1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Yahoo/Google Link Redirect

Discussion in 'Malware and Virus Removal Archive' started by CirrusFalcon, 2009/01/30.

  1. 2009/01/30
    CirrusFalcon

    CirrusFalcon Inactive Thread Starter

    Joined:
    2009/01/30
    Messages:
    15
    Likes Received:
    0
    [Inactive] Yahoo/Google Link Redirect

    Hello. I'm brand new to this forum, so please excuse my ignorance. I'm sure you are familiar with this problem, so I'm hoping you can help me out. From the looks of it, people were just posting the Hijack This log. If I need to post anything else, just let me know. Here's mine:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:49:31 AM, on 1/30/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18372)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS2\System32\smss.exe
    C:\WINDOWS2\system32\winlogon.exe
    C:\WINDOWS2\system32\services.exe
    C:\WINDOWS2\system32\lsass.exe
    C:\WINDOWS2\system32\Ati2evxx.exe
    C:\WINDOWS2\system32\svchost.exe
    C:\WINDOWS2\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS2\system32\Ati2evxx.exe
    C:\WINDOWS2\system32\spoolsv.exe
    C:\WINDOWS2\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS2\RTHDCPL.EXE
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS2\ALCMTR.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Common Files\AOL\1155073393\ee\AOLSoftware.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS2\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS2\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS2\system32\svchost.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\AVG\AVG8\aAvgApi.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS2\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1155073393\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS2\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS2\system32\PCLECoInst.dll ",CheckUSBController
    O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe "
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS2\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS2\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.moove.com
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.53.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://65.5.111.17/activex/AMC.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS2\SYSTEM32\avgrsstx.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS2\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS2\system32\ati2sgag.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 11303 bytes
     
  2. 2009/01/31
    CirrusFalcon

    CirrusFalcon Inactive Thread Starter

    Joined:
    2009/01/30
    Messages:
    15
    Likes Received:
    0
    Anticipting the request, I am also going to post the results from a RootRepeal scan. I would appreciate any help with this problem. I've been forced to change my search engine to Dogpile to avoid the problems with Google and Yahoo. I did discover, however, that when using Yahoo or Google, the links after the first two pages have usually returned to normal. It is still an inconvenience, though.

    ROOTREPEAL (c) AD, 2007-2008
    ==================================================
    Scan Time: 2009/01/31 12:42
    Program Version: Version 1.2.3.0
    Windows Version: Windows XP SP3
    ==================================================

    Drivers
    -------------------
    Name: dump_atapi.sys
    Image Path: C:\WINDOWS2\System32\Drivers\dump_atapi.sys
    Address: 0xAD866000 Size: 98304 File Visible: No
    Status: -

    Name: dump_WMILIB.SYS
    Image Path: C:\WINDOWS2\System32\Drivers\dump_WMILIB.SYS
    Address: 0xF799F000 Size: 8192 File Visible: No
    Status: -

    Name: rootrepeal.sys
    Image Path: C:\WINDOWS2\system32\drivers\rootrepeal.sys
    Address: 0xAA24A000 Size: 45056 File Visible: No
    Status: -

    Hidden/Locked Files
    -------------------
    Path: C:\WINDOWS2\Temp\758a771d-19d0-44b8-ae9c-56c7c7420ee4.tmp
    Status: Invisible to the Windows API!

    Path: C:\WINDOWS2\Temp\55d4874c-1177-4308-be0b-0ac902eaac67.tmp
    Status: Invisible to the Windows API!

    Path: C:\WINDOWS2\Temp\2060e6b5-92cf-483d-b20b-076ca5709ba5.tmp
    Status: Visible to the Windows API, but not on disk.

    Path: C:\WINDOWS2\Temp\d390303b-07ca-4c23-a8a0-14d2f75aec7a.tmp
    Status: Visible to the Windows API, but not on disk.

    Path: C:\Documents and Settings\NetworkService\ntuser.dat.LOG
    Status: Allocation size mismatch (API: 98304, Raw: 32768)

    Path: C:\Documents and Settings\LocalService\ntuser.dat.LOG
    Status: Allocation size mismatch (API: 98304, Raw: 32768)

    Path: C:\Documents and Settings\Peter Wroblewski\NTUSER.DAT.LOG
    Status: Allocation size mismatch (API: 1310720, Raw: 32768)

    Path: C:\WINDOWS2\SYSTEM32\CONFIG\SYSTEM.LOG
    Status: Allocation size mismatch (API: 229376, Raw: 32768)

    Path: C:\WINDOWS2\SYSTEM32\CONFIG\SOFTWARE.LOG
    Status: Allocation size mismatch (API: 2457600, Raw: 32768)

    Path: C:\WINDOWS2\SYSTEM32\CONFIG\DEFAULT.LOG
    Status: Allocation size mismatch (API: 131072, Raw: 32768)

    Path: C:\Documents and Settings\Peter Wroblewski\Cookies\peter_wroblewski@windowsbbs[1].txt
    Status: Invisible to the Windows API!

    Path: C:\Documents and Settings\Peter Wroblewski\Cookies\peter_wroblewski@windowsbbs[2].txt
    Status: Visible to the Windows API, but not on disk.

    Path: C:\Documents and Settings\Peter Wroblewski\Local Settings\Temp\~DFACB7.TMP
    Status: Allocation size mismatch (API: 32768, Raw: 0)

    Path: C:\Documents and Settings\All Users\Application Data\AVG8\Log\AVGWD.LOG
    Status: Allocation size mismatch (API: 1933312, Raw: 917504)

    Path: C:\Documents and Settings\All Users\Application Data\AVG8\Log\AVGSCHED.LOG
    Status: Allocation size mismatch (API: 1540096, Raw: 524288)

    Path: C:\Documents and Settings\All Users\Application Data\AVG8\Log\AVGCFG.LOG
    Status: Allocation size mismatch (API: 1114112, Raw: 98304)

    Path: C:\Documents and Settings\All Users\Application Data\AVG8\Log\AVGNS.LOG
    Status: Allocation size mismatch (API: 1081344, Raw: 163840)

    Path: C:\Documents and Settings\All Users\Application Data\AVG8\Log\AVGRS.LOG
    Status: Allocation size mismatch (API: 1081344, Raw: 131072)

    Path: C:\Documents and Settings\All Users\Application Data\AVG8\Log\avgcore.log.1
    Status: Allocation size mismatch (API: 1343488, Raw: 1048576)

    Path: C:\Documents and Settings\All Users\Application Data\AVG8\Log\AVGCORE.LOG
    Status: Size mismatch (API: 129166, Raw: 128212)

    Path: C:\Documents and Settings\Peter Wroblewski\Local Settings\Temporary Internet Files\Content.IE5\5FD3RDIM\81052-yahoo-google-link-redirect[1].html
    Status: Allocation size mismatch (API: 1081344, Raw: 131072)
     

  3. to hide this advert.

  4. 2009/01/31
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS CirrusFalcon :)

    HijackThis just doesn't show us enough information to properly analyze a system. We use another tool for that now. Please download DDS from one of the 3 mirrors and save it to your desktop.

    Mirror 1 Mirror 2 Mirror 3

    • Disable any script blocking protection
    • Double click the dds icon to run the tool.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop.

    Include the contents of both logs in your new topic.
    The scan will instruct you to post Attach.txt as an attachment.
    No need for that though ..... just post it's contents as you would any other log.

    • Note - You may be required to split the logs into 2 or more posts due to their size and character count limitations in the forum software.
     
  5. 2009/02/01
    CirrusFalcon

    CirrusFalcon Inactive Thread Starter

    Joined:
    2009/01/30
    Messages:
    15
    Likes Received:
    0
    A huge thanks for the quick reply. Here's the DDS.txt:


    DDS (Ver_09-02-01.01) - FAT32x86
    Run by Peter Wroblewski at 17:59:11.59 on Sun 02/01/2009
    Internet Explorer: 8.0.6001.18372
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1236 [GMT -6:00]

    AV: AVG Anti-Virus *On-access scanning enabled* (Updated)

    ============== Running Processes ===============

    C:\WINDOWS2\system32\Ati2evxx.exe
    C:\WINDOWS2\system32\svchost -k DcomLaunch
    SVCHOST.EXE
    C:\WINDOWS2\System32\svchost.exe -k netsvcs
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS2\system32\Ati2evxx.exe
    SVCHOST.EXE
    SVCHOST.EXE
    C:\WINDOWS2\system32\spoolsv.exe
    C:\WINDOWS2\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS2\RTHDCPL.EXE
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS2\ALCMTR.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Common Files\AOL\1155073393\ee\AOLSoftware.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS2\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS2\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS2\system32\svchost.exe -k imgsvc
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\AVG\AVG8\aAvgApi.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Peter Wroblewski\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com/
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
    uInternet Settings,ProxyOverride = *.local
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
    TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [ctfmon.exe] c:\windows2\system32\ctfmon.exe
    uRun: [Aim6]
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
    mRun: [NeroFilterCheck] c:\windows2\system32\NeroCheck.exe
    mRun: [InCD] c:\program files\ahead\incd\InCD.exe
    mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe "
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    mRun: [HostManager] c:\program files\common files\aol\1155073393\ee\AOLSoftware.exe
    mRun: [IPHSend] c:\program files\common files\aol\iphsend\IPHSend.exe
    mRun: [PinnacleDriverCheck] c:\windows2\system32\PSDrvCheck.exe -CheckReg
    mRun: [USB2Check] RUNDLL32.EXE "c:\windows2\system32\PCLECoInst.dll ",CheckUSBController
    mRun: [USBToolTip] "c:\program files\pinnacle\shared files\\programs\usbtip\USBTip.exe "
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
    IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    Trusted Zone: moove.com
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
    DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
    DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} - hxxp://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.53.cab
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://download.shockwave.com/pub/otoy/OTOYAX.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://65.5.111.17/activex/AMC.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: avgrsstarter - avgrsstx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows2\system32\WPDShServiceObj.dll

    ============= SERVICES / DRIVERS ===============

    R0 AvgRkx86;avgrkx86.sys;c:\windows2\system32\drivers\avgrkx86.sys [2009-1-25 12552]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows2\system32\drivers\avgldx86.sys [2009-1-25 325128]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows2\system32\drivers\avgmfx86.sys [2009-1-25 27656]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows2\system32\drivers\avgtdix.sys [2009-1-25 107272]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-25 298264]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]
    S3 IKFileSec;File Security Driver;c:\windows2\system32\drivers\ikfilesec.sys [2009-1-29 40840]
    S3 IKSysFlt;System Filter Driver;c:\windows2\system32\drivers\iksysflt.sys [2009-1-29 66952]
    S3 IKSysSec;System Security Driver;c:\windows2\system32\drivers\iksyssec.sys [2009-1-29 81288]
    S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;c:\windows2\system32\drivers\MarvinAVS.sys [2007-5-9 434176]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-1-29 356920]
    S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-1-29 1079176]

    =============== Created Last 30 ================

    2009-02-01 15:59 <DIR> --d----- c:\program files\Carina Software
    2009-01-31 11:34 389,120 a------- c:\windows2\system32\cmd.execf
    2009-01-29 19:34 <DIR> --d----- c:\program files\iPod
    2009-01-29 19:34 <DIR> --d----- c:\program files\iTunes
    2009-01-29 19:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2009-01-29 18:36 <DIR> --dsh--- c:\documents and settings\peter wroblewski\IECompatCache
    2009-01-29 18:09 <DIR> --dsh--- c:\documents and settings\peter wroblewski\IETldCache
    2009-01-29 18:02 <DIR> --d-h--- c:\windows2\ie8
    2009-01-29 18:00 79,360 -------- c:\windows2\system32\dllcache\iecompat.dll
    2009-01-29 14:55 <DIR> --d----- c:\docume~1\peterw~1\applic~1\Malwarebytes
    2009-01-29 14:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2009-01-29 00:01 81,288 a------- c:\windows2\system32\drivers\iksyssec.sys
    2009-01-29 00:01 66,952 a------- c:\windows2\system32\drivers\iksysflt.sys
    2009-01-29 00:01 40,840 a------- c:\windows2\system32\drivers\ikfilesec.sys
    2009-01-29 00:01 29,576 a------- c:\windows2\system32\drivers\kcom.sys
    2009-01-29 00:00 <DIR> --d----- c:\program files\Spyware Doctor
    2009-01-29 00:00 <DIR> --d----- c:\docume~1\peterw~1\applic~1\PC Tools
    2009-01-28 23:28 <DIR> --d----- c:\program files\Trend Micro
    2009-01-28 23:22 156 a------- c:\windows2\wininit.ini
    2009-01-28 22:47 <DIR> --d----- c:\program files\Spybot - Search & Destroy
    2009-01-28 22:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2009-01-28 22:29 36 ----hr-- c:\windows2\sued.dat
    2009-01-28 17:48 10,368 a------- c:\windows2\system32\drivers\hidusb.sys
    2009-01-28 17:48 10,368 a------- c:\windows2\system32\dllcache\hidusb.sys
    2009-01-28 17:48 32,128 a------- c:\windows2\system32\drivers\usbccgp.sys
    2009-01-28 17:48 32,128 a------- c:\windows2\system32\dllcache\usbccgp.sys
    2009-01-26 05:43 <DIR> --dsh--- c:\windows2\Installer
    2009-01-26 03:00 <DIR> --d----- c:\windows2\ie8updates
    2009-01-25 11:17 <DIR> --d----- C:\AVGTemp
    2009-01-25 10:34 <DIR> --d-h--- C:\$AVG8.VAULT$
    2009-01-25 09:43 10,520 a------- c:\windows2\system32\avgrsstx.dll
    2009-01-25 09:43 107,272 a------- c:\windows2\system32\drivers\avgtdix.sys
    2009-01-25 09:43 12,552 a------- c:\windows2\system32\drivers\avgrkx86.sys
    2009-01-25 09:43 325,128 a------- c:\windows2\system32\drivers\avgldx86.sys
    2009-01-25 09:43 <DIR> --d----- c:\windows2\system32\drivers\Avg
    2009-01-25 09:43 <DIR> --d----- c:\docume~1\peterw~1\applic~1\AVGTOOLBAR
    2009-01-25 09:43 <DIR> --d----- c:\program files\AVG
    2009-01-25 09:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
    2009-01-24 15:02 <DIR> --dsh--- c:\documents and settings\peter wroblewski\PrivacIE
    2009-01-18 23:06 <DIR> --d----- c:\program files\CCleaner
    2009-01-16 05:09 <DIR> --dsh--- C:\FOUND.009
    2009-01-15 02:22 49,152 -------- c:\windows2\system32\msrating.dll.mui
    2009-01-15 02:21 2,560 -------- c:\windows2\system32\mshta.exe.mui
    2009-01-15 02:19 4,096 -------- c:\windows2\system32\ie4uinit.exe.mui
    2009-01-15 02:19 81,920 -------- c:\windows2\system32\iedkcs32.dll.mui
    2009-01-15 02:04 18,944 -------- c:\windows2\system32\dllcache\corpol.dll
    2009-01-11 06:31 <DIR> --dsh--- C:\FOUND.008
    2009-01-05 16:18 90,112 a------- c:\windows2\system32\QuickTimeVR.qtx
    2009-01-05 16:18 57,344 a------- c:\windows2\system32\QuickTime.qts
    2009-01-05 14:30 <DIR> --dsh--- C:\FOUND.007

    ==================== Find3M ====================

    2009-01-15 02:17 636,264 a------- c:\windows2\system32\dllcache\iexplore.exe
    2009-01-15 02:17 392,040 a------- c:\windows2\system32\dllcache\iedkcs32.dll
    2009-01-15 02:13 5,888,512 a------- c:\windows2\system32\dllcache\mshtml.dll
    2009-01-15 02:12 10,963,968 a------- c:\windows2\system32\dllcache\ieframe.dll
    2009-01-15 02:06 1,182,720 a------- c:\windows2\system32\dllcache\urlmon.dll
    2009-01-15 02:06 236,544 a------- c:\windows2\system32\dllcache\webcheck.dll
    2009-01-15 02:06 105,984 a------- c:\windows2\system32\dllcache\url.dll
    2009-01-15 02:05 911,872 a------- c:\windows2\system32\wininet.dll
    2009-01-15 02:05 911,872 a------- c:\windows2\system32\dllcache\wininet.dll
    2009-01-15 02:05 193,536 a------- c:\windows2\system32\dllcache\msrating.dll
    2009-01-15 02:05 109,056 a------- c:\windows2\system32\dllcache\occache.dll
    2009-01-15 02:05 43,008 a------- c:\windows2\system32\licmgr10.dll
    2009-01-15 02:05 43,008 a------- c:\windows2\system32\dllcache\licmgr10.dll
    2009-01-15 02:04 755,200 a------- c:\windows2\system32\dllcache\VGX.dll
    2009-01-15 02:04 18,944 a------- c:\windows2\system32\corpol.dll
    2009-01-15 02:04 25,600 a------- c:\windows2\system32\dllcache\jsproxy.dll
    2009-01-15 02:02 1,975,296 a------- c:\windows2\system32\dllcache\iertutil.dll
    2009-01-15 02:02 593,920 a------- c:\windows2\system32\dllcache\msfeeds.dll
    2009-01-15 02:02 611,840 a------- c:\windows2\system32\dllcache\mstime.dll
    2009-01-15 02:01 183,808 a------- c:\windows2\system32\dllcache\iepeers.dll
    2009-01-15 02:01 59,904 a------- c:\windows2\system32\dllcache\icardie.dll
    2009-01-15 02:01 54,272 a------- c:\windows2\system32\dllcache\msfeedsbs.dll
    2009-01-15 02:01 34,304 a------- c:\windows2\system32\imgutil.dll
    2009-01-15 02:01 34,304 a------- c:\windows2\system32\dllcache\imgutil.dll
    2009-01-15 02:01 348,160 a------- c:\windows2\system32\dllcache\dxtmsft.dll
    2009-01-15 02:01 46,592 a------- c:\windows2\system32\dllcache\pngfilt.dll
    2009-01-15 02:01 216,064 a------- c:\windows2\system32\dllcache\dxtrans.dll
    2009-01-15 02:01 66,560 a------- c:\windows2\system32\dllcache\mshtmled.dll
    2009-01-15 02:00 48,128 a------- c:\windows2\system32\mshtmler.dll
    2009-01-15 02:00 48,128 a------- c:\windows2\system32\dllcache\mshtmler.dll
    2009-01-15 02:00 45,568 a------- c:\windows2\system32\mshta.exe
    2009-01-15 02:00 45,568 a------- c:\windows2\system32\dllcache\mshta.exe
    2009-01-15 01:53 68,608 a------- c:\windows2\system32\dllcache\hmmapi.dll
    2009-01-15 01:50 156,160 a------- c:\windows2\system32\msls31.dll
    2009-01-15 01:50 156,160 a------- c:\windows2\system32\dllcache\msls31.dll
    2009-01-15 01:35 445,440 a------- c:\windows2\system32\dllcache\ieapfltr.dll
    2008-12-22 16:31 4,096 a------- c:\windows2\d3dx.dat
    2008-12-17 18:36 410,984 a------- c:\windows2\system32\deploytk.dll
    2008-12-14 17:12 3,698,040 a------- c:\windows2\system32\dllcache\ieapfltr.dat
    2008-12-11 04:57 333,952 a------- c:\windows2\system32\drivers\srv.sys
    2008-12-11 04:57 333,952 -------- c:\windows2\system32\dllcache\srv.sys
    2005-02-16 17:53 266 ---sh--- c:\program files\desktop.ini
    2005-02-16 17:53 11,079 ----h--- c:\program files\folder.htt
    2002-07-26 18:02 153,088 a------- c:\program files\UNWISE.EXE
    2008-06-15 12:16 32,768 a--sh--- c:\windows2\system32\config\systemprofile\local settings\history\history.ie5\mshist012008061520080616\index.dat

    ============= FINISH: 17:59:46.15 ===============
     
  6. 2009/02/01
    CirrusFalcon

    CirrusFalcon Inactive Thread Starter

    Joined:
    2009/01/30
    Messages:
    15
    Likes Received:
    0
    Here's the Attach.txt:


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-02-01.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/6/2006 8:00:26 AM
    System Uptime: 1/29/2009 7:36:51 PM (70 hours ago)

    Motherboard: ASUSTeK Computer INC. | | P5LD2
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Socket 775 | 3010/200mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (FAT32) - 112 GiB total, 31.267 GiB free.
    D: is FIXED (FAT32) - 16 GiB total, 15.726 GiB free.
    E: is CDROM (CDFS)
    F: is Removable
    K: is FIXED (NTFS) - 149 GiB total, 63.587 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller
    Device ID: PCI\VEN_11AB&DEV_4362&SUBSYS_81421043&REV_19\4&AD17F01&0&00E3
    Manufacturer: Marvell
    Name: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller
    PNP Device ID: PCI\VEN_11AB&DEV_4362&SUBSYS_81421043&REV_19\4&AD17F01&0&00E3
    Service: yukonwxp

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: SM Bus Controller
    Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_81791043&REV_01\3&11583659&0&FB
    Manufacturer:
    Name: SM Bus Controller
    PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_81791043&REV_01\3&11583659&0&FB
    Service:

    ==== System Restore Points ===================

    RP742: 11/4/2008 5:10:17 PM - System Checkpoint
    RP743: 11/5/2008 6:55:44 PM - System Checkpoint
    RP744: 11/6/2008 7:38:15 PM - System Checkpoint
    RP745: 11/7/2008 7:48:07 PM - System Checkpoint
    RP746: 11/9/2008 7:34:26 AM - System Checkpoint
    RP747: 11/10/2008 4:49:42 PM - System Checkpoint
    RP748: 11/11/2008 9:00:45 PM - System Checkpoint
    RP749: 11/13/2008 3:26:08 PM - Software Distribution Service 3.0
    RP750: 11/14/2008 8:05:16 PM - System Checkpoint
    RP751: 11/16/2008 5:40:39 AM - System Checkpoint
    RP752: 11/20/2008 5:49:04 PM - System Checkpoint
    RP753: 11/21/2008 7:11:34 PM - System Checkpoint
    RP754: 11/19/2008 9:15:54 AM - System Checkpoint
    RP755: 11/20/2008 7:19:48 PM - System Checkpoint
    RP756: 11/22/2008 12:24:03 AM - System Checkpoint
    RP757: 11/23/2008 5:36:07 AM - System Checkpoint
    RP758: 11/24/2008 6:29:17 AM - System Checkpoint
    RP759: 11/25/2008 7:08:30 AM - System Checkpoint
    RP760: 11/26/2008 12:20:38 PM - System Checkpoint
    RP761: 11/28/2008 12:34:22 AM - System Checkpoint
    RP762: 11/29/2008 6:22:38 AM - System Checkpoint
    RP763: 11/30/2008 6:39:58 AM - System Checkpoint
    RP764: 12/1/2008 7:29:45 PM - System Checkpoint
    RP765: 12/3/2008 12:20:53 AM - System Checkpoint
    RP766: 12/4/2008 12:48:59 AM - System Checkpoint
    RP767: 12/5/2008 2:43:04 AM - System Checkpoint
    RP768: 12/6/2008 5:37:43 AM - System Checkpoint
    RP769: 12/7/2008 7:02:53 AM - System Checkpoint
    RP770: 12/8/2008 9:09:10 AM - System Checkpoint
    RP771: 12/9/2008 4:17:24 PM - Installed Wizard101
    RP772: 12/10/2008 3:00:35 AM - Software Distribution Service 3.0
    RP773: 12/11/2008 3:26:59 AM - System Checkpoint
    RP774: 12/12/2008 3:00:16 AM - Software Distribution Service 3.0
    RP775: 12/13/2008 3:20:28 AM - System Checkpoint
    RP776: 12/15/2008 8:54:31 AM - System Checkpoint
    RP777: 12/16/2008 10:03:42 AM - System Checkpoint
    RP778: 12/17/2008 1:00:01 PM - System Checkpoint
    RP779: 12/17/2008 6:36:18 PM - Installed Java(TM) 6 Update 11
    RP780: 12/18/2008 3:00:15 AM - Software Distribution Service 3.0
    RP781: 12/19/2008 8:27:20 AM - System Checkpoint
    RP782: 12/20/2008 3:40:03 PM - System Checkpoint
    RP783: 12/21/2008 4:13:15 PM - System Checkpoint
    RP784: 12/22/2008 6:30:07 PM - System Checkpoint
    RP785: 12/24/2008 8:12:22 AM - System Checkpoint
    RP786: 12/25/2008 8:57:36 AM - System Checkpoint
    RP787: 12/26/2008 10:17:57 AM - System Checkpoint
    RP788: 12/27/2008 4:20:39 PM - System Checkpoint
    RP789: 12/28/2008 5:46:32 PM - System Checkpoint
    RP790: 12/29/2008 9:16:25 PM - System Checkpoint
    RP791: 12/30/2008 11:16:49 PM - System Checkpoint
    RP792: 1/1/2009 10:34:18 AM - System Checkpoint
    RP793: 1/2/2009 1:30:46 PM - System Checkpoint
    RP794: 1/4/2009 12:30:52 AM - System Checkpoint
    RP795: 1/5/2009 7:23:30 AM - System Checkpoint
    RP796: 1/6/2009 10:43:28 AM - System Checkpoint
    RP797: 1/7/2009 1:12:32 PM - System Checkpoint
    RP798: 1/8/2009 1:45:16 PM - System Checkpoint
    RP799: 1/9/2009 2:06:11 PM - System Checkpoint
    RP800: 1/11/2009 7:02:14 AM - System Checkpoint
    RP801: 1/12/2009 8:10:47 AM - System Checkpoint
    RP802: 1/13/2009 9:06:53 AM - System Checkpoint
    RP803: 1/13/2009 11:52:15 PM - Software Distribution Service 3.0
    RP804: 1/15/2009 7:39:46 AM - System Checkpoint
    RP805: 1/16/2009 8:03:44 AM - System Checkpoint
    RP806: 1/17/2009 8:06:29 AM - System Checkpoint
    RP807: 1/18/2009 10:15:40 AM - System Checkpoint
    RP808: 1/20/2009 1:26:13 PM - System Checkpoint
    RP809: 1/21/2009 2:46:13 PM - System Checkpoint
    RP810: 1/22/2009 3:43:00 PM - System Checkpoint
    RP811: 1/23/2009 8:13:48 PM - System Checkpoint
    RP812: 1/24/2009 2:52:29 PM - Installed Windows Internet Explorer 8.
    RP813: 1/25/2009 3:00:15 AM - Software Distribution Service 3.0
    RP814: 1/25/2009 9:43:08 AM - Installed AVG 8.0
    RP815: 1/26/2009 3:00:16 AM - Software Distribution Service 3.0
    RP816: 1/27/2009 7:14:13 AM - System Checkpoint
    RP817: 1/28/2009 10:09:53 PM - System Checkpoint
    RP818: 1/28/2009 10:29:25 PM - Installed SpyWall
    RP819: 1/28/2009 10:40:36 PM - Removed SpyWall
    RP820: 1/29/2009 12:09:01 AM - Spyware Doctor: Cleaning Threats
    RP821: 1/29/2009 12:09:19 AM - Spyware Doctor: Cleaning Threats
    RP822: 1/29/2009 7:19:26 AM - Spyware Doctor: Cleaning Threats
    RP823: 1/29/2009 5:53:32 PM - Software Distribution Service 3.0
    RP824: 1/29/2009 6:04:21 PM - Installed Windows Internet Explorer 8.
    RP825: 1/29/2009 6:05:27 PM - Software Distribution Service 3.0
    RP826: 1/30/2009 7:04:07 PM - System Checkpoint
    RP827: 2/1/2009 5:10:21 AM - System Checkpoint
    RP828: 2/1/2009 3:58:59 PM - Installed SkyGazer 4

    ==== Installed Programs ======================

    7-Zip 4.42
    ACD/Labs Software in C:\Program Files\ACDFREE11\
    Adobe Flash Player ActiveX
    Adobe Reader 8.1.2
    Adobe Shockwave Player
    Adobe SVG Viewer 3.0
    Adobe® Photoshop® Album Starter Edition 3.0
    AOL Uninstaller (Choose which Products to Remove)
    Apple Mobile Device Support
    Apple Software Update
    Ares 1.9.0
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Display Driver
    AutoUpdate
    AVG 8.0
    AXIS Media Control Embedded
    BitLord 1.1
    Bonjour
    CCleaner (remove only)
    CDisplay 1.8
    Chessmaster 9000
    Democracy
    Deus Ex
    DiscAPI (Studio 10)
    DivX Codec
    DivX Converter
    DivX Player
    DivX Web Player
    Evrsoft First Page 2006
    GameSpy Arcade
    Google Earth
    Google Toolbar for Internet Explorer
    Google Updater
    Google Video Player
    Guild Wars
    Guitar Pro 5.0
    High Definition Audio Driver Package - KB888111
    HijackThis 2.0.2
    Hitman - Codename 47
    Hotfix 2050 for SQL Server 2000 ENU (KB948110)
    Hotfix for Microsoft .NET Framework 3.0 (KB932471)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    HouseCall 6.6
    iTunes
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 7
    J2SE Runtime Environment 5.0 Update 9
    Java(TM) 6 Update 11
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1
    LimeWire 4.18.8
    Live Search Maps Add-In for Microsoft Office Outlook
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft .NET Framework 3.0 Service Pack 1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Outlook 2003 with Business Contact Manager Update
    Microsoft Office Professional Edition 2003
    Microsoft Rise Of Nations
    Microsoft Silverlight
    Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
    Microsoft Text-to-Speech Engine 4.0 (English)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Microsoft Web Publishing Wizard 1.52
    Microsoft Works 6-9 Converter
    Move Networks Media Player for Internet Explorer
    MSN
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 6.0 Parser (KB933579)
    MSXML4 Parser
    NCH Toolbox Uninstall
    Nero Suite
    Nitro PDF
    OTOY
    PFCExpress by AT&W Technologies
    PFCPro 2003
    PHP 5.2.0
    Pinnacle Instant DVD Recorder
    Pinnacle MediaServer
    Prism
    Project64 1.6
    QuickTime
    RAPID (Studio 10)
    Realtek High Definition Audio Driver
    RegCure 1.5.0.0
    Rise of Nations Thrones and Patriots
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Media Encoder (KB954156)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Shockwave
    Sid Meier's Civilization 4
    SkyGazer 4
    Skypeâ„¢ 3.6
    SmartSound Quicktracks Plugin
    Spyware Doctor 6.0
    Stopple 1.00 (build 15)
    Studio 10
    Switch
    TeamSpeak 2 RC2
    The Print Shop 20
    Twelve Keys
    ubi.com
    Update for Windows Internet Explorer 8 (KB961813)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player
    Visual Studio 2005 Tools for Office Second Edition Runtime
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8 Release Candidate 1
    Windows Media Connect
    Windows Media Encoder 9 Series
    Windows Media Format 11 runtime
    Windows Media Format SDK Hotfix - KB891122
    Windows Media Player 11
    Windows Presentation Foundation
    Windows XP Service Pack 3
    WinRAR archiver
    World of Warcraft
    Xfire (remove only)
    XML Paper Specification Shared Components Pack 1.0
    Yahoo! Anti-Spy
    Yahoo! Toolbar
    Yahoo! Toolbar for Internet Explorer

    ==== Event Viewer Messages From Past Week ========

    1/28/2009 5:51:39 PM, error: Service Control Manager [7003] - The Pinnacle Systems Media Service service depends on the following nonexistent service: MSSQL$PINNACLESYS
    1/28/2009 4:20:53 AM, error: ipnathlp [31008] - The DNS proxy agent was unable to read the local list of name-resolution servers from the registry. The data is the error code.
    1/27/2009 2:57:00 PM, error: Print [6161] - The document http://www.waubonsee.edu/downloads/pdf/financial_aid/presidentsaward.pdf owned by Peter Wroblewski failed to print on printer HP DeskJet 882C. Data type: NT EMF 1.008. Size of the spool file in bytes: 851968. Number of bytes printed: 628188. Total number of pages in the document: 2. Number of pages printed: 1. Client machine: \\WROBLEWSKI. Win32 error code returned by the print processor: 0 (0x0).
    1/29/2009 12:16:27 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IKFileSec
    1/29/2009 1:51:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/29/2009 1:51:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    1/29/2009 1:52:12 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    1/29/2009 1:52:12 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/29/2009 1:52:12 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    1/29/2009 1:52:12 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/29/2009 1:52:12 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/29/2009 1:52:12 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/29/2009 1:52:12 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PC Tools Security Service service to connect.
    1/29/2009 1:52:12 PM, error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/29/2009 1:52:12 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips IKFileSec intelppm IPSec MRxSmb NetBIOS NetBT PCLEPCI RasAcd Rdbss Tcpip

    ==== End Of File ===========================
     
  7. 2009/02/01
    CirrusFalcon

    CirrusFalcon Inactive Thread Starter

    Joined:
    2009/01/30
    Messages:
    15
    Likes Received:
    0
    I've also, upon seeing them, uninstalled the P2P programs. Specifically, I unistalled Limewire, Ares, and BitLord to hopefully prevent this from occuring again in the future.
     
  8. 2009/02/02
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Good to hear you removed the P2P apps. :)

    Before I forget about it, I recommend you uninstall the following old Java plugins.

    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 7
    J2SE Runtime Environment 5.0 Update 9
    Java(TM) 6 Update 11
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1

    JRE 6 Update 12 is now available from here.

    *Note - you don't have to do this right now, just wanted to make note that it needs to be done.



    Nothing apparent in those logs, so lets run a couple more scans. Download GMER Rootkit Scanner from here.
    • Extract the contents of the zipped file to desktop.
    • Rename gmer.exe to gamer.exe or similar <------ IMPORTANT
    • Double click gamer.exe. If asked to allow gmer.sys driver to load, please consent .
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
      • Sections
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in ark.txt
    Save it where you can easily find it, such as your desktop then post the contents here.

    **Caution**
    Rootkit scans often produce false positives. Do NOT take action on any <---- ROOKIT entries


    Next, please do an online scan with Kaspersky Online Scanner

    Click Accept, when prompted to download and install the program files and database of malware definitions.
    • Click Run at the Security prompt.
    • The program will then begin downloading and installing and will also update the database.
    • Please be patient as this can take several minutes.
    • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Click View scan report at the bottom.
    • Click the Save Report As... button.
    • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
    **Note**

    To optimize scanning time and produce a more sensible report for review:
    • Close any open programs.
    • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.


    Post the Kaspersky log here.
     
  9. 2009/02/03
    CirrusFalcon

    CirrusFalcon Inactive Thread Starter

    Joined:
    2009/01/30
    Messages:
    15
    Likes Received:
    0
    Thanks again. I'm still waiting for the Kaspersky scan to finish, but in the meantime, here's the ark.txt:

    GMER 1.0.14.14536 - http://www.gmer.net
    Rootkit scan 2009-02-03 12:59:11
    Windows 5.1.2600 Service Pack 3


    ---- Devices - GMER 1.0.14 ----

    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Registry - GMER 1.0.14 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ????25???0?/25???????????????????????e???????????????????????????????i???e???????????d?????nte??SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpSubnetMaskOpt?SYSTEM\CurrentControlSet\Services\?\Parameters\Tcpip\DhcpSubnetMaskOpt????????1???? ?????????????????????I?????????????????????????????????e?????????????????n????SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDomain?SYSTEM\CurrentControlSet\Services\TcpIp\Parameters\DhcpDomain????????????????1???????? ?????????????????????I??????????????3??????????????????e?????????????????n????SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDefaultGateway?SYSTEM\CurrentControlSet\Services\?\Parameters\Tcpip\DhcpDefaultGateway???????????????????e??????? ?????????????????????I?????????????????????????????????e?????????????????n6???SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_?\DhcpNameServerList?SYSTEM\CurrentControlSet\Services\NetBT\Adapters\?\DhcpNameServer??????? ?????????????????????
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS2\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0x2E 0xE8 0xE1 0x00 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS2\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS2\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS2\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS2\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS2\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS2\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS2\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS2\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS2\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS2\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS2\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

    ---- EOF - GMER 1.0.14 ----
     
  10. 2009/02/03
    CirrusFalcon

    CirrusFalcon Inactive Thread Starter

    Joined:
    2009/01/30
    Messages:
    15
    Likes Received:
    0
    The results from the Kaspersky Online Scan:

    Records in database: 1740903
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    J:\
    K:\

    Scan statistics:
    Files scanned: 152120
    Threat name: 7
    Infected objects: 13
    Suspicious objects: 0
    Duration of the scan: 02:58:47


    File name / Threat name / Threats count
    C:\Program Files\Evrsoft First Page 2006\Iscripts\Page Details\crazy-window.izs Infected: Hoax.JS.BadJoke.RJump 1
    C:\Documents and Settings\Peter Wroblewski\My Documents\LimeWire\Saved\shut down lil jon MTV.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1
    C:\Documents and Settings\Peter Wroblewski\.housecall6.6\Quarantine\count.jar-6802df8c-74ba4019.zip.bac_a03812 Infected: Exploit.Java.ByteVerify 2
    C:\Documents and Settings\Peter Wroblewski\.housecall6.6\Quarantine\count.jar-6802df8c-74ba4019.zip.bac_a03812 Infected: Trojan-Downloader.Java.OpenConnection.aa 1
    C:\Documents and Settings\Peter Wroblewski\.housecall6.6\Quarantine\1927a628-7437d06a.bac_a00364 Infected: Trojan.Java.ClassLoader.ao 3
    C:\Documents and Settings\Peter Wroblewski\.housecall6.6\Quarantine\crtdcghcn.jar-5649a13-5a293939.zip.bac_a00364 Infected: Trojan.Java.ClassLoader.ao 3
    C:\Documents and Settings\Peter Wroblewski\.housecall6.6\Quarantine\put yo hood up.mp3.bac_a03656 Infected: Trojan-Downloader.WMA.GetCodec.c 1
    C:\Documents and Settings\Peter Wroblewski\.housecall6.6\Quarantine\regrets jay z.mp3.bac_a03656 Infected: Trojan-Downloader.WMA.GetCodec.r 1

    The selected area was scanned.
     
  11. 2009/02/03
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Please visit the following webpage for instructions for downloading and running ComboFix

    How to use ComboFix


    Download ComboFix by sUBs from here, saving the file to your desktop.


    Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

    • Close all open programs and windows
    • Double click ComboFix.exe and follow the prompts.
    • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    **NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.
     
  12. 2009/02/04
    CirrusFalcon

    CirrusFalcon Inactive Thread Starter

    Joined:
    2009/01/30
    Messages:
    15
    Likes Received:
    0
    I cannot run ComboFix because I get an error that says, "prep.com has encountered a problem and needs to close. We are sorry for the inconvenience. If you were in the middle of something, the information you were working on might be lost. Please tell Microsoft about this problem. We have created an error report that you can send to us. We will treat this report as confidential and anonymous. To see what this error report contains, click here. "

    Followed by the options: Debug, Send Error Report; Don't Send.

    If I click to see what data the report contains, I see the following:

    "Error signature
    App Name: prep.com AppVer: 0.0.0.0 ModName: unknown
    ModVer: 0.0.0.0 Offset: 00000000

    Reporting Details
    This report includes: information regarding the condition of prep.com when the problem occurred; the operating system version and computer hardware in use... "etc

    Then I have the options to view technical information about the error report or see their data collection policy on the web. If I view the technical information about the error, I see the following:

    "The following information about your process will be reported:
    Exception information
    Code: 0xc0000005 Flags: 0x00000000
    Record: 0x0000000000000000 Address: 0x0000000000000000 "

    Followed by a list of modules that I cannot unfortunately copy and paste. If this information is crucial, I will take the time to post it. Otherwise, I'll continue. At the bottom of the Error Report Contents Page, I see the following:

    "The following files will be included in this error report:
    C:\DOCUME~1\PETERW~1\LOCALS~1\Temp\8545_appcompat.txt "

    Going back to the initial error screen, if I click Debug, I see the following error:

    "drwtsn32.exe - Entry Point Not Found
    The procedure entry point SymSetSymWithAddr64 could not be located in the dynamic link library DBGHELP.dll. "

    Is there another program I could use, or a way to fix this problem? Thanks again for all the help so far.
     
  13. 2009/02/10
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    My apologies for the late response. Please delete the current copy of ComboFix download a fresh copy. Then restart your computer and begin tapping F8 to enable the Advanced Start menu. Select Safe Mode and logon to your user account, then try running ComboFix again. If it restarts the machine, allow it to start normally.
    Post the resulting ComboFix.txt log it opens when complete.
     
  14. 2009/02/10
    CirrusFalcon

    CirrusFalcon Inactive Thread Starter

    Joined:
    2009/01/30
    Messages:
    15
    Likes Received:
    0
    I'm just glad you have not forsaken me. Here's the log:

    ComboFix 09-02-10.02 - Peter Wroblewski 2009-02-10 23:12:37.1 - FAT32x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1448 [GMT -6:00]
    Running from: c:\documents and settings\Peter Wroblewski\My Documents\Downloads\ComboFix.exe
    AV: AVG Anti-Virus *On-access scanning disabled* (Updated)
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\dirty_dishes.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\foodtray.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart1.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart2.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart3.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\menu_down.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\menu_up.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\mop_prop.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\ticket.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a1.ogg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a2.ogg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a3.ogg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a4.ogg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\mainmenumusic.ogg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\baby_cry.ogg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\chef_cook1.ogg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\closing_time.ogg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\customer_ditch.ogg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_down.ogg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_up.ogg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\drink_table.ogg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\expert.ogg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_deliver.ogg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_pickup.ogg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\keystroke2.ogg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\level_lose.ogg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\level_win.ogg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\menu_click.ogg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\menu_rollover.ogg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\mop_pickup.ogg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\mop_spill.ogg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_bring_check_1_snd.ogg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dropoff_drinks_1.ogg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_food_ready_1_snd.ogg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_gain_heart_1.ogg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_menu_down.ogg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pencil_write_2.ogg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_seat_people_snd.ogg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\spill.ogg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\table_drink.ogg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\tip_2.ogg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\flo_lose.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\flo_win.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\fullscreendialog.jpg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\high_score_menu_bg.jpg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.jpg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelover.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.jpg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu.jpg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu_logo.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\popup.jpg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\popup.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\textfield.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\upgrade_lines.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_a.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_b.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_c.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_a.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_b.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_c.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_a.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_b.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_a.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_b.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_highlight.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_normal.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_selected.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_1.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_2.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_3.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_1.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_2.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_3.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a1.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a2.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a3.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_a.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_b.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_c.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_a.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_b.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_c.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_mask.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_a.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_b.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_c.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_mask.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_a.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_b.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_c.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_a.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_b.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_c.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_down.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_over.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_up.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\welcome_player.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\actionpoints.bin
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\career.bin
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\customer.bin
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\endless.bin
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\global.bin
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\powerups.bin
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cook\stove.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\arrow.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\click.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\click2.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\grab.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\open.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.anm
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\blue.pal
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\blue_legs.pal
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\legs.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\red.pal
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\red_legs.pal
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.anm
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\blue.pal
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\blue_legs.pal
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\legs.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\red.pal
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\red_legs.pal
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.anm
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.anm
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue.pal
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_baby.pal
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_legs.pal
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\legs.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red.pal
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red_baby.pal
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red_legs.pal
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\anim.anm
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\anim.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\blue.pal
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\blue_legs.pal
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\legs.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\red.pal
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\red_legs.pal
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\idle.anm
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\idle.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\lower.anm
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\lower.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\upper.anm
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\upper.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\fonts\mercurius.mvec
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\bench.anm
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\bench.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\blue_highchairbaby.pal
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\chair.anm
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\chair.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dirt2top.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dirt4top.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dishcart.anm
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dishcart.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\green_highchairbaby.pal
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_a.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_b.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.anm
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.anm
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_a.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_b.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_c.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium_heart.anm
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium_heart.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\purple_highchairbaby.pal
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\radio.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\red_highchairbaby.pal
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\spill.anm
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\spill.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\stereo.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\ticketstation.anm
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\ticketstation.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\yellow_highchairbaby.pal
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\family.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help_dividerline.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_colormatch1.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_colormatch2.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_noise.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_score.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_cleardishes.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_givecheck.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_pickupfood.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_servefood.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_takeorder.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\hiscore\local-hs-bb.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\hiscore\p1icon.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_1.bin
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_2.bin
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_3.bin
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_4.bin
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_5.bin
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_6.bin
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1.bin
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_a.bin
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_b.bin
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_c.bin
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\playfirstlogo.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\background.jpg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\blue.pal
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.anm
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\grey.pal
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\red.pal
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\cup1.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.anm
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_0.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_1.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_a.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_b.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_c.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.anm
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\props\cup_prop1.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.anm
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.anm
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrades.xml
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\tableshadow.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\careerupgrade.lua
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\choosedifficulty.lua
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\closeconfirm.lua
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\entername.lua
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\game.lua
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\getmoregames.lua
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\help1.lua
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\help2.lua
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscore.lua
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscoreinfo.lua
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscoresubmit.lua
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\levelintro.lua
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\levelover.lua
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\loading.lua
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\mainloop.lua
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\mainmenu.lua
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\ok.lua
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\pause.lua
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\style.lua
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\upgrade.lua
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\upsell.lua
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\yesno.lua
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\splash\aol_logo.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\splash\playfirst_logo.jpg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\strings.xml
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\angersmoke.anm
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\angersmoke.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_bubble.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_mop.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_rejectmeal.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\chairflags.anm
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\chairflags.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\check.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\checkmark.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\closed.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\coinflip.anm
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\coinflip.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\decor_lines.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\dollar.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\expert.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\foodpoof.anm
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\foodpoof.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\heartgrow.anm
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\heartgrow.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\jar.anm
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\jar.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\lives_icon.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\noisering.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_a.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_b.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_c.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_d.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_e.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_f.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tablenumber_a.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tablenumber_b.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\traynumber.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tutorialarrow.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tutorialbox.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_base.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_hand.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_timer_off.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_timer_on.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgradeanim.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_a.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_b.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_c.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_a.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_b.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_c.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_a.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_b.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_c.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_a.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_b.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_c.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_a.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_b.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_c.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_a.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_b.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_c.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_a.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_b.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_c.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_a.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_b.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_c.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_a.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_b.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_c.png
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd1.jpg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd2.jpg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd3.jpg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd4.jpg
    c:\windows2\Downloaded Program Files\DinerDash2.1.0.0.53\dinerdash2.exe
    c:\windows2\system32\wdmaud.sys

    .
    ((((((((((((((((((((((((( Files Created from 2009-01-11 to 2009-02-11 )))))))))))))))))))))))))))))))
    .

    2009-02-04 17:26 . 2009-02-04 17:26 <DIR> d-------- c:\documents and settings\Peter Wroblewski\Application Data\skypePM
    2009-02-04 17:26 . 2009-02-04 17:26 32 --a------ c:\documents and settings\All Users\Application Data\ezsid.dat
    2009-02-04 15:01 . 2009-02-04 15:01 <DIR> d-------- c:\documents and settings\Peter Wroblewski\.lilypond-fonts.cache-2
    2009-02-04 14:45 . 2009-02-04 14:45 <DIR> d-------- c:\program files\LilyPond
    2009-02-03 17:25 . 2009-02-03 17:25 131,584 --a------ c:\windows2\system32\SpoonUninstall.exe
    2009-02-03 17:25 . 2009-02-03 17:23 34,358 --a------ c:\windows2\system32\SpoonUninstall-iabc.bmp
    2009-02-03 17:25 . 2009-02-03 17:25 19,506 --a------ c:\windows2\system32\SpoonUninstall-iabc.dat
    2009-02-03 17:23 . 2009-02-03 17:24 <DIR> d-------- C:\iabc
    2009-02-03 14:57 . 2009-02-03 15:05 4,189 --a------ c:\windows2\imsins.BAK
    2009-02-01 15:59 . 2009-02-01 15:59 <DIR> d-------- c:\program files\Carina Software
    2009-01-31 11:47 . 2009-01-31 11:47 <DIR> d-------- c:\program files\RegCure
    2009-01-29 19:34 . 2009-01-29 19:34 <DIR> d-------- c:\program files\iTunes
    2009-01-29 19:34 . 2009-01-29 19:34 <DIR> d-------- c:\program files\iPod
    2009-01-29 19:34 . 2009-01-29 19:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2009-01-29 19:32 . 2009-01-29 19:32 <DIR> d-------- c:\program files\QuickTime
    2009-01-29 18:36 . 2009-01-29 18:36 <DIR> d--hs---- c:\documents and settings\Peter Wroblewski\IECompatCache
    2009-01-29 18:09 . 2009-01-29 18:09 <DIR> d--hs---- c:\documents and settings\Peter Wroblewski\IETldCache
    2009-01-29 18:02 . 2009-01-29 18:03 <DIR> d--h----- c:\windows2\ie8
    2009-01-29 18:00 . 2009-01-10 23:00 79,360 --------- c:\windows2\system32\dllcache\iecompat.dll
    2009-01-29 14:55 . 2009-01-29 14:55 <DIR> d-------- c:\documents and settings\Peter Wroblewski\Application Data\Malwarebytes
    2009-01-29 14:54 . 2009-01-29 14:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-29 01:01 . 2009-01-29 01:01 <DIR> d-------- c:\program files\Common Files\Skype
    2009-01-29 00:01 . 2009-01-29 00:41 81,288 --a------ c:\windows2\system32\drivers\iksyssec.sys
    2009-01-29 00:01 . 2009-01-29 00:41 66,952 --a------ c:\windows2\system32\drivers\iksysflt.sys
    2009-01-29 00:01 . 2009-01-29 00:41 40,840 --a------ c:\windows2\system32\drivers\ikfilesec.sys
    2009-01-29 00:01 . 2008-06-02 15:19 29,576 --a------ c:\windows2\system32\drivers\kcom.sys
    2009-01-29 00:00 . 2009-01-29 00:00 <DIR> d-------- c:\program files\Spyware Doctor
    2009-01-29 00:00 . 2009-01-29 00:00 <DIR> d-------- c:\documents and settings\Peter Wroblewski\Application Data\PC Tools
    2009-01-28 23:56 . 2009-01-28 23:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
    2009-01-28 23:28 . 2009-01-28 23:28 <DIR> d-------- c:\program files\Trend Micro
    2009-01-28 23:22 . 2009-01-28 23:22 156 --a------ c:\windows2\wininit.ini
    2009-01-28 22:47 . 2009-01-28 22:47 <DIR> d-------- c:\program files\Spybot - Search & Destroy
    2009-01-28 22:47 . 2009-01-28 22:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-01-28 22:29 . 2009-01-28 22:40 36 -r-h----- c:\windows2\sued.dat
    2009-01-28 17:48 . 2008-04-13 13:45 32,128 --a------ c:\windows2\system32\drivers\usbccgp.sys
    2009-01-28 17:48 . 2008-04-13 13:45 32,128 --a------ c:\windows2\system32\dllcache\usbccgp.sys
    2009-01-28 17:48 . 2008-04-13 13:45 10,368 --a------ c:\windows2\system32\drivers\hidusb.sys
    2009-01-28 17:48 . 2008-04-13 13:45 10,368 --a------ c:\windows2\system32\dllcache\hidusb.sys
    2009-01-26 05:43 . 2009-01-26 05:43 <DIR> d--hs---- c:\windows2\Installer
    2009-01-26 04:52 . 2009-01-26 04:52 <DIR> d--hs---- c:\documents and settings\Lisa\PrivacIE
    2009-01-26 04:52 . 2009-01-26 04:52 <DIR> d-------- c:\documents and settings\Lisa\Application Data\AVGTOOLBAR
    2009-01-26 03:00 . 2009-01-26 03:00 <DIR> d-------- c:\windows2\ie8updates
    2009-01-25 11:17 . 2009-01-25 11:17 <DIR> d-------- C:\AVGTemp
    2009-01-25 10:34 . 2009-01-25 10:34 <DIR> d--h----- C:\$AVG8.VAULT$
    2009-01-25 09:43 . 2009-01-25 09:43 <DIR> d-------- c:\windows2\system32\drivers\Avg
    2009-01-25 09:43 . 2009-01-25 09:43 <DIR> d-------- c:\program files\AVG
    2009-01-25 09:43 . 2009-01-25 09:43 <DIR> d-------- c:\documents and settings\Peter Wroblewski\Application Data\AVGTOOLBAR
    2009-01-25 09:43 . 2009-01-25 09:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
    2009-01-25 09:43 . 2009-01-25 09:43 325,128 --a------ c:\windows2\system32\drivers\avgldx86.sys
    2009-01-25 09:43 . 2009-01-25 09:43 107,272 --a------ c:\windows2\system32\drivers\avgtdix.sys
    2009-01-25 09:43 . 2009-01-25 09:43 12,552 --a------ c:\windows2\system32\drivers\avgrkx86.sys
    2009-01-25 09:43 . 2009-01-25 09:43 10,520 --a------ c:\windows2\system32\avgrsstx.dll
    2009-01-24 15:02 . 2009-01-24 15:02 <DIR> d--hs---- c:\documents and settings\Peter Wroblewski\PrivacIE
    2009-01-18 23:06 . 2009-01-18 23:06 <DIR> d-------- c:\program files\CCleaner
    2009-01-16 05:09 . 2009-01-16 05:09 <DIR> d--hs---- C:\FOUND.009
    2009-01-15 02:22 . 2009-01-15 02:22 49,152 --------- c:\windows2\system32\msrating.dll.mui
    2009-01-15 02:21 . 2009-01-15 02:21 2,560 --------- c:\windows2\system32\mshta.exe.mui
    2009-01-15 02:19 . 2009-01-15 02:19 81,920 --------- c:\windows2\system32\iedkcs32.dll.mui
    2009-01-15 02:19 . 2009-01-15 02:19 4,096 --------- c:\windows2\system32\ie4uinit.exe.mui
    2009-01-15 02:04 . 2009-01-15 02:04 18,944 --------- c:\windows2\system32\dllcache\corpol.dll
    2009-01-11 06:31 . 2009-01-11 06:31 <DIR> d--hs---- C:\FOUND.008

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-15 08:17 636,264 ----a-w c:\windows2\system32\dllcache\iexplore.exe
    2009-01-15 08:17 392,040 ----a-w c:\windows2\system32\dllcache\iedkcs32.dll
    2009-01-15 08:13 5,888,512 ----a-w c:\windows2\system32\dllcache\mshtml.dll
    2009-01-15 08:12 10,963,968 ----a-w c:\windows2\system32\dllcache\ieframe.dll
    2009-01-15 08:06 236,544 ----a-w c:\windows2\system32\dllcache\webcheck.dll
    2009-01-15 08:06 105,984 ----a-w c:\windows2\system32\dllcache\url.dll
    2009-01-15 08:06 1,182,720 ----a-w c:\windows2\system32\dllcache\urlmon.dll
    2009-01-15 08:05 911,872 ----a-w c:\windows2\system32\wininet.dll
    2009-01-15 08:05 911,872 ----a-w c:\windows2\system32\dllcache\wininet.dll
    2009-01-15 08:05 43,008 ----a-w c:\windows2\system32\licmgr10.dll
    2009-01-15 08:05 43,008 ----a-w c:\windows2\system32\dllcache\licmgr10.dll
    2009-01-15 08:05 193,536 ----a-w c:\windows2\system32\dllcache\msrating.dll
    2009-01-15 08:05 109,056 ----a-w c:\windows2\system32\dllcache\occache.dll
    2009-01-15 08:04 755,200 ----a-w c:\windows2\system32\dllcache\VGX.dll
    2009-01-15 08:04 25,600 ----a-w c:\windows2\system32\dllcache\jsproxy.dll
    2009-01-15 08:04 18,944 ----a-w c:\windows2\system32\corpol.dll
    2009-01-15 08:02 611,840 ----a-w c:\windows2\system32\dllcache\mstime.dll
    2009-01-15 08:02 593,920 ----a-w c:\windows2\system32\dllcache\msfeeds.dll
    2009-01-15 08:02 1,975,296 ----a-w c:\windows2\system32\dllcache\iertutil.dll
    2009-01-15 08:01 66,560 ----a-w c:\windows2\system32\dllcache\mshtmled.dll
    2009-01-15 08:01 59,904 ----a-w c:\windows2\system32\dllcache\icardie.dll
    2009-01-15 08:01 54,272 ----a-w c:\windows2\system32\dllcache\msfeedsbs.dll
    2009-01-15 08:01 46,592 ----a-w c:\windows2\system32\dllcache\pngfilt.dll
    2009-01-15 08:01 348,160 ----a-w c:\windows2\system32\dllcache\dxtmsft.dll
    2009-01-15 08:01 34,304 ----a-w c:\windows2\system32\imgutil.dll
    2009-01-15 08:01 34,304 ----a-w c:\windows2\system32\dllcache\imgutil.dll
    2009-01-15 08:01 216,064 ----a-w c:\windows2\system32\dllcache\dxtrans.dll
    2009-01-15 08:01 183,808 ----a-w c:\windows2\system32\dllcache\iepeers.dll
    2009-01-15 08:00 48,128 ----a-w c:\windows2\system32\mshtmler.dll
    2009-01-15 08:00 48,128 ----a-w c:\windows2\system32\dllcache\mshtmler.dll
    2009-01-15 08:00 45,568 ----a-w c:\windows2\system32\mshta.exe
    2009-01-15 08:00 45,568 ----a-w c:\windows2\system32\dllcache\mshta.exe
    2009-01-15 07:53 68,608 ----a-w c:\windows2\system32\dllcache\hmmapi.dll
    2009-01-15 07:50 156,160 ----a-w c:\windows2\system32\msls31.dll
    2009-01-15 07:50 156,160 ----a-w c:\windows2\system32\dllcache\msls31.dll
    2009-01-15 07:35 445,440 ----a-w c:\windows2\system32\dllcache\ieapfltr.dll
    2008-12-22 22:31 --------- d-----w c:\program files\Democracy_at
    2008-12-18 00:36 410,984 ----a-w c:\windows2\system32\deploytk.dll
    2008-12-17 03:41 --------- d-----w c:\documents and settings\Peter Wroblewski\Application Data\LimeWire
    2008-12-11 10:57 333,952 ----a-w c:\windows2\system32\drivers\srv.sys
    2008-12-11 10:57 333,952 ------w c:\windows2\system32\dllcache\srv.sys
    2005-02-16 23:53 266 --sh--w c:\program files\desktop.ini
    2005-02-16 23:53 11,079 ---h--w c:\program files\folder.htt
    2002-07-27 00:02 153,088 ----a-w c:\program files\UNWISE.EXE
    2008-06-15 18:16 32,768 --sha-w c:\windows2\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008061520080616\index.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
    "ctfmon.exe "= "c:\windows2\system32\ctfmon.exe" [2008-04-13 15360]
    "Skype "= "c:\program files\Skype\Phone\Skype.exe" [2008-02-12 21898024]
    "WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
    "Google Update "= "c:\documents and settings\Peter Wroblewski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-05 133104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATICCC "= "c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
    "NeroFilterCheck "= "c:\windows2\system32\NeroCheck.exe" [2001-07-09 155648]
    "InCD "= "c:\program files\Ahead\InCD\InCD.exe" [2005-01-27 1381376]
    "Adobe Photo Downloader "= "c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
    "HostManager "= "c:\program files\Common Files\AOL\1155073393\ee\AOLSoftware.exe" [2006-05-09 50760]
    "IPHSend "= "c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
    "PinnacleDriverCheck "= "c:\windows2\system32\PSDrvCheck.exe" [2004-03-11 406016]
    "USB2Check "= "c:\windows2\system32\PCLECoInst.dll" [2007-02-20 81920]
    "USBToolTip "= "c:\program files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2006-06-01 196608]
    "AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-25 1601304]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
    "SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "RTHDCPL "= "RTHDCPL.EXE" [2005-04-26 c:\windows2\RTHDCPL.EXE]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-01-25 09:43 10520 c:\windows2\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.MJPG "= Pvmjpg30.dll
    "aux2 "= wdmaud.sys

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
    "c:\\Program Files\\Common Files\\AOL\\1155073393\\ee\\aolsoftware.exe "=
    "c:\\Program Files\\Common Files\\AOL\\1155073393\\ee\\aim6.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe "=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe "=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe "=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe "=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe "=
    "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program Files\\AVG\\AVG8\\avgam.exe "=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP "= 3389:TCP:mad:xpsp2res.dll,-22009
    "81:TCP "= 81:TCP:Axon Web Server

    R0 AvgRkx86;avgrkx86.sys;c:\windows2\system32\drivers\avgrkx86.sys [2009-01-25 12552]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows2\system32\drivers\avgldx86.sys [2009-01-25 325128]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows2\system32\drivers\avgtdix.sys [2009-01-25 107272]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-25 298264]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-10 24652]
    S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;c:\windows2\system32\drivers\MarvinAVS.sys [2007-05-09 434176]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-29 356920]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows2\system32\rundll32.exe" "c:\windows2\system32\iedkcs32.dll ",BrandIEActiveSetup SIGNUP
    .
    Contents of the 'Scheduled Tasks' folder

    2009-02-09 c:\windows2\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

    2009-02-10 c:\windows2\Tasks\User_Feed_Synchronization-{F4B4D95F-5693-46B0-83EA-783196EA84F9}.job
    - c:\windows2\system32\msfeedssync.exe [2009-01-15 02:01]

    2009-02-08 c:\windows2\Tasks\RegCure.job
    - c:\program files\RegCure\RegCure.exe [2007-08-02 09:20]

    2009-02-10 c:\windows2\Tasks\RegCure Program Check.job
    - c:\program files\RegCure\RegCure.exe [2007-08-02 09:20]

    2009-02-11 c:\windows2\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-28 23:56]

    2009-02-11 c:\windows2\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1935655697-725345543-1003.job
    - c:\documents and settings\Peter Wroblewski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-05 13:17]
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-Aim6 - (no file)


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
    uInternet Settings,ProxyOverride = *.local
    IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    Trusted Zone: moove.com
    DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://65.5.111.17/activex/AMC.cab
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-10 23:14:05
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel "= "Apartment "
    @= "c:\\WINDOWS2\\system32\\OLE32.DLL "
    "cd042efbbd7f7af1647644e76e06692b "=hex:2e,e8,e1,00,eb,16,2b,de,b0,a2,60,9e,c4,
    7a,6a,df,e2,63,26,f1,3f,c8,ff,68,71,84,06,b6,f4,50,c9,87,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel "= "Apartment "
    @= "c:\\WINDOWS2\\system32\\OLE32.DLL "
    "bca643cdc5c2726b20d2ecedcc62c59b "=hex:71,3b,04,66,8b,46,0d,96,2b,29,35,d5,4a,
    a4,60,93,6a,9c,d6,61,af,45,84,18,33,92,6d,b5,fe,ca,e6,24,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel "= "Apartment "
    @= "c:\\WINDOWS2\\system32\\OLE32.DLL "
    "2c81e34222e8052573023a60d06dd016 "=hex:25,da,ec,7e,55,20,c9,26,45,13,cc,13,e4,
    31,4a,81,ff,7c,85,e0,43,d4,0e,fe,a6,63,b8,78,ff,23,8a,52,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel "= "Apartment "
    @= "c:\\WINDOWS2\\system32\\OLE32.DLL "
    "2582ae41fb52324423be06337561aa48 "=hex:86,8c,21,01,be,91,eb,e7,ab,63,fe,27,12,
    51,ba,12,86,8c,21,01,be,91,eb,e7,60,8c,bb,84,6a,94,4c,e5,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel "= "Apartment "
    @= "c:\\WINDOWS2\\system32\\OLE32.DLL "
    "caaeda5fd7a9ed7697d9686d4b818472 "=hex:f5,1d,4d,73,a8,13,5c,05,15,f0,6d,07,ad,
    b7,62,09,f5,1d,4d,73,a8,13,5c,05,1f,a1,71,1b,60,26,bd,18,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel "= "Apartment "
    @= "c:\\WINDOWS2\\system32\\OLE32.DLL "
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d "=hex:b0,18,ed,a7,3f,8d,37,a4,1a,47,05,28,4e,
    e7,6e,82,df,20,58,62,78,6b,cf,c8,76,03,a3,fa,ed,14,4a,a1,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel "= "Apartment "
    @= "c:\\WINDOWS2\\system32\\OLE32.DLL "
    "4d370831d2c43cd13623e232fed27b7b "=hex:31,77,e1,ba,b1,f8,68,02,11,72,90,dc,51,
    4d,66,95,fb,a7,78,e6,12,2f,9a,ea,66,23,54,20,44,a4,44,99,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel "= "Apartment "
    @= "c:\\WINDOWS2\\system32\\OLE32.DLL "
    "1d68fe701cdea33e477eb204b76f993d "=hex:01,3a,48,fc,e8,04,4a,f1,ca,48,9c,2d,19,
    61,c5,20,01,3a,48,fc,e8,04,4a,f1,b0,02,47,48,bd,c7,bb,06,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel "= "Apartment "
    @= "c:\\WINDOWS2\\system32\\OLE32.DLL "
    "1fac81b91d8e3c5aa4b0a51804d844a3 "=hex:51,fa,6e,91,28,9e,14,cc,0e,41,82,af,62,
    4b,1a,13,f6,0f,4e,58,98,5b,89,c9,72,60,5d,f2,1d,6f,be,cd,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel "= "Apartment "
    @= "c:\\WINDOWS2\\system32\\OLE32.DLL "
    "f5f62a6129303efb32fbe080bb27835b "=hex:3d,ce,ea,26,2d,45,aa,78,2d,77,b5,9b,d1,
    e2,b3,62,3d,ce,ea,26,2d,45,aa,78,10,d2,54,38,18,e7,84,22,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel "= "Apartment "
    @= "c:\\WINDOWS2\\system32\\OLE32.DLL "
    "fd4e2e1a3940b94dceb5a6a021f2e3c6 "=hex:e3,0e,66,d5,eb,bc,2f,6b,80,c5,9a,da,13,
    d3,12,cc,2a,b7,cc,b5,b9,7f,41,e7,77,8b,4b,b8,7a,9b,ee,45,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel "= "Apartment "
    @= "c:\\WINDOWS2\\system32\\OLE32.DLL "
    "8a8aec57dd6508a385616fbc86791ec2 "=hex:6c,43,2d,1e,aa,22,2f,9c,bb,6c,5f,d4,48,
    86,05,db,6c,43,2d,1e,aa,22,2f,9c,50,ee,ec,d3,56,52,c3,c4,6c,43,2d,1e,aa,22,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(564)
    c:\windows2\system32\Ati2evxx.dll
    .
    Completion time: 2009-02-10 23:15:25
    ComboFix-quarantined-files.txt 2009-02-11 05:15:24

    Pre-Run: 32,809,418,752 bytes free
    Post-Run: 33,739,210,752 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS2
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS2= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    639 --- E O F --- 2009-01-29 23:55:41
     
  15. 2009/02/10
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Code:
    File::
    C:\WINDOWS\system32\wdmaud.sys
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
     "aux2 "=-
    RegNull::
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    
    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.
     
  16. 2009/02/11
    CirrusFalcon

    CirrusFalcon Inactive Thread Starter

    Joined:
    2009/01/30
    Messages:
    15
    Likes Received:
    0
    ComboFix 09-02-10.02 - Peter Wroblewski 2009-02-10 23:56:06.2 - FAT32x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1461 [GMT -6:00]
    Running from: c:\documents and settings\Peter Wroblewski\My Documents\Downloads\ComboFix.exe
    Command switches used :: c:\documents and settings\Peter Wroblewski\Desktop\Nate's Stuff\CFScript.txt
    AV: AVG Anti-Virus *On-access scanning disabled* (Updated)
    * Created a new restore point

    FILE ::
    c:\windows\system32\wdmaud.sys
    .

    ((((((((((((((((((((((((( Files Created from 2009-01-11 to 2009-02-11 )))))))))))))))))))))))))))))))
    .

    2009-02-04 17:26 . 2009-02-04 17:26 <DIR> d-------- c:\documents and settings\Peter Wroblewski\Application Data\skypePM
    2009-02-04 17:26 . 2009-02-04 17:26 32 --a------ c:\documents and settings\All Users\Application Data\ezsid.dat
    2009-02-04 15:01 . 2009-02-04 15:01 <DIR> d-------- c:\documents and settings\Peter Wroblewski\.lilypond-fonts.cache-2
    2009-02-04 14:45 . 2009-02-04 14:45 <DIR> d-------- c:\program files\LilyPond
    2009-02-03 17:25 . 2009-02-03 17:25 131,584 --a------ c:\windows2\system32\SpoonUninstall.exe
    2009-02-03 17:25 . 2009-02-03 17:23 34,358 --a------ c:\windows2\system32\SpoonUninstall-iabc.bmp
    2009-02-03 17:25 . 2009-02-03 17:25 19,506 --a------ c:\windows2\system32\SpoonUninstall-iabc.dat
    2009-02-03 17:23 . 2009-02-03 17:24 <DIR> d-------- C:\iabc
    2009-02-03 14:57 . 2009-02-03 15:05 4,189 --a------ c:\windows2\imsins.BAK
    2009-02-01 15:59 . 2009-02-01 15:59 <DIR> d-------- c:\program files\Carina Software
    2009-01-31 11:47 . 2009-01-31 11:47 <DIR> d-------- c:\program files\RegCure
    2009-01-29 19:34 . 2009-01-29 19:34 <DIR> d-------- c:\program files\iTunes
    2009-01-29 19:34 . 2009-01-29 19:34 <DIR> d-------- c:\program files\iPod
    2009-01-29 19:34 . 2009-01-29 19:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2009-01-29 19:32 . 2009-01-29 19:32 <DIR> d-------- c:\program files\QuickTime
    2009-01-29 18:36 . 2009-01-29 18:36 <DIR> d--hs---- c:\documents and settings\Peter Wroblewski\IECompatCache
    2009-01-29 18:09 . 2009-01-29 18:09 <DIR> d--hs---- c:\documents and settings\Peter Wroblewski\IETldCache
    2009-01-29 18:02 . 2009-01-29 18:03 <DIR> d--h----- c:\windows2\ie8
    2009-01-29 18:00 . 2009-01-10 23:00 79,360 --------- c:\windows2\system32\dllcache\iecompat.dll
    2009-01-29 14:55 . 2009-01-29 14:55 <DIR> d-------- c:\documents and settings\Peter Wroblewski\Application Data\Malwarebytes
    2009-01-29 14:54 . 2009-01-29 14:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-29 01:01 . 2009-01-29 01:01 <DIR> d-------- c:\program files\Common Files\Skype
    2009-01-29 00:01 . 2009-01-29 00:41 81,288 --a------ c:\windows2\system32\drivers\iksyssec.sys
    2009-01-29 00:01 . 2009-01-29 00:41 66,952 --a------ c:\windows2\system32\drivers\iksysflt.sys
    2009-01-29 00:01 . 2009-01-29 00:41 40,840 --a------ c:\windows2\system32\drivers\ikfilesec.sys
    2009-01-29 00:01 . 2008-06-02 15:19 29,576 --a------ c:\windows2\system32\drivers\kcom.sys
    2009-01-29 00:00 . 2009-01-29 00:00 <DIR> d-------- c:\program files\Spyware Doctor
    2009-01-29 00:00 . 2009-01-29 00:00 <DIR> d-------- c:\documents and settings\Peter Wroblewski\Application Data\PC Tools
    2009-01-28 23:56 . 2009-01-28 23:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
    2009-01-28 23:28 . 2009-01-28 23:28 <DIR> d-------- c:\program files\Trend Micro
    2009-01-28 23:22 . 2009-01-28 23:22 156 --a------ c:\windows2\wininit.ini
    2009-01-28 22:47 . 2009-01-28 22:47 <DIR> d-------- c:\program files\Spybot - Search & Destroy
    2009-01-28 22:47 . 2009-01-28 22:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-01-28 22:29 . 2009-01-28 22:40 36 -r-h----- c:\windows2\sued.dat
    2009-01-28 17:48 . 2008-04-13 13:45 32,128 --a------ c:\windows2\system32\drivers\usbccgp.sys
    2009-01-28 17:48 . 2008-04-13 13:45 32,128 --a------ c:\windows2\system32\dllcache\usbccgp.sys
    2009-01-28 17:48 . 2008-04-13 13:45 10,368 --a------ c:\windows2\system32\drivers\hidusb.sys
    2009-01-28 17:48 . 2008-04-13 13:45 10,368 --a------ c:\windows2\system32\dllcache\hidusb.sys
    2009-01-26 05:43 . 2009-01-26 05:43 <DIR> d--hs---- c:\windows2\Installer
    2009-01-26 04:52 . 2009-01-26 04:52 <DIR> d--hs---- c:\documents and settings\Lisa\PrivacIE
    2009-01-26 04:52 . 2009-01-26 04:52 <DIR> d-------- c:\documents and settings\Lisa\Application Data\AVGTOOLBAR
    2009-01-26 03:00 . 2009-01-26 03:00 <DIR> d-------- c:\windows2\ie8updates
    2009-01-25 11:17 . 2009-01-25 11:17 <DIR> d-------- C:\AVGTemp
    2009-01-25 10:34 . 2009-01-25 10:34 <DIR> d--h----- C:\$AVG8.VAULT$
    2009-01-25 09:43 . 2009-01-25 09:43 <DIR> d-------- c:\windows2\system32\drivers\Avg
    2009-01-25 09:43 . 2009-01-25 09:43 <DIR> d-------- c:\program files\AVG
    2009-01-25 09:43 . 2009-01-25 09:43 <DIR> d-------- c:\documents and settings\Peter Wroblewski\Application Data\AVGTOOLBAR
    2009-01-25 09:43 . 2009-01-25 09:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
    2009-01-25 09:43 . 2009-01-25 09:43 325,128 --a------ c:\windows2\system32\drivers\avgldx86.sys
    2009-01-25 09:43 . 2009-01-25 09:43 107,272 --a------ c:\windows2\system32\drivers\avgtdix.sys
    2009-01-25 09:43 . 2009-01-25 09:43 12,552 --a------ c:\windows2\system32\drivers\avgrkx86.sys
    2009-01-25 09:43 . 2009-01-25 09:43 10,520 --a------ c:\windows2\system32\avgrsstx.dll
    2009-01-24 15:02 . 2009-01-24 15:02 <DIR> d--hs---- c:\documents and settings\Peter Wroblewski\PrivacIE
    2009-01-18 23:06 . 2009-01-18 23:06 <DIR> d-------- c:\program files\CCleaner
    2009-01-16 05:09 . 2009-01-16 05:09 <DIR> d--hs---- C:\FOUND.009
    2009-01-15 02:22 . 2009-01-15 02:22 49,152 --------- c:\windows2\system32\msrating.dll.mui
    2009-01-15 02:21 . 2009-01-15 02:21 2,560 --------- c:\windows2\system32\mshta.exe.mui
    2009-01-15 02:19 . 2009-01-15 02:19 81,920 --------- c:\windows2\system32\iedkcs32.dll.mui
    2009-01-15 02:19 . 2009-01-15 02:19 4,096 --------- c:\windows2\system32\ie4uinit.exe.mui
    2009-01-15 02:04 . 2009-01-15 02:04 18,944 --------- c:\windows2\system32\dllcache\corpol.dll
    2009-01-11 06:31 . 2009-01-11 06:31 <DIR> d--hs---- C:\FOUND.008

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-15 08:17 636,264 ----a-w c:\windows2\system32\dllcache\iexplore.exe
    2009-01-15 08:17 392,040 ----a-w c:\windows2\system32\dllcache\iedkcs32.dll
    2009-01-15 08:13 5,888,512 ----a-w c:\windows2\system32\dllcache\mshtml.dll
    2009-01-15 08:12 10,963,968 ----a-w c:\windows2\system32\dllcache\ieframe.dll
    2009-01-15 08:06 236,544 ----a-w c:\windows2\system32\dllcache\webcheck.dll
    2009-01-15 08:06 105,984 ----a-w c:\windows2\system32\dllcache\url.dll
    2009-01-15 08:06 1,182,720 ----a-w c:\windows2\system32\dllcache\urlmon.dll
    2009-01-15 08:05 911,872 ----a-w c:\windows2\system32\wininet.dll
    2009-01-15 08:05 911,872 ----a-w c:\windows2\system32\dllcache\wininet.dll
    2009-01-15 08:05 43,008 ----a-w c:\windows2\system32\licmgr10.dll
    2009-01-15 08:05 43,008 ----a-w c:\windows2\system32\dllcache\licmgr10.dll
    2009-01-15 08:05 193,536 ----a-w c:\windows2\system32\dllcache\msrating.dll
    2009-01-15 08:05 109,056 ----a-w c:\windows2\system32\dllcache\occache.dll
    2009-01-15 08:04 755,200 ----a-w c:\windows2\system32\dllcache\VGX.dll
    2009-01-15 08:04 25,600 ----a-w c:\windows2\system32\dllcache\jsproxy.dll
    2009-01-15 08:04 18,944 ----a-w c:\windows2\system32\corpol.dll
    2009-01-15 08:02 611,840 ----a-w c:\windows2\system32\dllcache\mstime.dll
    2009-01-15 08:02 593,920 ----a-w c:\windows2\system32\dllcache\msfeeds.dll
    2009-01-15 08:02 1,975,296 ----a-w c:\windows2\system32\dllcache\iertutil.dll
    2009-01-15 08:01 66,560 ----a-w c:\windows2\system32\dllcache\mshtmled.dll
    2009-01-15 08:01 59,904 ----a-w c:\windows2\system32\dllcache\icardie.dll
    2009-01-15 08:01 54,272 ----a-w c:\windows2\system32\dllcache\msfeedsbs.dll
    2009-01-15 08:01 46,592 ----a-w c:\windows2\system32\dllcache\pngfilt.dll
    2009-01-15 08:01 348,160 ----a-w c:\windows2\system32\dllcache\dxtmsft.dll
    2009-01-15 08:01 34,304 ----a-w c:\windows2\system32\imgutil.dll
    2009-01-15 08:01 34,304 ----a-w c:\windows2\system32\dllcache\imgutil.dll
    2009-01-15 08:01 216,064 ----a-w c:\windows2\system32\dllcache\dxtrans.dll
    2009-01-15 08:01 183,808 ----a-w c:\windows2\system32\dllcache\iepeers.dll
    2009-01-15 08:00 48,128 ----a-w c:\windows2\system32\mshtmler.dll
    2009-01-15 08:00 48,128 ----a-w c:\windows2\system32\dllcache\mshtmler.dll
    2009-01-15 08:00 45,568 ----a-w c:\windows2\system32\mshta.exe
    2009-01-15 08:00 45,568 ----a-w c:\windows2\system32\dllcache\mshta.exe
    2009-01-15 07:53 68,608 ----a-w c:\windows2\system32\dllcache\hmmapi.dll
    2009-01-15 07:50 156,160 ----a-w c:\windows2\system32\msls31.dll
    2009-01-15 07:50 156,160 ----a-w c:\windows2\system32\dllcache\msls31.dll
    2009-01-15 07:35 445,440 ----a-w c:\windows2\system32\dllcache\ieapfltr.dll
    2008-12-22 22:31 --------- d-----w c:\program files\Democracy_at
    2008-12-18 00:36 410,984 ----a-w c:\windows2\system32\deploytk.dll
    2008-12-17 03:41 --------- d-----w c:\documents and settings\Peter Wroblewski\Application Data\LimeWire
    2008-12-11 10:57 333,952 ----a-w c:\windows2\system32\drivers\srv.sys
    2008-12-11 10:57 333,952 ------w c:\windows2\system32\dllcache\srv.sys
    2005-02-16 23:53 266 --sh--w c:\program files\desktop.ini
    2005-02-16 23:53 11,079 ---h--w c:\program files\folder.htt
    2002-07-27 00:02 153,088 ----a-w c:\program files\UNWISE.EXE
    2008-06-15 18:16 32,768 --sha-w c:\windows2\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008061520080616\index.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
    "ctfmon.exe "= "c:\windows2\system32\ctfmon.exe" [2008-04-13 15360]
    "Skype "= "c:\program files\Skype\Phone\Skype.exe" [2008-02-12 21898024]
    "WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
    "Google Update "= "c:\documents and settings\Peter Wroblewski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-05 133104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATICCC "= "c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
    "NeroFilterCheck "= "c:\windows2\system32\NeroCheck.exe" [2001-07-09 155648]
    "InCD "= "c:\program files\Ahead\InCD\InCD.exe" [2005-01-27 1381376]
    "Adobe Photo Downloader "= "c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
    "HostManager "= "c:\program files\Common Files\AOL\1155073393\ee\AOLSoftware.exe" [2006-05-09 50760]
    "IPHSend "= "c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
    "PinnacleDriverCheck "= "c:\windows2\system32\PSDrvCheck.exe" [2004-03-11 406016]
    "USB2Check "= "c:\windows2\system32\PCLECoInst.dll" [2007-02-20 81920]
    "USBToolTip "= "c:\program files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2006-06-01 196608]
    "AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-25 1601304]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
    "SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "RTHDCPL "= "RTHDCPL.EXE" [2005-04-26 c:\windows2\RTHDCPL.EXE]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-01-25 09:43 10520 c:\windows2\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.MJPG "= Pvmjpg30.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
    "c:\\Program Files\\Common Files\\AOL\\1155073393\\ee\\aolsoftware.exe "=
    "c:\\Program Files\\Common Files\\AOL\\1155073393\\ee\\aim6.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe "=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe "=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe "=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe "=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe "=
    "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program Files\\AVG\\AVG8\\avgam.exe "=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP "= 3389:TCP:mad:xpsp2res.dll,-22009
    "81:TCP "= 81:TCP:Axon Web Server

    R0 AvgRkx86;avgrkx86.sys;c:\windows2\system32\drivers\avgrkx86.sys [2009-01-25 12552]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows2\system32\drivers\avgldx86.sys [2009-01-25 325128]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows2\system32\drivers\avgtdix.sys [2009-01-25 107272]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-25 298264]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-10 24652]
    S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;c:\windows2\system32\drivers\MarvinAVS.sys [2007-05-09 434176]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-29 356920]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows2\system32\rundll32.exe" "c:\windows2\system32\iedkcs32.dll ",BrandIEActiveSetup SIGNUP
    .
    Contents of the 'Scheduled Tasks' folder

    2009-02-09 c:\windows2\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

    2009-02-10 c:\windows2\Tasks\User_Feed_Synchronization-{F4B4D95F-5693-46B0-83EA-783196EA84F9}.job
    - c:\windows2\system32\msfeedssync.exe [2009-01-15 02:01]

    2009-02-08 c:\windows2\Tasks\RegCure.job
    - c:\program files\RegCure\RegCure.exe [2007-08-02 09:20]

    2009-02-10 c:\windows2\Tasks\RegCure Program Check.job
    - c:\program files\RegCure\RegCure.exe [2007-08-02 09:20]

    2009-02-11 c:\windows2\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-28 23:56]

    2009-02-11 c:\windows2\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1935655697-725345543-1003.job
    - c:\documents and settings\Peter Wroblewski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-05 13:17]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
    uInternet Settings,ProxyOverride = *.local
    IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    Trusted Zone: moove.com
    DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://65.5.111.17/activex/AMC.cab
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-10 23:56:59
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(564)
    c:\windows2\system32\Ati2evxx.dll
    .
    Completion time: 2009-02-10 23:58:11
    ComboFix-quarantined-files.txt 2009-02-11 05:58:10
    ComboFix2.txt 2009-02-11 05:15:28

    Pre-Run: 33,669,808,128 bytes free
    Post-Run: 33,653,981,184 bytes free

    235 --- E O F --- 2009-01-29 23:55:41
     
  17. 2009/02/11
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Looks good. Has the redirection stopped?

    Lets get an online scan to see if there's anything else hiding. Please do an online scan with Kaspersky Online Scanner

    Click Accept, when prompted to download and install the program files and database of malware definitions.
    • Click Run at the Security prompt.
    • The program will then begin downloading and installing and will also update the database.
    • Please be patient as this can take several minutes.
    • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Click View scan report at the bottom.
    • Click the Save Report As... button.
    • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
    **Note**

    To optimize scanning time and produce a more sensible report for review:
    • Close any open programs.
    • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.


    Post the Kaspersky log here.
     
  18. 2009/02/11
    CirrusFalcon

    CirrusFalcon Inactive Thread Starter

    Joined:
    2009/01/30
    Messages:
    15
    Likes Received:
    0
    That seemed to do the trick. I can't thank you enough! You have saved me countless hours and dollars. Thank you very, very much.
     
  19. 2009/02/11
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    You're most welcome. :)

    Again, really sorry about the long wait ..... had to relax and re-group a few days due to burnout.
     
  20. 2009/02/11
    CirrusFalcon

    CirrusFalcon Inactive Thread Starter

    Joined:
    2009/01/30
    Messages:
    15
    Likes Received:
    0
    I don't mind. You don't have to apologize. If anyone should, it should be me for making you endure this headache with me. I can't even imagine. If anything, you guys deserve more rest. From the looks of it, this problem is very common and probably causing you guys a lot of grief. Do anti-virus/spyware removers recieve updates from the tech here? I would hope there is some communication so that they can develop an update to alleviate your workload. I'll post the Kaspersky results as soon as I can.
     
  21. 2009/02/11
    CirrusFalcon

    CirrusFalcon Inactive Thread Starter

    Joined:
    2009/01/30
    Messages:
    15
    Likes Received:
    0
    Does anyone know the root of this particular problem?
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.