboFix3.txt 2009-03-04 02:16:17

Pre-Run: 44,612,407,296 bytes free
Post-Run: 44,596,502,528 bytes free

276 --- E O F --- 2009-02-27 06:01:15


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, March 5, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, March 04, 2009 14:59:58
Records in database: 1868423
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 324557
Threat name: 8
Infected objects: 9
Suspicious objects: 2
Duration of the scan: 05:55:25


File name / Threat name / Threats count
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{7FAF35F0-91FF-4D24-8A3E-48CCFC1E0F89}\Microsoft\Outlook Express\Deleted Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{A2215423-984B-4988-8B69-54CEE7D83A74}\Microsoft\Outlook Express\Deleted Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{AB0CE525-A334-470F-9A54-0ABE76E6261E}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Trojan-Downloader.HTML.Agent.km 1
C:\Program Files\Fenomen Games Downloader\Downloader.exe Infected: not-a-virus:WebToolbar.Win32.FenomenGame.ojw 1
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\tizupd.bin.vir Infected: not-a-virus:AdWare.Win32.PurityScan.w 1
C:\SDFix\backups\catchme.zip Infected: Rootkit.Win32.Protector.cd 1
C:\WINDOWS\system\mirc.ini Infected: Backdoor.IRC.Zapchast 1
C:\WINDOWS\system\script.ini Infected: Backdoor.IRC.Zapchast 1
C:\WINDOWS\system\sup.reg Infected: Backdoor.IRC.Zapchast 1
C:\WINNT\ast_4_mm.exe Infected: not-a-virus:AdWare.Win32.AdWast.a 1
C:\WINNT\ast_4_mm.exe Infected: Trojan-Downloader.Win32.VB.ah 1

The selected area was scanned.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:09:36 AM, on 3/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Documents and Settings\Owner\Desktop\CDTrayPalN\cdtray.exe
C:\WINNT\system32\WDBtnMgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
C:\WINNT\explorer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.wowway.net/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CDTrayPal] C:\Documents and Settings\Owner\Desktop\CDTrayPalN\cdtray.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [PhotoExplosionCalCheck] C:\Program Files\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe "
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: MySurvey Messenger.lnk = C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WD Anywhere Backup Launcher.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MyPoints - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Point Alert - {67B50696-04BA-48ea-A697-28AA0EAA9C26} - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm (HKCU)
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://64.55.105.205/Java/cfs31229.cab
O16 - DPF: Yahoo! Bingo - http://download2.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www1.snapfish.com/SnapfishOutlookImport.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Slingo%20Quest%20Hawaii/Images/stg_drm.ocx
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://www.playfirst.com/play/game/trijinx/trijinx.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://web-student-3.udayton.edu/iNotes6W.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - https://www.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - file://C:\Program Files\gateway\helpspot\TechTools.CAB
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.53.cab
O16 - DPF: {64CEA9F9-7116-4ECA-A905-FA3EA28BD0FE} (OutlookImporter Class) - http://www.tripadvisor.com/cab/wabparser.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1202843377078
O16 - DPF: {7142BA01-8BDF-11CF-9E23-0000E8A37440} (Surround Video Control Object) - http://admission.udayton.edu//VirTour/svideo.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - file://C:\Program Files\gateway\helpspot\RunExeActiveX.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/tumblebugs/axhost.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JS...2/&filename=jinstall-6u12-windows-i586-jc.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1...taller_activex_en_4.60.38.0_MEGAPANEL_USA.cab
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://support.gateway.com/eSupport/static/weblaunch/weblaunch.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - https://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Lottery%20Ticket/Images/armhelper.ocx
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave.com/content/cinematycoon/cinematycoon.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.playfirst.com/play/game/dinerdash/dinerdash.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://www.playfirst.com/play/game/weddingdash/WeddingDash.1.0.0.44.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINNT\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
O24 - Desktop Component 0: (no name) - http://images1.snapfish.com/34773<7;2fp345>vq=3233>86;>7:6>232486;897383wp1lsi

--
End of file - 17387 bytes

 

Welcome back

Sorry Kaspersky took so long but it is a very thorough scanner.

C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{7FAF35F0-91FF-4D24-8A3E-48CCFC1E0F89}\Microsoft\Outlook Express\Deleted Items.dbx
I can see identities for maybe 3 different users?
Anyone who has a OutLook Express account on the computer should go in and empty out those folders.



Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Save this as "CFScript.txt " including quotes and change the "Save as type" to "All Files" and place it on your desktop.

Code:

RegLockDel::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0vaxx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3aexx.sys]

File:: 
C:\Program Files\Fenomen Games Downloader\Downloader.exe
C:\WINDOWS\system\script.ini
C:\WINDOWS\system\sup.reg 
C:\WINNT\ast_4_mm.exe
C:\WINDOWS\system\mirc.ini

Driver::
ati3aexx
ati0vaxx

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IEXPLORE.EXE]

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.


In your next reply post:
ComboFix.tt
new HJT log


How's the computer now?

 

Sorry, forgot to add this.

C:\SDFix\backups <--delete this folder and empty your recycle bin.

WildTangent is classified foistware, it's in a grey area of programs, dell also installs it on new computers as do others, it's a revenue generating system of programs utilized by advertisers.

It's recommended you uninstall.

 

Here are the requested logs.

ComboFix 09-03-02.03 - Owner 2009-03-05 16:49:11.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.340 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG 7.5.552 *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
* Created a new restore point

FILE ::
c:\program files\Fenomen Games Downloader\Downloader.exe
c:\windows\system\mirc.ini
c:\windows\system\script.ini
c:\windows\system\sup.reg
c:\winnt\ast_4_mm.exe
.

((((((((((((((((((((((((( Files Created from 2009-02-05 to 2009-03-05 )))))))))))))))))))))))))))))))
.

2009-03-04 18:07 . 2009-03-04 18:07 <DIR> d-------- c:\winnt\Sun
2009-03-04 18:07 . 2009-03-04 18:06 410,984 --a------ c:\winnt\system32\deploytk.dll
2009-03-04 18:07 . 2009-03-04 18:06 73,728 --a------ c:\winnt\system32\javacpl.cpl
2009-03-04 18:06 . 2009-03-04 18:06 <DIR> d-------- c:\program files\Java
2009-03-04 17:11 . 2009-03-04 17:11 <DIR> d-------- c:\program files\Trend Micro
2009-03-04 14:26 . 2009-03-05 12:55 <DIR> d-------- c:\program files\Farm Frenzy 2
2009-03-03 18:49 . 2009-03-03 18:49 578,560 --a------ c:\winnt\system32\dllcache\user32.dll
2009-03-03 18:40 . 2009-03-03 18:41 <DIR> d-------- c:\winnt\ERUNT
2009-03-03 18:17 . 2009-03-05 15:24 <DIR> d-------- C:\SDFix
2009-03-03 12:04 . 2009-03-03 14:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\FarmFrenzy2
2009-02-28 14:45 . 2009-03-01 09:36 <DIR> d-------- c:\program files\Farm Frenzy
2009-02-28 06:00 . 2009-02-28 06:00 <DIR> d-------- C:\GameHouse Games
2009-02-27 05:45 . 2009-02-27 05:45 <DIR> d-------- c:\program files\Build-a-lot 2 - Town of the Year
2009-02-24 08:13 . 2009-02-24 08:13 <DIR> d-------- c:\documents and settings\Owner\Application Data\blg
2009-02-24 08:13 . 2009-02-24 08:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\blg
2009-02-21 22:40 . 2009-02-21 22:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Big Fish Games Vancouver
2009-02-21 22:37 . 2009-02-21 22:38 <DIR> d-------- c:\program files\Unwell Mel
2009-02-19 14:01 . 2009-02-19 14:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\FarmFrenzy-PizzaParty
2009-02-15 07:21 . 2009-02-15 07:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lifetime
2009-02-09 19:03 . 2009-02-28 05:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\AlawarWrapper
2009-02-08 13:32 . 2009-02-08 13:32 <DIR> d-------- C:\WINDOWS
2009-02-07 05:48 . 2009-02-07 05:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Alawar Stargaze
2009-02-07 05:47 . 2009-02-07 05:48 <DIR> d-------- c:\program files\Fashion Season

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-05 21:43 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-05 20:41 --------- d-----w c:\program files\Fenomen Games Downloader
2009-03-05 20:32 --------- d-----w c:\documents and settings\All Users\Application Data\WildTangent
2009-03-05 15:34 --------- d-----w c:\documents and settings\LocalService\Application Data\AVG7
2009-03-04 22:32 474,488 --sha-w c:\winnt\system32\drivers\fidbox.idx
2009-03-04 22:32 41,412,640 --sha-w c:\winnt\system32\drivers\fidbox.dat
2009-03-04 21:58 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-03-04 10:23 40,057,581 ----a-w c:\winnt\Internet Logs\tvDebug.zip
2009-03-03 12:13 --------- d-----w c:\program files\SpywareBlaster
2009-03-03 10:37 --------- d-----w c:\documents and settings\Owner\Application Data\AVG7
2009-03-01 18:59 --------- d-----w c:\documents and settings\Owner\Application Data\EleFun Games
2009-03-01 13:26 --------- d-----w c:\program files\GameHouse
2009-03-01 13:26 --------- d-----w c:\documents and settings\Owner\Application Data\GameHouse
2009-02-28 10:59 --------- d-----w c:\program files\RealArcade
2009-02-25 18:59 --------- d-----w c:\documents and settings\Owner\Application Data\PlayFirst
2009-02-24 13:43 --------- d-----w c:\program files\Yahoo! Games
2009-02-21 12:01 --------- d-----w c:\program files\Alawar
2009-02-14 10:33 --------- d-----w c:\documents and settings\All Users\Application Data\SugarGames
2009-02-10 17:47 --------- d-----w c:\program files\Shockwave.com
2009-02-10 13:43 --------- d-----w c:\program files\PlayFirst
2009-02-09 01:39 --------- d--h--w c:\documents and settings\Owner\Application Data\Move Networks
2009-02-06 21:10 --------- d-----w c:\program files\UltimateZip 2007
2009-02-04 12:44 --------- d-----w c:\documents and settings\All Users\Application Data\GameHouse
2009-02-03 16:49 --------- d-----w c:\program files\Shop-n-Spree
2009-02-03 16:49 --------- d-----w c:\documents and settings\Owner\Application Data\ViquaSoft
2009-01-26 15:09 --------- d-----w c:\program files\Be Rich
2009-01-26 14:58 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2009-01-24 18:55 --------- d-----w c:\documents and settings\All Users\Application Data\HipSoft
2009-01-21 13:18 --------- d-----w c:\documents and settings\Owner\Application Data\AlterLab
2009-01-19 23:13 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
2009-01-19 13:32 --------- d-----w c:\documents and settings\Owner\Application Data\Boomzap
2009-01-17 02:35 3,594,752 ----a-w c:\winnt\system32\dllcache\mshtml.dll
2009-01-15 09:49 1,008,128 ----a-w c:\winnt\Internet Logs\xDB190.tmp
2009-01-13 12:56 --------- d-----w c:\documents and settings\All Users\Application Data\DivoGames
2009-01-10 21:08 --------- d-----w c:\documents and settings\Owner\Application Data\Sahmon Games
2008-12-19 09:10 70,656 ------w c:\winnt\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\winnt\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ----a-w c:\winnt\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ----a-w c:\winnt\system32\dllcache\ieakui.dll
2008-12-11 10:57 333,952 ------w c:\winnt\system32\dllcache\srv.sys
2008-12-08 03:24 175,616 ----a-w c:\winnt\Internet Logs\xDB18F.tmp
2007-10-10 00:01 76,720 ----a-w c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2006-06-05 16:19 311 ----a-w c:\documents and settings\Owner\Application Data\bbbconfig.dat
2006-01-23 13:31 774,144 ----a-w c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-03-03_21.13.32.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-04 23:06:36 144,792 ----a-w c:\winnt\system32\java.exe
+ 2009-03-04 23:06:36 144,792 ----a-w c:\winnt\system32\javaw.exe
+ 2009-03-04 23:06:36 148,888 ----a-w c:\winnt\system32\javaws.exe
+ 2009-03-04 23:07:05 16,384 ----atw c:\winnt\Temp\Perflib_Perfdata_f0c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\winnt\system32\ctfmon.exe" [2008-04-13 15360]
"ATI Remote Control "= "c:\program files\ATI Multimedia\RemCtrl\ATIRW.exe" [2004-04-16 196608]
"AdobeUpdater "= "c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-09 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\winnt\System32\igfxtray.exe" [2004-07-01 155648]
"AdaptecDirectCD "= "c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-03-26 684032]
"HotKeysCmds "= "c:\winnt\System32\hkcmd.exe" [2004-07-01 118784]
"ATI DeviceDetect "= "c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2004-06-15 69705]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 339968]
"AVG7_CC "= "c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-10-17 590848]
"CDTrayPal "= "c:\documents and settings\Owner\Desktop\CDTrayPalN\cdtray.exe" [2005-09-21 139264]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"PhotoExplosionCalCheck "= "c:\program files\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe" [2006-05-10 69632]
"ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-03-04 148888]
"WD Button Manager "= "WDBtnMgr.exe" [2008-01-21 c:\winnt\system32\WDBtnMgr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run "= "c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 219136]
"MySpaceIM "= "c:\program files\MySpace\IM\MySpaceIM.exe" [2007-03-07 5181440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator "= "Narrator.exe" [2008-04-13 c:\winnt\system32\narrator.exe]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
MySurvey Messenger.lnk - c:\program files\MySurvey Messenger\MySurveyMessenger.exe [2007-07-02 651264]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2004-10-02 45056]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
WD Anywhere Backup Launcher.lnk - c:\winnt\Installer\{649C4B1A-6A76-499A-9AEC-0C9530FA7D2C}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe [2008-06-09 9662]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.MI-SC4 "= MI-SC4.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\winnt\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\winnt\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Army Men World War(TM).lnk]
backup=c:\winnt\pss\Army Men World War(TM).lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
backup=c:\winnt\pss\iWin Desktop Alerts.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\winnt\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
backup=c:\winnt\pss\PowerReg Scheduler.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=c:\winnt\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2008-11-09 05:40 2356088 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-22 19:42 116040 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2002-11-03 14:56 188416 c:\winnt\system32\spool\drivers\w32x86\3\hpztsb07.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 09:47 289064 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2002-07-16 20:21 28672 c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2003-02-11 15:44 143360 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
--a------ 2002-07-17 11:00 200767 c:\program files\Microsoft Money\System\mnyexpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-03-07 00:06 5181440 c:\program files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2004-09-22 15:10 1871872 c:\progra~1\Ahead\NEROBA~1\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\winnt\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 19:42 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-08-28 05:38 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a------ 2005-05-03 16:47 100056 c:\progra~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 c:\winnt\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe "=
"c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe "=
"c:\\Program Files\\AIM\\aim.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe "=
"c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

R1 ATMhelpr;ATMhelpr;c:\winnt\system32\drivers\ATMHELPR.SYS [2003-08-31 4064]
R3 DCamUSB20;AVerDVD EZMaker USB 2.0 Video Capture;c:\winnt\system32\drivers\CsMini20.sys [2003-03-18 46248]
S3 PCDRDRV;Pcdr Helper Driver; [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d816fda-c85f-11dc-baa5-0007e9436f41}]
\Shell\AutoRun\command - g:\wd_windows_tools\WDEULA.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7c55951-2fe1-11dd-bbe5-0007e9436f41}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-27 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2009-03-05 c:\winnt\Tasks\FRU Task #Hewlett-Packard#Deskjet#3420.job
- c:\program files\Hewlett-Packard\upapp\hpqfruv.exe []

2003-08-16 c:\winnt\Tasks\ISP signup reminder 1.job
- c:\winnt\System32\OOBE\oobebaln.exe [2008-04-13 19:12]

2003-08-16 c:\winnt\Tasks\ISP signup reminder 2.job
- c:\winnt\System32\OOBE\oobebaln.exe [2008-04-13 19:12]

2003-08-31 c:\winnt\Tasks\ISP signup reminder 3.job
- c:\winnt\System32\OOBE\oobebaln.exe [2008-04-13 19:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://portal.wowway.net/index.php
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.net/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: MyPoints - file://c:\program files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm
Trusted Zone: advancerx.com
DPF: ChatSpace Full Java Client 3.1.0.229 - hxxp://64.55.105.205/Java/cfs31229.cab
DPF: DirectAnimation Java Classes - file://c:\i386\DAJAVA.CAB
DPF: Microsoft XML Parser for Java - file://c:\i386\XMLDSO.CAB
DPF: Yahoo! Chat - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
DPF: {0F04992B-E661-4DB9-B223-903AB628225D} - file://c:\program files\Gateway\Do More\DoMoreRunExe.CAB
DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://www.playfirst.com/play/game/trijinx/trijinx.cab
DPF: {511073AD-BE56-4D43-AE68-93390514385E} - file://c:\program files\gateway\helpspot\TechTools.CAB
DPF: {64CEA9F9-7116-4ECA-A905-FA3EA28BD0FE} - hxxp://www.tripadvisor.com/cab/wabparser.cab
DPF: {7142BA01-8BDF-11CF-9E23-0000E8A37440} - hxxp://admission.udayton.edu//VirTour/svideo.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://www.shockwave.com/content/tumblebugs/axhost.cab
DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} - hxxp://support.gateway.com/eSupport/static/weblaunch/weblaunch.cab
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://www.playfirst.com/play/game/dinerdash/dinerdash.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-05 16:57:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\winnt\system32\Ati2evxx.dll
.
Completion time: 2009-03-05 17:05:49
ComboFix-quarantined-files.txt 2009-03-05 22:05:43
ComboFix2.txt 2009-03-05 20:58:05
ComboFix3.txt 2009-03-04 22:46:08
ComboFix4.txt 2009-03-04 12:56:46
ComboFix5.txt 2009-03-05 21:48:01

Pre-Run: 44,587,134,976 bytes free
Post-Run: 44,550,668,288 bytes free

271 --- E O F --- 2009-02-27 06:01:15


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:34:21 PM, on 3/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Documents and Settings\Owner\Desktop\CDTrayPalN\cdtray.exe
C:\WINNT\system32\WDBtnMgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.wowway.net/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CDTrayPal] C:\Documents and Settings\Owner\Desktop\CDTrayPalN\cdtray.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [PhotoExplosionCalCheck] C:\Program Files\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe "
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: MySurvey Messenger.lnk = C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WD Anywhere Backup Launcher.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MyPoints - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Point Alert - {67B50696-04BA-48ea-A697-28AA0EAA9C26} - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\scri800a.htm (HKCU)
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://64.55.105.205/Java/cfs31229.cab
O16 - DPF: Yahoo! Bingo - http://download2.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www1.snapfish.com/SnapfishOutlookImport.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Slingo%20Quest%20Hawaii/Images/stg_drm.ocx
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://www.playfirst.com/play/game/trijinx/trijinx.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://web-student-3.udayton.edu/iNotes6W.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - https://www.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - file://C:\Program Files\gateway\helpspot\TechTools.CAB
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.53.cab
O16 - DPF: {64CEA9F9-7116-4ECA-A905-FA3EA28BD0FE} (OutlookImporter Class) - http://www.tripadvisor.com/cab/wabparser.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1202843377078
O16 - DPF: {7142BA01-8BDF-11CF-9E23-0000E8A37440} (Surround Video Control Object) - http://admission.udayton.edu//VirTour/svideo.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - file://C:\Program Files\gateway\helpspot\RunExeActiveX.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/tumblebugs/axhost.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JS...2/&filename=jinstall-6u12-windows-i586-jc.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1...taller_activex_en_4.60.38.0_MEGAPANEL_USA.cab
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://support.gateway.com/eSupport/static/weblaunch/weblaunch.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - https://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Lottery%20Ticket/Images/armhelper.ocx
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave.com/content/cinematycoon/cinematycoon.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.playfirst.com/play/game/dinerdash/dinerdash.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://www.playfirst.com/play/game/weddingdash/WeddingDash.1.0.0.44.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINNT\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
O24 - Desktop Component 0: (no name) - http://images1.snapfish.com/34773<7;2fp345>vq=3233>86;>7:6>232486;897383wp1lsi

--
End of file - 17278 bytes

 

Looking better.

Before i have you do anything else
Did you set this image from images1.snapfish.com as your computer desktop background?
O24 - Desktop Component 0: (no name) - http://images1.snapfish.com/34773<...3B897383wp1lsi



How's the computer now?

 

I am unable to open the link you provided to the snapfish photo. However, I do know that the image on our desktop background is from webshots, if that helps.

 

OK on the desktop then.


Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

The following are not necessarily spyware/malware, but we suggest you place a check mark next to the following entries, as these programs may be taking up system resources.

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
(Description: Intel hotkey applet. Unnecessary. Removing this will free up a small amount of system resources.)

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] \ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe\ "
(Description: Adobe reader startup - unnecessarily uses system resources.)

O4 - HKLM\..\Run: [SunJavaUpdateSched] \ "C:\Program Files\Java\jre6\bin\jusched.exe\ "
(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)

O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe "
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - Startup: MySurvey Messenger.lnk = C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe


Now reboot the computer to set the registry.



Don't miss or skip this next step, this will remove malicious files from quarantine and set a clean restore point.

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the x and the /u, it needs to be there.

Example below




If there are no more malware issues your good to go, good job!



Please take the time to read over a few of my preventive tips.


Please navigate to Microsoft Windows Updates and download all the "Critical Updates " for Windows.


Firefox 3
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 2, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

How to prevent Malware: Created by Miekiemoes

Here are some additional utilities that will further enhance your safety.
# http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)


Read this article 'Safe Computing Practices'.
So how did I get infected in the first place.

Secure My Computer: A Layered Approach

Strong passwords: How to create and use them

Free Antivirus-AntiSpyware-Firewall Software
Slow Computer May Not Be Malware Related, Help! My computer is slow!
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html


PC Safety and Security--What Do I Need?
http://www.techsupportforum.com/sec...115548-pc-safety-security-what-do-i-need.html

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!
This site offers people who have been (or are) victims of malware the opportunity to document their story.

Extra note:
Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/

 

I've given it a few days, and everything seems to be A-OK now, so I thought I would report back. Thanks a bunch for the help.

 

Glad we could help, Safe Surfing.