Jump to content

SVCHost.exe Virus? Among others?


dreamr

Recommended Posts

Hey there,

I am having a bit of trouble with my computer. I clicked on a google search link a day and a half ago and got the "this site may harm your computer" screen. I tried backing out of it, but apparently, it was too late. All kinds of different popups started popping up. Security Suite among others. I seem to have removed that one, but my computer is still having problems. Namely, there seems to be an svchost.exe file that is taking up all of my RAM when viewing the task manager.

I've scanned with MalwareBytes several times and supposedly cured the infection...but upon reboot, it's back. I've scanned with MalwareBytes, Spybot S&D, Dr. CureIt, and I've also ran CCleaner. So far, nothing seems to have actually cleaned it for good, so I really could use some help.

Also, Chrome gives an error when I try to open it ("application failed to initialize properly" 0xc0000022). I'm using FireFox right now, which at least lets me get online, but after about 2-3 minutes of having it open, a new tab opens automatically and goes to a random website. Also, I've noticed that if I do a google search and click on a search result, it usually redirects to a random website instead of going to the actual link location.

I've followed the guide stickied in this forum, so I'm really hoping that someone here can help me out. Thanks for looking. :)

DDS.txt:

DDS (Ver_10-03-17.01) - NTFSx86 MINIMAL

Run by Owner at 15:39:32.15 on Mon 09/06/2010

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_18

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.759.616 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\Softex\OmniPass\OPXPApp.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://srch-qus8.hpwis.com/

uDefault_Page_URL = hxxp://qus8.hpwis.com/

uDefault_Search_URL = hxxp://srch-qus8.hpwis.com/

uSearch Bar = hxxp://srch-qus8.hpwis.com/

mDefault_Page_URL = hxxp://qus8.hpwis.com/

mDefault_Search_URL = hxxp://srch-qus8.hpwis.com/

mSearch Page = hxxp://srch-qus8.hpwis.com/

mStart Page = hxxp://qus8.hpwis.com/

mSearch Bar = hxxp://srch-qus8.hpwis.com/

uInternet Connection Wizard,ShellNext = hxxp://www.avg.com/platforms

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = http=127.0.0.1:6092

BHO: Yahoo! Companion BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\common\ycomp5,1,1,0.dll

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx

BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realone player\rpbrowserrecordplugin.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File

TB: &Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\common\ycomp5,1,1,0.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [KBD] c:\hp\kbd\KBD.EXE

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [AlcxMonitor] ALCXMNTR.EXE

mRun: [PS2] c:\windows\system32\ps2.exe

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\docume~1\owner\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system

scanszip.zip

Link to post
Share on other sites

Hi, dreamr :blink:

:blink:

You may be infected with a backdoor trojan. I would suggest you backup your important documents before proceeding.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Note: What may work for dreamr may not for others users. Stay on your own thread until someone answer your request.

Link to post
Share on other sites

Thank you for the reply. :blink:

Here is the requested log:

2010/09/06 20:20:58.0500 TDSS rootkit removing tool 2.4.2.0 Sep 3 2010 10:26:06

2010/09/06 20:20:58.0500 ================================================================================

2010/09/06 20:20:58.0500 SystemInfo:

2010/09/06 20:20:58.0500

2010/09/06 20:20:58.0500 OS Version: 5.1.2600 ServicePack: 2.0

2010/09/06 20:20:58.0500 Product type: Workstation

2010/09/06 20:20:58.0500 ComputerName: DEANNA

2010/09/06 20:20:58.0500 UserName: Owner

2010/09/06 20:20:58.0500 Windows directory: C:\WINDOWS

2010/09/06 20:20:58.0500 System windows directory: C:\WINDOWS

2010/09/06 20:20:58.0500 Processor architecture: Intel x86

2010/09/06 20:20:58.0500 Number of processors: 1

2010/09/06 20:20:58.0500 Page size: 0x1000

2010/09/06 20:20:58.0500 Boot type: Normal boot

2010/09/06 20:20:58.0500 ================================================================================

2010/09/06 20:20:59.0281 Initialize success

2010/09/06 20:21:03.0109 ================================================================================

2010/09/06 20:21:03.0109 Scan started

2010/09/06 20:21:03.0109 Mode: Manual;

2010/09/06 20:21:03.0109 ================================================================================

2010/09/06 20:21:07.0421 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/09/06 20:21:07.0687 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/09/06 20:21:08.0171 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys

2010/09/06 20:21:08.0453 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2010/09/06 20:21:08.0687 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys

2010/09/06 20:21:08.0921 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys

2010/09/06 20:21:09.0843 ALCXWDM (464e0aeee0843c6c0275fb55d859516c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2010/09/06 20:21:10.0375 AmdK7 (680ad1c1bb16239e28d8f33a54a7a3c7) C:\WINDOWS\system32\DRIVERS\amdk7.sys

2010/09/06 20:21:11.0500 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/09/06 20:21:11.0750 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/09/06 20:21:12.0156 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/09/06 20:21:12.0468 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/09/06 20:21:12.0750 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys

2010/09/06 20:21:13.0078 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys

2010/09/06 20:21:13.0343 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/09/06 20:21:13.0625 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/09/06 20:21:13.0890 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/09/06 20:21:14.0343 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/09/06 20:21:14.0609 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/09/06 20:21:14.0875 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/09/06 20:21:16.0296 DCamUSBSQTECH (9c98671eb51a6c9e807d807b3f70faa0) C:\WINDOWS\system32\Drivers\SQcaptur.sys

2010/09/06 20:21:16.0625 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/09/06 20:21:16.0968 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

2010/09/06 20:21:17.0312 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

2010/09/06 20:21:17.0546 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/09/06 20:21:17.0875 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2010/09/06 20:21:18.0296 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/09/06 20:21:18.0625 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/09/06 20:21:18.0906 fasttx2k (c3901c5b9e491daa8c96d4219f691ef5) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys

2010/09/06 20:21:19.0187 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/09/06 20:21:19.0468 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

2010/09/06 20:21:19.0718 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/09/06 20:21:19.0968 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/09/06 20:21:20.0250 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/09/06 20:21:20.0515 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/09/06 20:21:20.0781 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/09/06 20:21:21.0062 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS

2010/09/06 20:21:21.0625 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/09/06 20:21:22.0312 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/09/06 20:21:22.0578 ialm (a79029861cb69cd3cf4eab9ebfee32dd) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2010/09/06 20:21:22.0859 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/09/06 20:21:23.0390 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/09/06 20:21:23.0656 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/09/06 20:21:23.0937 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/09/06 20:21:24.0187 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/09/06 20:21:24.0453 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/09/06 20:21:24.0703 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/09/06 20:21:24.0953 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/09/06 20:21:25.0250 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/09/06 20:21:25.0578 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/09/06 20:21:25.0828 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys

2010/09/06 20:21:26.0062 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/09/06 20:21:26.0640 ltmodem5 (897d2fa0102c0cd5255f6fe94bbfa7b3) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys

2010/09/06 20:21:26.0953 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/09/06 20:21:27.0234 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

2010/09/06 20:21:27.0515 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/09/06 20:21:27.0765 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/09/06 20:21:28.0390 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/09/06 20:21:28.0656 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/09/06 20:21:28.0953 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2010/09/06 20:21:29.0234 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/09/06 20:21:29.0468 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/09/06 20:21:29.0718 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/09/06 20:21:29.0968 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/09/06 20:21:30.0218 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/09/06 20:21:30.0500 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

2010/09/06 20:21:30.0765 MxlW2k (63d074073d5fda93163517c2a8f2ba5a) C:\WINDOWS\system32\drivers\MxlW2k.sys

2010/09/06 20:21:31.0000 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/09/06 20:21:31.0281 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2010/09/06 20:21:31.0531 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/09/06 20:21:31.0812 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/09/06 20:21:32.0062 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/09/06 20:21:32.0343 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/09/06 20:21:32.0578 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/09/06 20:21:32.0843 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/09/06 20:21:33.0093 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/09/06 20:21:33.0484 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2010/09/06 20:21:33.0765 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/09/06 20:21:34.0109 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/09/06 20:21:34.0468 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/09/06 20:21:34.0828 nv_agp (db36442c20793c53b4128eb85f9a3d32) C:\WINDOWS\system32\DRIVERS\nv_agp.sys

2010/09/06 20:21:35.0078 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/09/06 20:21:35.0343 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/09/06 20:21:35.0593 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/09/06 20:21:35.0875 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/09/06 20:21:36.0171 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/09/06 20:21:36.0437 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/09/06 20:21:36.0937 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\System32\DRIVERS\pciide.sys

2010/09/06 20:21:37.0171 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/09/06 20:21:38.0703 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/09/06 20:21:38.0968 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys

2010/09/06 20:21:39.0250 Ps2 (9b793a1ffd480155fe9ee5261153f21b) C:\WINDOWS\system32\DRIVERS\PS2.sys

2010/09/06 20:21:39.0562 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/09/06 20:21:39.0812 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/09/06 20:21:40.0078 PxHelp20 (cdd1ff48a4e21e0c40d62c15d9c87785) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

2010/09/06 20:21:42.0078 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/09/06 20:21:42.0375 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/09/06 20:21:42.0640 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/09/06 20:21:42.0937 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/09/06 20:21:43.0203 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/09/06 20:21:43.0484 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/09/06 20:21:43.0765 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/09/06 20:21:44.0000 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/09/06 20:21:44.0328 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

2010/09/06 20:21:44.0578 S3Psddr (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys

2010/09/06 20:21:44.0906 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/09/06 20:21:45.0218 Serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/09/06 20:21:45.0500 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/09/06 20:21:45.0781 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/09/06 20:21:46.0312 SiS315 (3b37b6cdd8ccc24f294b9914cc54dba0) C:\WINDOWS\system32\DRIVERS\sisgrp.sys

2010/09/06 20:21:46.0609 SISAGP (8dfbc5aa688caa1b7eebc704250fc06e) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys

2010/09/06 20:21:46.0890 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/09/06 20:21:47.0359 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys

2010/09/06 20:21:47.0656 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/09/06 20:21:47.0953 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/09/06 20:21:48.0265 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/09/06 20:21:48.0546 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/09/06 20:21:48.0796 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2010/09/06 20:21:49.0953 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/09/06 20:21:50.0250 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/09/06 20:21:50.0515 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/09/06 20:21:50.0796 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/09/06 20:21:51.0062 TermDD (c9178ef607928298fb1dd78d5296bec4) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/09/06 20:21:51.0062 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\termdd.sys. Real md5: c9178ef607928298fb1dd78d5296bec4, Fake md5: a540a99c281d933f3d69d55e48727f47

2010/09/06 20:21:51.0093 TermDD - detected Rootkit.Win32.TDSS.tdl3 (0)

2010/09/06 20:21:51.0593 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2010/09/06 20:21:52.0046 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys

2010/09/06 20:21:52.0406 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/09/06 20:21:52.0671 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/09/06 20:21:52.0953 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2010/09/06 20:21:53.0203 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/09/06 20:21:53.0468 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2010/09/06 20:21:53.0703 viaagp1 (0e3e3fae3a0a58b8d936a8e841a17d16) C:\WINDOWS\system32\DRIVERS\viaagp1.sys

2010/09/06 20:21:53.0984 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\System32\DRIVERS\viaide.sys

2010/09/06 20:21:54.0218 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/09/06 20:21:54.0562 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/09/06 20:21:55.0015 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/09/06 20:21:55.0468 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2010/09/06 20:21:55.0750 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/09/06 20:21:56.0031 WUSB54GPV4SRV (70aeec67e87a2002e6b2cc353d56e222) C:\WINDOWS\system32\DRIVERS\rt2500usb.sys

2010/09/06 20:21:56.0453 {6080A529-897E-4629-A488-ABA0C29B635E} (3ee36328e860fbf102b54608a055c6be) C:\WINDOWS\system32\drivers\ialmsbw.sys

2010/09/06 20:21:56.0750 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (17f39a1916733ed228eb46ad67c35426) C:\WINDOWS\system32\drivers\ialmkchw.sys

2010/09/06 20:21:56.0843 ================================================================================

2010/09/06 20:21:56.0843 Scan finished

2010/09/06 20:21:56.0843 ================================================================================

2010/09/06 20:21:56.0906 Detected object count: 1

2010/09/06 20:22:05.0500 TermDD (c9178ef607928298fb1dd78d5296bec4) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/09/06 20:22:05.0500 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\termdd.sys. Real md5: c9178ef607928298fb1dd78d5296bec4, Fake md5: a540a99c281d933f3d69d55e48727f47

2010/09/06 20:22:07.0140 Backup copy found, using it..

2010/09/06 20:22:07.0171 C:\WINDOWS\system32\DRIVERS\termdd.sys - will be cured after reboot

2010/09/06 20:22:07.0171 Rootkit.Win32.TDSS.tdl3(TermDD) - User select action: Cure

2010/09/06 20:22:17.0546 Deinitialize success

Link to post
Share on other sites

Hi, dreamr :blink:

Lets try Combofix.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------


    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combofix.exe & follow the prompts.

[*]Install the Recovery Console if prompted.

[*]When finished, it will produce a report for you.

[*]Please post the "C:\ComboFix.txt" .

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Link to post
Share on other sites

Here ya go:

ComboFix 10-09-06.03 - Owner 09/07/2010 1:05.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.759.345 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\.wtav

c:\documents and settings\All Users\Application Data\V2to07H8.exe

c:\documents and settings\Owner\.COMMgr

c:\hp\KBD\KBD.EXE

c:\progra~1\AVG\AVG9\avgtray.exe

c:\program files\INSTALL.LOG

c:\program files\QuickTime\QTTask.exe

c:\windows\BackUp

c:\windows\BackUp\S\50914000.DAT

c:\windows\daemon.dll

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\dirty_dishes.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\foodtray.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart1.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart2.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart3.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\menu_down.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\menu_up.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\mop_prop.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\ticket.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a1.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a2.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a3.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a4.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\mainmenumusic.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\baby_cry.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\chef_cook1.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\closing_time.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\customer_ditch.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_down.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_up.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\drink_table.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\expert.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_deliver.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_pickup.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\keystroke2.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\level_lose.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\level_win.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\menu_click.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\menu_rollover.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\mop_pickup.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\mop_spill.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_bring_check_1_snd.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_deliver_food_1_snd.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dropoff_drinks_1.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_food_ready_1_snd.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_gain_heart_1.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_get_drinks_1_snd.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_menu_down.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_party_arrive_1_snd.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pencil_write_2.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pickup_food_1_snd.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_seat_people_snd.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\spill.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\table_drink.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\tip_2.ogg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\flo_lose.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\flo_win.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\fullscreendialog.jpg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\high_score_menu_bg.jpg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.jpg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelover.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.jpg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu.jpg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu_logo.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\popup.jpg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\popup.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\textfield.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\upgrade_lines.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_highlight.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_normal.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_selected.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_1.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_2.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_3.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_1.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_2.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_3.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a1.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a2.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a3.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_mask.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_mask.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_down.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_over.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_up.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\welcome_player.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\actionpoints.bin

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\career.bin

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\customer.bin

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\endless.bin

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\global.bin

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\powerups.bin

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cook\stove.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\arrow.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\click.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\click2.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\grab.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\open.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\blue.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\blue_legs.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\legs.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\red.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\red_legs.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\blue.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\blue_legs.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\legs.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\red.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\red_legs.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_baby.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_legs.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\legs.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red_baby.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red_legs.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\anim.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\anim.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\blue.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\blue_legs.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\legs.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\red.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\red_legs.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\idle.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\idle.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\lower.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\lower.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\upper.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\upper.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\fonts\mercurius.mvec

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\bench.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\bench.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\blue_highchairbaby.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\chair.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\chair.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dirt2top.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dirt4top.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dishcart.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dishcart.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\green_highchairbaby.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium_heart.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium_heart.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\purple_highchairbaby.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\radio.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\red_highchairbaby.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\spill.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\spill.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\stereo.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\ticketstation.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\ticketstation.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\yellow_highchairbaby.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\family.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help_dividerline.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_colormatch1.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_colormatch2.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_noise.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_score.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_cleardishes.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_givecheck.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_pickupfood.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_servefood.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_takeorder.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\hiscore\local-hs-bb.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\hiscore\p1icon.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_1.bin

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_2.bin

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_3.bin

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_4.bin

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_5.bin

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_6.bin

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1.bin

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_a.bin

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_b.bin

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_c.bin

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\playfirstlogo.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\background.jpg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\blue.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\grey.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\red.pal

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\cup1.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_0.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_1.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\props\cup_prop1.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrades.xml

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\tableshadow.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\careerupgrade.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\choosedifficulty.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\closeconfirm.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\entername.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\game.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\getmoregames.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\help1.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\help2.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscore.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscoreinfo.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscoresubmit.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\levelintro.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\levelover.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\loading.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\mainloop.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\mainmenu.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\ok.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\pause.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\style.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\upgrade.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\upsell.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\yesno.lua

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\splash\aol_logo.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\splash\playfirst_logo.jpg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\strings.xml

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\angersmoke.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\angersmoke.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_bubble.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_mop.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_rejectmeal.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\chairflags.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\chairflags.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\check.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\checkmark.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\closed.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\coinflip.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\coinflip.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\decor_lines.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\dollar.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\expert.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\foodpoof.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\foodpoof.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\heartgrow.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\heartgrow.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\jar.anm

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\jar.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\lives_icon.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\noisering.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_d.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_e.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_f.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tablenumber_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tablenumber_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\traynumber.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tutorialarrow.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tutorialbox.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_base.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_hand.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_timer_off.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_timer_on.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgradeanim.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_a.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_b.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_c.png

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd1.jpg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd2.jpg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd3.jpg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd4.jpg

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\dinerdash2.exe

c:\windows\Downloaded Program Files\rave

c:\windows\Downloaded Program Files\rave\avirexe.vdm

c:\windows\Downloaded Program Files\rave\avirscr.vdm

c:\windows\Downloaded Program Files\rave\base.vdm

c:\windows\Downloaded Program Files\rave\daily.vdm

c:\windows\Downloaded Program Files\rave\daily.vdt

c:\windows\Downloaded Program Files\rave\filters.vdm

c:\windows\Downloaded Program Files\rave\kernel.vdk

c:\windows\Downloaded Program Files\rave\keyring.vdk

c:\windows\Downloaded Program Files\rave\mapi_vdm.vdm

c:\windows\Downloaded Program Files\rave\modules.vdk

c:\windows\Downloaded Program Files\rave\rav8def.vdm

c:\windows\Downloaded Program Files\rave\rufs.vdm

c:\windows\Downloaded Program Files\rave\rufsplg.vdm

c:\windows\Downloaded Program Files\rave\unarch.vdm

c:\windows\Downloaded Program Files\rave\unmail.vdm

c:\windows\Downloaded Program Files\rave\unpack.vdm

c:\windows\Fonts\y3oP64C.com

c:\windows\Ljezia.exe

c:\windows\patch.exe

c:\windows\SMINST\RECGUARD.EXE

c:\windows\system\hpsysdrv .DAT

c:\windows\system\hpsysdrv .exe

c:\windows\system\hpsysdrv.exe

c:\windows\system32\cache329

c:\windows\system32\cache329\B_329_0_1_501400.htm

c:\windows\system32\cache329\B_329_0_1_501400.swf

c:\windows\system32\cache329\B_329_0_1_502500.htm

c:\windows\system32\cache329\B_329_0_1_502500.swf

c:\windows\system32\cache329\B_329_0_1_509300.htm

c:\windows\system32\cache329\B_329_0_1_509300.swf

c:\windows\system32\cache329\B_329_0_1_512000.htm

c:\windows\system32\cache329\B_329_0_1_512000.swf

c:\windows\system32\cache329\B_329_0_1_514400.htm

c:\windows\system32\cache329\B_329_0_1_514400.swf

c:\windows\system32\cache329\B_329_0_1_518300.htm

c:\windows\system32\cache329\B_329_0_1_518300.swf

c:\windows\system32\cache329\B_329_0_1_529900.htm

c:\windows\system32\cache329\B_329_0_1_529900.swf

c:\windows\system32\cache329\B_329_0_1_530600.htm

c:\windows\system32\cache329\B_329_0_1_530600.swf

c:\windows\system32\cache329\B_329_0_1_531300.htm

c:\windows\system32\cache329\B_329_0_1_531300.swf

c:\windows\system32\cache329\B_329_0_1_545900.htm

c:\windows\system32\cache329\B_329_0_1_545900.swf

c:\windows\system32\cache329\B_329_0_1_549000.htm

c:\windows\system32\cache329\B_329_0_1_549000.swf

c:\windows\system32\cache329\B_329_0_1_560400.htm

c:\windows\system32\cache329\B_329_0_1_560400.swf

c:\windows\system32\cache329\B_329_0_1_562700.htm

c:\windows\system32\cache329\B_329_0_1_562700.swf

c:\windows\system32\cache329\B_329_0_1_566800.htm

c:\windows\system32\cache329\B_329_0_1_566800.swf

c:\windows\system32\cache329\B_329_0_1_567900.htm

c:\windows\system32\cache329\B_329_0_1_567900.swf

c:\windows\system32\cache329\B_329_0_1_579800.htm

c:\windows\system32\cache329\B_329_0_1_579800.swf

c:\windows\system32\cache329\B_329_0_1_581700.htm

c:\windows\system32\cache329\B_329_0_1_581700.swf

c:\windows\system32\cache329\B_329_0_1_590300.htm

c:\windows\system32\cache329\B_329_0_1_590300.swf

c:\windows\system32\cache329\B_329_0_1_593900.htm

c:\windows\system32\cache329\B_329_0_1_593900.swf

c:\windows\system32\cache329\B_329_0_1_598200.htm

c:\windows\system32\cache329\B_329_0_1_598200.swf

c:\windows\system32\cache329\B_329_0_1_598700.htm

c:\windows\system32\cache329\B_329_0_1_598700.swf

c:\windows\system32\cache329\B_329_0_1_598800.htm

c:\windows\system32\cache329\B_329_0_1_598800.swf

c:\windows\system32\cache329\B_329_0_1_600600.htm

c:\windows\system32\cache329\B_329_0_1_600600.swf

c:\windows\system32\cache329\B_329_0_1_600800.htm

c:\windows\system32\cache329\B_329_0_1_600800.swf

c:\windows\system32\cache329\B_329_0_1_601800.htm

c:\windows\system32\cache329\B_329_0_1_601800.swf

c:\windows\system32\cache329\B_329_0_1_603100.htm

c:\windows\system32\cache329\B_329_0_1_603100.swf

c:\windows\system32\cache329\B_329_0_1_611600.htm

c:\windows\system32\cache329\B_329_0_1_611600.swf

c:\windows\system32\cache329\B_329_0_1_622100.gif

c:\windows\system32\cache329\B_329_0_1_623600.htm

c:\windows\system32\cache329\B_329_0_1_623600.swf

c:\windows\system32\cache329\B_329_0_1_627200.htm

c:\windows\system32\cache329\B_329_0_1_627200.swf

c:\windows\system32\cache329\B_329_0_1_631500.htm

c:\windows\system32\cache329\B_329_0_1_631500.swf

c:\windows\system32\cache329\B_329_0_1_632000.htm

c:\windows\system32\cache329\B_329_0_1_632000.swf

c:\windows\system32\cache329\B_329_0_1_632700.htm

c:\windows\system32\cache329\B_329_0_1_632700.swf

c:\windows\system32\cache329\B_329_0_1_658500.gif

c:\windows\system32\cache329\B_329_0_1_666900.htm

c:\windows\system32\cache329\B_329_0_1_666900.swf

c:\windows\system32\cache329\B_329_0_1_667400.htm

c:\windows\system32\cache329\B_329_0_1_667400.swf

c:\windows\system32\cache329\B_329_0_2_557400.htm

c:\windows\system32\cache329\B_329_0_2_557400.swf

c:\windows\system32\cache329\B_329_0_2_557700.htm

c:\windows\system32\cache329\B_329_0_2_557700.swf

c:\windows\system32\cache329\B_329_0_2_559300.htm

c:\windows\system32\cache329\B_329_0_2_559300.swf

c:\windows\system32\cache329\B_329_0_2_577200.htm

c:\windows\system32\cache329\B_329_0_2_577200.swf

c:\windows\system32\cache329\B_329_0_2_578200.htm

c:\windows\system32\cache329\B_329_0_2_578200.swf

c:\windows\system32\cache329\B_329_0_2_578400.gif

c:\windows\system32\cache329\B_329_0_2_579100.htm

c:\windows\system32\cache329\B_329_0_2_579100.swf

c:\windows\system32\cache329\B_329_0_2_579300.htm

c:\windows\system32\cache329\B_329_0_2_579300.swf

c:\windows\system32\cache329\B_329_0_2_599100.htm

c:\windows\system32\cache329\B_329_0_2_599100.swf

c:\windows\system32\cache329\B_329_0_2_631900.htm

c:\windows\system32\cache329\B_329_0_2_631900.swf

c:\windows\system32\cache329\B_329_0_2_668500.htm

c:\windows\system32\cache329\B_329_0_2_668500.swf

c:\windows\system32\cache329\B_329_2_1_501400.htm

c:\windows\system32\cache329\B_329_2_1_501400.swf

c:\windows\system32\cache329\B_329_2_1_502500.htm

c:\windows\system32\cache329\B_329_2_1_502500.swf

c:\windows\system32\cache329\B_329_2_1_509300.htm

c:\windows\system32\cache329\B_329_2_1_509300.swf

c:\windows\system32\cache329\B_329_2_1_511400.htm

c:\windows\system32\cache329\B_329_2_1_511400.swf

c:\windows\system32\cache329\B_329_2_1_512000.htm

c:\windows\system32\cache329\B_329_2_1_512000.swf

c:\windows\system32\cache329\B_329_2_1_512200.htm

c:\windows\system32\cache329\B_329_2_1_512200.swf

c:\windows\system32\cache329\B_329_2_1_513100.htm

c:\windows\system32\cache329\B_329_2_1_513100.swf

c:\windows\system32\cache329\B_329_2_1_514400.htm

c:\windows\system32\cache329\B_329_2_1_514400.swf

c:\windows\system32\cache329\B_329_2_1_518300.htm

c:\windows\system32\cache329\B_329_2_1_518300.swf

c:\windows\system32\cache329\B_329_2_1_520100.gif

c:\windows\system32\cache329\B_329_2_1_529900.htm

c:\windows\system32\cache329\B_329_2_1_529900.swf

c:\windows\system32\cache329\B_329_2_1_530600.htm

c:\windows\system32\cache329\B_329_2_1_530600.swf

c:\windows\system32\cache329\B_329_2_1_531300.htm

c:\windows\system32\cache329\B_329_2_1_531300.swf

c:\windows\system32\cache329\B_329_2_1_535300.htm

c:\windows\system32\cache329\B_329_2_1_535300.swf

c:\windows\system32\cache329\B_329_2_1_538800.gif

c:\windows\system32\cache329\B_329_2_1_539700.gif

c:\windows\system32\cache329\B_329_2_1_544900.gif

c:\windows\system32\cache329\B_329_2_1_545900.htm

c:\windows\system32\cache329\B_329_2_1_545900.swf

c:\windows\system32\cache329\B_329_2_1_547400.gif

c:\windows\system32\cache329\B_329_2_1_549000.htm

c:\windows\system32\cache329\B_329_2_1_549000.swf

c:\windows\system32\cache329\B_329_2_1_549400.htm

c:\windows\system32\cache329\B_329_2_1_549400.swf

c:\windows\system32\cache329\B_329_2_1_555800.gif

c:\windows\system32\cache329\B_329_2_1_560400.htm

c:\windows\system32\cache329\B_329_2_1_560400.swf

c:\windows\system32\cache329\B_329_2_1_562700.htm

c:\windows\system32\cache329\B_329_2_1_562700.swf

c:\windows\system32\cache329\B_329_2_1_566800.htm

c:\windows\system32\cache329\B_329_2_1_566800.swf

c:\windows\system32\cache329\B_329_2_1_567900.htm

c:\windows\system32\cache329\B_329_2_1_567900.swf

c:\windows\system32\cache329\B_329_2_1_579000.htm

c:\windows\system32\cache329\B_329_2_1_579000.swf

c:\windows\system32\cache329\B_329_2_1_579800.htm

c:\windows\system32\cache329\B_329_2_1_579800.swf

c:\windows\system32\cache329\B_329_2_1_581700.htm

c:\windows\system32\cache329\B_329_2_1_581700.swf

c:\windows\system32\cache329\B_329_2_1_590300.htm

c:\windows\system32\cache329\B_329_2_1_590300.swf

c:\windows\system32\cache329\B_329_2_1_592300.htm

c:\windows\system32\cache329\B_329_2_1_592300.swf

c:\windows\system32\cache329\B_329_2_1_593100.gif

c:\windows\system32\cache329\B_329_2_1_593900.htm

c:\windows\system32\cache329\B_329_2_1_593900.swf

c:\windows\system32\cache329\B_329_2_1_598200.htm

c:\windows\system32\cache329\B_329_2_1_598200.swf

c:\windows\system32\cache329\B_329_2_1_598700.htm

c:\windows\system32\cache329\B_329_2_1_598700.swf

c:\windows\system32\cache329\B_329_2_1_598800.htm

c:\windows\system32\cache329\B_329_2_1_598800.swf

c:\windows\system32\cache329\B_329_2_1_600600.htm

c:\windows\system32\cache329\B_329_2_1_600600.swf

c:\windows\system32\cache329\B_329_2_1_600800.htm

c:\windows\system32\cache329\B_329_2_1_600800.swf

c:\windows\system32\cache329\B_329_2_1_601800.htm

c:\windows\system32\cache329\B_329_2_1_601800.swf

c:\windows\system32\cache329\B_329_2_1_603100.htm

c:\windows\system32\cache329\B_329_2_1_603100.swf

c:\windows\system32\cache329\B_329_2_1_604800.htm

c:\windows\system32\cache329\B_329_2_1_604800.swf

c:\windows\system32\cache329\B_329_2_1_605600.htm

c:\windows\system32\cache329\B_329_2_1_605600.swf

c:\windows\system32\cache329\B_329_2_1_605800.htm

c:\windows\system32\cache329\B_329_2_1_605800.swf

c:\windows\system32\cache329\B_329_2_1_611600.htm

c:\windows\system32\cache329\B_329_2_1_611600.swf

c:\windows\system32\cache329\B_329_2_1_622100.gif

c:\windows\system32\cache329\B_329_2_1_623600.htm

c:\windows\system32\cache329\B_329_2_1_623600.swf

c:\windows\system32\cache329\B_329_2_1_625500.htm

c:\windows\system32\cache329\B_329_2_1_625500.swf

c:\windows\system32\cache329\B_329_2_1_627200.htm

c:\windows\system32\cache329\B_329_2_1_627200.swf

c:\windows\system32\cache329\B_329_2_1_631500.htm

c:\windows\system32\cache329\B_329_2_1_631500.swf

c:\windows\system32\cache329\B_329_2_1_632000.htm

c:\windows\system32\cache329\B_329_2_1_632000.swf

c:\windows\system32\cache329\B_329_2_1_632700.htm

c:\windows\system32\cache329\B_329_2_1_632700.swf

c:\windows\system32\cache329\B_329_2_1_653300.htm

c:\windows\system32\cache329\B_329_2_1_653300.swf

c:\windows\system32\cache329\B_329_2_1_658500.gif

c:\windows\system32\cache329\B_329_2_1_666900.htm

c:\windows\system32\cache329\B_329_2_1_666900.swf

c:\windows\system32\cache329\B_329_2_1_667400.htm

c:\windows\system32\cache329\B_329_2_1_667400.swf

c:\windows\system32\cache329\B_329_2_2_534000.htm

c:\windows\system32\cache329\B_329_2_2_534000.swf

c:\windows\system32\cache329\B_329_2_2_557400.htm

c:\windows\system32\cache329\B_329_2_2_557400.swf

c:\windows\system32\cache329\B_329_2_2_557700.htm

c:\windows\system32\cache329\B_329_2_2_557700.swf

c:\windows\system32\cache329\B_329_2_2_559300.htm

c:\windows\system32\cache329\B_329_2_2_559300.swf

c:\windows\system32\cache329\B_329_2_2_577200.htm

c:\windows\system32\cache329\B_329_2_2_577200.swf

c:\windows\system32\cache329\B_329_2_2_578200.htm

c:\windows\system32\cache329\B_329_2_2_578200.swf

c:\windows\system32\cache329\B_329_2_2_578400.gif

c:\windows\system32\cache329\B_329_2_2_579100.htm

c:\windows\system32\cache329\B_329_2_2_579100.swf

c:\windows\system32\cache329\B_329_2_2_579300.htm

c:\windows\system32\cache329\B_329_2_2_579300.swf

c:\windows\system32\cache329\B_329_2_2_599100.htm

c:\windows\system32\cache329\B_329_2_2_599100.swf

c:\windows\system32\cache329\B_329_2_2_631900.htm

c:\windows\system32\cache329\B_329_2_2_631900.swf

c:\windows\system32\cache329\B_329_2_2_668500.htm

c:\windows\system32\cache329\B_329_2_2_668500.swf

c:\windows\system32\cache329\B_329_2_3_536200.htm

c:\windows\system32\cache329\B_329_2_3_536200.swf

c:\windows\system32\cache329\B_329_2_3_536300.htm

c:\windows\system32\cache329\B_329_2_3_536300.swf

c:\windows\system32\cache329\B_329_2_3_578700.gif

c:\windows\system32\cache329\B_329_2_3_582600.gif

c:\windows\system32\cache329\B_329_3_1_501400.htm

c:\windows\system32\cache329\B_329_3_1_501400.swf

c:\windows\system32\cache329\B_329_3_1_502500.htm

c:\windows\system32\cache329\B_329_3_1_502500.swf

c:\windows\system32\cache329\B_329_3_1_509300.htm

c:\windows\system32\cache329\B_329_3_1_509300.swf

c:\windows\system32\cache329\B_329_3_1_512000.htm

c:\windows\system32\cache329\B_329_3_1_512000.swf

c:\windows\system32\cache329\B_329_3_1_514400.htm

c:\windows\system32\cache329\B_329_3_1_514400.swf

c:\windows\system32\cache329\B_329_3_1_518300.htm

c:\windows\system32\cache329\B_329_3_1_518300.swf

c:\windows\system32\cache329\B_329_3_1_529900.htm

c:\windows\system32\cache329\B_329_3_1_529900.swf

c:\windows\system32\cache329\B_329_3_1_530600.htm

c:\windows\system32\cache329\B_329_3_1_530600.swf

c:\windows\system32\cache329\B_329_3_1_531300.htm

c:\windows\system32\cache329\B_329_3_1_531300.swf

c:\windows\system32\cache329\B_329_3_1_545900.htm

c:\windows\system32\cache329\B_329_3_1_545900.swf

c:\windows\system32\cache329\B_329_3_1_549000.htm

c:\windows\system32\cache329\B_329_3_1_549000.swf

c:\windows\system32\cache329\B_329_3_1_555800.gif

c:\windows\system32\cache329\B_329_3_1_560400.htm

c:\windows\system32\cache329\B_329_3_1_560400.swf

c:\windows\system32\cache329\B_329_3_1_562700.htm

c:\windows\system32\cache329\B_329_3_1_562700.swf

c:\windows\system32\cache329\B_329_3_1_567900.htm

c:\windows\system32\cache329\B_329_3_1_567900.swf

c:\windows\system32\cache329\B_329_3_1_579800.htm

c:\windows\system32\cache329\B_329_3_1_579800.swf

c:\windows\system32\cache329\B_329_3_1_581700.htm

c:\windows\system32\cache329\B_329_3_1_581700.swf

c:\windows\system32\cache329\B_329_3_1_590300.htm

c:\windows\system32\cache329\B_329_3_1_590300.swf

c:\windows\system32\cache329\B_329_3_1_593100.gif

c:\windows\system32\cache329\B_329_3_1_593900.htm

c:\windows\system32\cache329\B_329_3_1_593900.swf

c:\windows\system32\cache329\B_329_3_1_598200.htm

c:\windows\system32\cache329\B_329_3_1_598200.swf

c:\windows\system32\cache329\B_329_3_1_598700.htm

c:\windows\system32\cache329\B_329_3_1_598700.swf

c:\windows\system32\cache329\B_329_3_1_598800.htm

c:\windows\system32\cache329\B_329_3_1_598800.swf

c:\windows\system32\cache329\B_329_3_1_600600.htm

c:\windows\system32\cache329\B_329_3_1_600600.swf

c:\windows\system32\cache329\B_329_3_1_600800.htm

c:\windows\system32\cache329\B_329_3_1_600800.swf

c:\windows\system32\cache329\B_329_3_1_601800.htm

c:\windows\system32\cache329\B_329_3_1_601800.swf

c:\windows\system32\cache329\B_329_3_1_603100.htm

c:\windows\system32\cache329\B_329_3_1_603100.swf

c:\windows\system32\cache329\B_329_3_1_611600.htm

c:\windows\system32\cache329\B_329_3_1_611600.swf

c:\windows\system32\cache329\B_329_3_1_622100.gif

c:\windows\system32\cache329\B_329_3_1_623600.htm

c:\windows\system32\cache329\B_329_3_1_623600.swf

c:\windows\system32\cache329\B_329_3_1_627200.htm

c:\windows\system32\cache329\B_329_3_1_627200.swf

c:\windows\system32\cache329\B_329_3_1_631500.htm

c:\windows\system32\cache329\B_329_3_1_631500.swf

c:\windows\system32\cache329\B_329_3_1_632000.htm

c:\windows\system32\cache329\B_329_3_1_632000.swf

c:\windows\system32\cache329\B_329_3_1_632700.htm

c:\windows\system32\cache329\B_329_3_1_632700.swf

c:\windows\system32\cache329\B_329_3_1_658500.gif

c:\windows\system32\cache329\B_329_3_1_666900.htm

c:\windows\system32\cache329\B_329_3_1_666900.swf

c:\windows\system32\cache329\B_329_3_1_667400.htm

c:\windows\system32\cache329\B_329_3_1_667400.swf

c:\windows\system32\cache329\B_329_3_2_557400.htm

c:\windows\system32\cache329\B_329_3_2_557400.swf

c:\windows\system32\cache329\B_329_3_2_557700.htm

c:\windows\system32\cache329\B_329_3_2_557700.swf

c:\windows\system32\cache329\B_329_3_2_559300.htm

c:\windows\system32\cache329\B_329_3_2_559300.swf

c:\windows\system32\cache329\B_329_3_2_577200.htm

c:\windows\system32\cache329\B_329_3_2_577200.swf

c:\windows\system32\cache329\B_329_3_2_578200.htm

c:\windows\system32\cache329\B_329_3_2_578200.swf

c:\windows\system32\cache329\B_329_3_2_578400.gif

c:\windows\system32\cache329\B_329_3_2_579100.htm

c:\windows\system32\cache329\B_329_3_2_579100.swf

c:\windows\system32\cache329\B_329_3_2_579300.htm

c:\windows\system32\cache329\B_329_3_2_579300.swf

c:\windows\system32\cache329\B_329_3_2_599100.htm

c:\windows\system32\cache329\B_329_3_2_599100.swf

c:\windows\system32\cache329\B_329_3_2_631900.htm

c:\windows\system32\cache329\B_329_3_2_631900.swf

c:\windows\system32\cache329\B_329_3_2_668500.htm

c:\windows\system32\cache329\B_329_3_2_668500.swf

c:\windows\system32\cache329\B_329_4_1_512500.htm

c:\windows\system32\cache329\B_329_4_1_515700.htm

c:\windows\system32\cache329\B_329_4_1_515700.swf

c:\windows\system32\cache329\B_329_4_1_517200.htm

c:\windows\system32\cache329\B_329_4_1_517200.swf

c:\windows\system32\cache329\B_329_4_1_551200.htm

c:\windows\system32\cache329\B_329_4_1_557900.htm

c:\windows\system32\cache329\B_329_4_1_579200.htm

c:\windows\system32\cache329\B_329_4_1_581800.htm

c:\windows\system32\cache329\B_329_4_1_588200.htm

c:\windows\system32\cache329\B_329_4_1_593000.gif

c:\windows\system32\cache329\B_329_4_1_593000.htm

c:\windows\system32\cache329\B_329_4_1_601500.gif

c:\windows\system32\cache329\B_329_4_1_601500.htm

c:\windows\system32\cache329\B_329_4_1_602500.htm

c:\windows\system32\cache329\B_329_4_1_602500.swf

c:\windows\system32\cache329\B_329_4_1_602700.htm

c:\windows\system32\cache329\B_329_4_1_602700.swf

c:\windows\system32\cache329\B_329_4_1_604400.htm

c:\windows\system32\cache329\B_329_4_1_604400.swf

c:\windows\system32\cache329\B_329_4_1_653400.htm

c:\windows\system32\cache329\B_329_4_1_653400.swf

c:\windows\system32\cache329\B_329_4_1_657300.htm

c:\windows\system32\cache329\B_329_4_1_657300.swf

c:\windows\system32\cache329\B_329_4_1_683100.gif

c:\windows\system32\cache329\B_329_4_1_683100.htm

c:\windows\system32\cache329\B_329_4_2_504300.htm

c:\windows\system32\cache329\B_329_4_2_515500.htm

c:\windows\system32\cache329\B_329_4_2_533000.htm

c:\windows\system32\cache329\B_329_4_2_552400.htm

c:\windows\system32\cache329\B_329_4_2_552400.swf

c:\windows\system32\cache329\B_329_4_2_552600.htm

c:\windows\system32\cache329\B_329_4_2_552600.swf

c:\windows\system32\cache329\B_329_4_2_553200.htm

c:\windows\system32\cache329\B_329_4_2_553200.swf

c:\windows\system32\cache329\B_329_4_2_553400.gif

c:\windows\system32\cache329\B_329_4_2_553400.htm

c:\windows\system32\cache329\B_329_4_2_562200.htm

c:\windows\system32\cache329\B_329_4_2_562200.swf

c:\windows\system32\cache329\B_329_4_2_578000.htm

c:\windows\system32\cache329\B_329_4_2_578000.swf

c:\windows\system32\cache329\B_329_4_2_583300.htm

c:\windows\system32\cache329\B_329_4_2_583300.swf

c:\windows\system32\cache329\B_329_4_2_583700.htm

c:\windows\system32\cache329\B_329_4_2_583700.swf

c:\windows\system32\cache329\B_329_4_2_584100.htm

c:\windows\system32\cache329\B_329_4_2_584100.swf

c:\windows\system32\cache329\B_329_4_2_585000.htm

c:\windows\system32\cache329\B_329_4_2_585000.swf

c:\windows\system32\cache329\B_329_4_2_585100.htm

c:\windows\system32\cache329\B_329_4_2_585100.swf

c:\windows\system32\cache329\B_329_4_2_593000.gif

c:\windows\system32\cache329\B_329_4_2_593000.htm

c:\windows\system32\cache329\B_329_4_2_607000.htm

c:\windows\system32\cache329\B_329_4_2_617600.htm

c:\windows\system32\cache329\B_329_4_2_632600.htm

c:\windows\system32\cache329\B_329_4_2_632600.swf

c:\windows\system32\cache329\B_329_4_2_632800.htm

c:\windows\system32\cache329\B_329_4_2_632800.swf

c:\windows\system32\cache329\B_329_4_2_673800.htm

c:\windows\system32\cache329\B_329_4_2_673800.swf

c:\windows\system32\cache329\B_329_4_2_673900.htm

c:\windows\system32\cache329\B_329_4_2_673900.swf

c:\windows\system32\cache329\B_329_4_2_683100.gif

c:\windows\system32\cache329\B_329_4_2_683100.htm

c:\windows\system32\cache329\B_329_4_3_629200.htm

c:\windows\system32\cache329\B_329_4_4_612300.htm

c:\windows\system32\cache329\B_513400.htm

c:\windows\system32\cache329\B_517800.htm

c:\windows\system32\cache329\B_524800.htm

c:\windows\system32\cache329\B_527100.htm

c:\windows\system32\cache329\B_528500.htm

c:\windows\system32\cache329\B_530800.htm

c:\windows\system32\cache329\B_551700.htm

c:\windows\system32\cache329\B_553500.htm

c:\windows\system32\cache329\B_555300.htm

c:\windows\system32\cache329\B_555600.htm

c:\windows\system32\cache329\B_584000.htm

c:\windows\system32\cache329\B_591300.htm

c:\windows\system32\cache329\B_595500.htm

c:\windows\system32\cache329\B_604700.htm

c:\windows\system32\cache329\B_618300.htm

c:\windows\system32\cache329\B_620000.htm

c:\windows\system32\cache329\B_625100.htm

c:\windows\system32\cache329\B_636500.htm

c:\windows\system32\cache329\B_637600.htm

c:\windows\system32\cache329\B_642100.htm

c:\windows\system32\cache329\B_652600.htm

c:\windows\system32\cache329\B_654000.htm

c:\windows\system32\cache329\t_B_329_4_1_512500.htm

c:\windows\system32\cache329\t_B_329_4_1_551200.htm

c:\windows\system32\cache329\t_B_329_4_1_557900.htm

c:\windows\system32\cache329\t_B_329_4_1_579200.htm

c:\windows\system32\cache329\t_B_329_4_1_581800.htm

c:\windows\system32\cache329\t_B_329_4_1_588200.htm

c:\windows\system32\cache329\t_B_329_4_2_504300.htm

c:\windows\system32\cache329\t_B_329_4_2_515500.htm

c:\windows\system32\cache329\t_B_329_4_2_533000.htm

c:\windows\system32\cache329\t_B_329_4_2_607000.htm

c:\windows\system32\cache329\t_B_329_4_2_617600.htm

c:\windows\system32\cache329\t_B_329_4_3_629200.htm

c:\windows\system32\cache329\t_B_329_4_4_612300.htm

c:\windows\system32\cache329\t_B_513400.htm

c:\windows\system32\cache329\t_B_517800.htm

c:\windows\system32\cache329\t_B_524800.htm

c:\windows\system32\cache329\t_B_527100.htm

c:\windows\system32\cache329\t_B_528500.htm

c:\windows\system32\cache329\t_B_530800.htm

c:\windows\system32\cache329\t_B_551700.htm

c:\windows\system32\cache329\t_B_553500.htm

c:\windows\system32\cache329\t_B_555300.htm

c:\windows\system32\cache329\t_B_555600.htm

c:\windows\system32\cache329\t_B_584000.htm

c:\windows\system32\cache329\t_B_591300.htm

c:\windows\system32\cache329\t_B_595500.htm

c:\windows\system32\cache329\t_B_604700.htm

c:\windows\system32\cache329\t_B_618300.htm

c:\windows\system32\cache329\t_B_620000.htm

c:\windows\system32\cache329\t_B_625100.htm

c:\windows\system32\cache329\t_B_636500.htm

c:\windows\system32\cache329\t_B_637600.htm

c:\windows\system32\cache329\t_B_642100.htm

c:\windows\system32\cache329\t_B_652600.htm

c:\windows\system32\cache329\t_B_654000.htm

c:\windows\system32\chknpgrd.dll

c:\windows\system32\ie.ico

c:\windows\system32\open.ico

c:\windows\system32\USRINI~1.EXE

c:\windows\Tasks\At1.job

c:\windows\Tasks\At12.job

D:\Autorun.inf

 <pre>
c:\hp\KBD\KBD .exe ---^> c:\hp\KBD\KBD.exe
c:\program files\QuickTime\QTTask .exe ---^> c:\program files\QuickTime\QTTask.exe
</pre>

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_6TO4

-------\Service_6to4

((((((((((((((((((((((((( Files Created from 2010-08-07 to 2010-09-07 )))))))))))))))))))))))))))))))

.

2010-09-05 23:51 . 2010-09-05 23:51 -------- d-----w- c:\documents and settings\Owner\DoctorWeb

2010-09-05 03:56 . 2010-09-05 04:09 0 ----a-w- c:\windows\Lzicoxuqu.bin

2010-09-05 03:56 . 2010-09-05 03:56 120 ----a-w- c:\windows\Mpevacanuveruqa.dat

2010-09-05 03:56 . 2010-09-05 03:56 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{A6F03262-4EBF-431E-B984-8A3388AF1690}

2010-09-05 03:56 . 2010-09-05 03:56 92672 --sha-r- c:\windows\system32\ipxpromnh.dll

2010-09-05 03:55 . 2010-09-05 06:31 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\jebygyvap

2010-09-05 03:55 . 2010-09-05 06:31 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\vqaygpipy

2010-09-05 03:53 . 2010-09-05 03:57 -------- d-----w- c:\documents and settings\Owner\Application Data\070578CF82D230F7E37909AA6321F476

2010-08-30 21:14 . 2010-08-30 21:14 -------- d-----w- c:\documents and settings\Owner\Application Data\AlderGames

2010-08-24 23:49 . 2002-08-29 12:00 838144 -c--a-w- c:\windows\system32\dllcache\chtbrkr.dll

2010-08-24 23:49 . 2002-08-29 12:00 838144 ----a-w- c:\windows\system32\chtbrkr.dll

2010-08-24 23:49 . 2002-08-29 12:00 1677824 -c--a-w- c:\windows\system32\dllcache\chsbrkr.dll

2010-08-24 23:49 . 2002-08-29 12:00 1677824 ----a-w- c:\windows\system32\chsbrkr.dll

2010-08-24 23:49 . 2002-08-29 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll

2010-08-24 23:49 . 2002-08-29 12:00 98304 ----a-w- c:\windows\system32\msir3jp.dll

2010-08-24 23:49 . 2002-08-29 12:00 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll

2010-08-24 23:49 . 2002-08-29 12:00 70656 ----a-w- c:\windows\system32\korwbrkr.dll

2010-08-24 23:49 . 2002-08-29 12:00 19456 -c--a-w- c:\windows\system32\dllcache\agt0404.dll

2010-08-24 23:49 . 2002-08-29 12:00 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll

2010-08-24 23:49 . 2002-08-29 12:00 19456 -c--a-w- c:\windows\system32\dllcache\agt0804.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-07 05:25 . 2010-04-10 21:57 -------- d-----w- c:\program files\QuickTime

2010-09-07 04:39 . 2010-09-06 21:48 112 ----a-w- c:\documents and settings\All Users\Application Data\S1JveT30D.dat

2010-09-07 00:23 . 2003-04-10 09:45 40840 ----a-w- c:\windows\system32\drivers\termdd.sys

2010-09-06 12:03 . 2004-01-21 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-09-05 04:48 . 2010-01-27 06:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-05 04:15 . 2008-11-02 06:17 -------- d-----w- c:\program files\Games

2010-09-03 23:20 . 2008-02-25 02:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype

2010-09-03 21:42 . 2008-02-25 02:38 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM

2010-09-03 21:40 . 2008-02-25 02:34 -------- d-----w- c:\program files\Common Files\Skype

2010-09-03 21:39 . 2008-02-25 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2010-08-29 07:35 . 2005-01-06 08:16 -------- d-----w- c:\documents and settings\Owner\Application Data\CoreFTP

2010-08-24 23:59 . 2003-11-04 09:38 30360 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-22 02:06 . 2009-08-13 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper

2010-08-08 05:57 . 2010-08-05 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy3_Russia

2010-08-04 02:11 . 2009-03-09 23:07 -------- d-----w- c:\program files\Plantasia

2010-07-17 04:11 . 2005-01-06 08:15 -------- d-----w- c:\program files\CoreFTP

2010-07-17 04:06 . 2008-09-24 22:44 -------- d-----w- c:\documents and settings\Owner\Application Data\FileZilla

2010-07-15 15:52 . 2009-08-09 21:23 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-15 15:50 . 2009-08-09 21:23 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-07-04 13:03 . 2010-07-04 13:03 2286080 ----a-w- c:\windows\system32\python27.dll

2008-12-11 23:20 . 2008-12-11 23:21 774144 ----a-w- c:\program files\RngInterstitial.dll

2008-05-30 23:00 . 2008-05-30 23:00 0 -c--a-w- c:\program files\temp01

2008-12-17 21:59 . 2010-01-18 01:49 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll

2008-12-17 21:59 . 2010-01-18 01:49 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll

2008-12-17 21:59 . 2010-01-18 01:49 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll

2008-12-17 21:59 . 2010-01-18 01:49 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll

2008-12-17 21:59 . 2010-01-18 01:49 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll

2003-04-10 10:51 . 2003-04-10 10:51 32 -csha-w- c:\windows\{DA550BF1-5AE0-4007-B9B0-C9FF520E8090}.dat

2003-04-10 10:51 . 2003-04-10 10:51 32 -csha-w- c:\windows\system32\{1BADA6CB-9766-4CB8-9EA3-38879756A4DF}.dat

.

<pre>
c:\program files\AVG\AVG9\avgtray .exe
c:\windows\ime\imjp8_1\IMJPMIG .exe
c:\windows\SMINST\RECGUARD .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVIEW"="nview.dll" [2003-03-03 831557]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [N/A]

"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-03-12 114688]

"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [N/A]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-03-03 4595712]

"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-04 50176]

"PS2"="c:\windows\system32\ps2.exe" [2002-08-01 81920]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [N/A]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\

mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

c:\documents and settings\Default User\Start Menu\Programs\Startup\

mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

c:\documents and settings\Owner\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-6-24 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-15 15:52 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]

2003-02-21 10:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk

backup=c:\windows\pss\Compaq Connections.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk

backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]

path=c:\documents and settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk

backup=c:\windows\pss\spamsubtract.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCNT]

2002-08-20 13:20 28672 ----a-w- c:\progra~1\AWS\WEATHE~1\bcnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cnrxwoeasm.tmp]

c:\docume~1\Owner\LOCALS~1\Temp\cnrxwoeasm.tmp [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eumjxcdx]

c:\documents and settings\Owner\Local Settings\Application Data\oybhrxdfq\cwjcksatssd.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2004-08-04 05:56 1667584 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]

c:\progra~1\NORTON~1\Cfgwiz.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2003-03-03 23:44 323584 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]

2003-03-18 08:50 331776 ----a-w- c:\windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]

2003-02-13 15:01 155648 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-01-11 20:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2010-01-18 12:47 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel]

c:\program files\WildTangent\Apps\GameChannel.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"omniserv"=2 (0x2)

"NVSvc"=2 (0x2)

"navapsvc"=3 (0x3)

"ccPwdSvc"=3 (0x3)

"ccEvtMgr"=3 (0x3)

"WUSB54Gv42SVC"=2 (0x2)

"Lavasoft Ad-Aware Service"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\AIM7\\aim.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/9/2009 5:23 PM 216400]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 11:52 AM 308136]

S2 mrtRate;mrtRate; [x]

S4 WUSB54Gv42SVC;WUSB54Gv42SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [5/17/2007 10:53 AM 53307]

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://srch-qus8.hpwis.com/

mStart Page = hxxp://qus8.hpwis.com/

mSearch Bar = hxxp://srch-qus8.hpwis.com/

uInternet Connection Wizard,ShellNext = hxxp://www.avg.com/platforms

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = http=127.0.0.1:6092

LSP: SpSubLSP.dll

Trusted Zone: cbox.ws\www

Trusted Zone: gleerpg.com

Trusted Zone: gleerpg.com\www

Trusted Zone: wajas.com\www

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\a7b2f4yt.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage -

FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\a7b2f4yt.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll

FF - HiddenExtension: XULRunner: {A6F03262-4EBF-431E-B984-8A3388AF1690} - c:\documents and settings\Owner\Local Settings\Application Data\{A6F03262-4EBF-431E-B984-8A3388AF1690}

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false.

- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-07 01:25

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(628)

c:\program files\Softex\OmniPass\opxpgina.dll

- - - - - - - > 'lsass.exe'(684)

c:\windows\system32\SpSubLSP.dll

- - - - - - - > 'explorer.exe'(2300)

c:\windows\system32\msi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\Softex\OmniPass\OPXPApp.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2010-09-07 01:41:17 - machine was rebooted

ComboFix-quarantined-files.txt 2010-09-07 05:41

Pre-Run: 5,752,668,160 bytes free

Post-Run: 5,707,485,184 bytes free

- - End Of File - - 15D5F9DD9D2B1C6D2776C8AD2FABDBA9

Link to post
Share on other sites

You will need to remove and reinstall AVG and QuickTime as they were compromised.

  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop

Collect::
c:\windows\Lzicoxuqu.bin
c:\windows\Mpevacanuveruqa.dat
c:\windows\system32\ipxpromnh.dll

Folder::
c:\documents and settings\Owner\Local Settings\Application Data\jebygyvap
c:\documents and settings\Owner\Local Settings\Application Data\vqaygpipy

DirLook::
c:\documents and settings\Owner\Local Settings\Application Data\{A6F03262-4EBF-431E-B984-8A3388AF1690}
c:\documents and settings\Owner\Application Data\070578CF82D230F7E37909AA6321F476
c:\program files\temp01

RenV::
c:\program files\AVG\AVG9\avgtray .exe
c:\windows\ime\imjp8_1\IMJPMIG .exe
c:\windows\SMINST\RECGUARD .exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=-
"Recguard"=-
"AVG9_TRAY"=-
"QuickTime Task"=-
[-HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCNT]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cnrxwoeasm.tmp]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eumjxcdx]

CFScriptB-4.gif

Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

  • Ensure you are connected to the internet and click OK on the message box.

If the file is not uploaded, Combofix will create a zipped file in the C:\Qoobox\Quarantine folder labeled in the form of [4]-Submit_Date_Time.zip. Please have this file uploaded to the following location:

http://www.bleepingcomputer.com/submit-malware.php?channel=4

Indicate a link to this address and let me know when ready.

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instructions below under Upgrading Java, to download and install the latest version.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure the following are checked
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

[*]Please post this log in your next reply.

Attention! Kaspersky Online Scanner 7.0 may fail to start if another anti-virus program is already installed and running on your computer. Please deactivate the anti-virus software installed on your computer prior to starting Kaspersky Online Scanner 7.0.

Upgrading Java :

  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 21 .
  • Click the JDK 6 Update 21 (JDK or JRE) "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation ( jre-6u21-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u21-windows-i586.exe and select "Run as an Administrator.")

Link to post
Share on other sites

The ComboFix successfully uploaded the file, so I didn't upload it through the url. If you need me to do that as well, then please let me know.

Here is the result of the Kaspersky scan:

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Tuesday, September 7, 2010

Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Tuesday, September 07, 2010 03:42:18

Records in database: 4201856

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

A:\

C:\

D:\

E:\

Scan statistics:

Objects scanned: 194473

Threats found: 6

Infected objects found: 13

Suspicious objects found: 2

Scan duration: 08:07:14

File name / Threat / Threats count

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGBP2b-Global.reg Infected: Trojan.WinREG.StartPage 1

C:\Documents and Settings\Owner\DoctorWeb\Quarantine\merxowsanc.tmp Infected: Trojan.Win32.Scar.crkt 1

C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{42B61E98-3EA4-4171-9489-6DE0F49472BA}\Microsoft\Outlook Express\Old Sent Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1

C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{42B61E98-3EA4-4171-9489-6DE0F49472BA}\Microsoft\Outlook Express\Old Stuff 2004.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1

C:\Documents and Settings\Owner\My Documents\Downloads\Alawar Games - Farm Frenzy 3 + Adnan_Boy 2008 + Fixed\Farm Frenzy 3.exe Infected: Trojan-Dropper.Win32.Agent.cvhy 1

C:\hp\region\EN_US-ie.reg Infected: Trojan.WinREG.StartPage 1

C:\Program Files\Farm Frenzy 3\FarmFrenzy3.exe Infected: Trojan-Dropper.Win32.Agent.cvhy 1

C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\V2to07H8.exe.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\hp\KBD\KBD.EXE.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\Program Files\QuickTime\QTTask.exe.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\PROGRA~1\AVG\AVG9\avgtray.exe.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\WINDOWS\Fonts\y3oP64C.com.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\WINDOWS\Ljezia.exe.vir Infected: Packed.Win32.Katusha.n 1

C:\Qoobox\Quarantine\C\WINDOWS\SMINST\RECGUARD.EXE.vir Infected: Trojan.Win32.Powp.gen 1

C:\Qoobox\Quarantine\C\WINDOWS\system\hpsysdrv.exe.vir Infected: Trojan.Win32.Powp.gen 1

Selected area has been scanned.

Link to post
Share on other sites

I would recommend you remove Farm Frenzy 3. These torrents are usually loaded with malware.

  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop

File::

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGBP2b-Global.reg

C:\Documents and Settings\Owner\DoctorWeb\Quarantine\merxowsanc.tmp

C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{42B61E98-3EA4-4171-9489-6DE0F49472BA}\Microsoft\Outlook Express\Old Sent Items.dbx

C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{42B61E98-3EA4-4171-9489-6DE0F49472BA}\Microsoft\Outlook Express\Old Stuff 2004.dbx

C:\hp\region\EN_US-ie.reg

Folder::

C:\Documents and Settings\Owner\My Documents\Downloads\Alawar Games - Farm Frenzy 3 + Adnan_Boy 2008 + Fixed

c:\documents and settings\Owner\Application Data\070578CF82D230F7E37909AA6321F476

CFScriptB-4.gif

Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

How is the computer doing?

Link to post
Share on other sites

It seems to be running okay and firefox is no longer redirecting search links. I haven't deleted AVG or Quicktime yet, since I was waiting until the end to do that. Though if you think I should go ahead and do that now, I will.

That reminds me of another question I had for you. I noticed that "Avira" was linked here, so I was wondering if you think I should download a fresh copy of AVG and reinstall it or switch to Avira?

Here's the result of the above scan:

ComboFix 10-09-07.01 - Owner 09/07/2010 20:40:13.3.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.759.567 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::

"c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGBP2b-Global.reg"

"c:\documents and settings\Owner\DoctorWeb\Quarantine\merxowsanc.tmp"

"c:\documents and settings\Owner\Local Settings\Application Data\Identities\{42B61E98-3EA4-4171-9489-6DE0F49472BA}\Microsoft\Outlook Express\Old Sent Items.dbx"

"c:\documents and settings\Owner\Local Settings\Application Data\Identities\{42B61E98-3EA4-4171-9489-6DE0F49472BA}\Microsoft\Outlook Express\Old Stuff 2004.dbx"

"c:\hp\region\EN_US-ie.reg"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGBP2b-Global.reg

c:\documents and settings\Owner\Application Data\070578CF82D230F7E37909AA6321F476

c:\documents and settings\Owner\Local Settings\Application Data\Identities\{42B61E98-3EA4-4171-9489-6DE0F49472BA}\Microsoft\Outlook Express\Old Sent Items.dbx

c:\documents and settings\Owner\Local Settings\Application Data\Identities\{42B61E98-3EA4-4171-9489-6DE0F49472BA}\Microsoft\Outlook Express\Old Stuff 2004.dbx

c:\documents and settings\Owner\My Documents\Downloads\Alawar Games - Farm Frenzy 3 + Adnan_Boy 2008 + Fixed

c:\documents and settings\Owner\My Documents\Downloads\Alawar Games - Farm Frenzy 3 + Adnan_Boy 2008 + Fixed\Farm Frenzy 3.exe

c:\documents and settings\Owner\My Documents\Downloads\Alawar Games - Farm Frenzy 3 + Adnan_Boy 2008 + Fixed\Feature.jpg

c:\documents and settings\Owner\My Documents\Downloads\Alawar Games - Farm Frenzy 3 + Adnan_Boy 2008 + Fixed\More Full Games.txt

c:\documents and settings\Owner\My Documents\Downloads\Alawar Games - Farm Frenzy 3 + Adnan_Boy 2008 + Fixed\Please Seed.txt

c:\documents and settings\Owner\My Documents\Downloads\Alawar Games - Farm Frenzy 3 + Adnan_Boy 2008 + Fixed\Torrent downloaded from Demonoid.com.txt

c:\hp\region\EN_US-ie.reg

.

((((((((((((((((((((((((( Files Created from 2010-08-08 to 2010-09-08 )))))))))))))))))))))))))))))))

.

2010-09-07 07:41 . 2010-09-07 07:41 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-503d48db-n\decora-sse.dll

2010-09-07 07:41 . 2010-09-07 07:41 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7d4330f3-n\msvcp71.dll

2010-09-07 07:41 . 2010-09-07 07:41 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7d4330f3-n\jmc.dll

2010-09-07 07:41 . 2010-09-07 07:41 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7d4330f3-n\msvcr71.dll

2010-09-07 07:41 . 2010-09-07 07:41 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-503d48db-n\decora-d3d.dll

2010-09-07 07:41 . 2010-09-07 07:40 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-05 23:51 . 2010-09-05 23:51 -------- d-----w- c:\documents and settings\Owner\DoctorWeb

2010-09-05 03:56 . 2010-09-05 03:56 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{A6F03262-4EBF-431E-B984-8A3388AF1690}

2010-08-30 21:14 . 2010-08-30 21:14 -------- d-----w- c:\documents and settings\Owner\Application Data\AlderGames

2010-08-24 23:49 . 2002-08-29 12:00 838144 -c--a-w- c:\windows\system32\dllcache\chtbrkr.dll

2010-08-24 23:49 . 2002-08-29 12:00 838144 ----a-w- c:\windows\system32\chtbrkr.dll

2010-08-24 23:49 . 2002-08-29 12:00 1677824 -c--a-w- c:\windows\system32\dllcache\chsbrkr.dll

2010-08-24 23:49 . 2002-08-29 12:00 1677824 ----a-w- c:\windows\system32\chsbrkr.dll

2010-08-24 23:49 . 2002-08-29 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll

2010-08-24 23:49 . 2002-08-29 12:00 98304 ----a-w- c:\windows\system32\msir3jp.dll

2010-08-24 23:49 . 2002-08-29 12:00 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll

2010-08-24 23:49 . 2002-08-29 12:00 70656 ----a-w- c:\windows\system32\korwbrkr.dll

2010-08-24 23:49 . 2002-08-29 12:00 19456 -c--a-w- c:\windows\system32\dllcache\agt0404.dll

2010-08-24 23:49 . 2002-08-29 12:00 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll

2010-08-24 23:49 . 2002-08-29 12:00 19456 -c--a-w- c:\windows\system32\dllcache\agt0804.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-07 07:41 . 2006-08-10 12:02 -------- d-----w- c:\program files\Common Files\Java

2010-09-07 05:25 . 2010-04-10 21:57 -------- d-----w- c:\program files\QuickTime

2010-09-07 04:39 . 2010-09-06 21:48 112 ----a-w- c:\documents and settings\All Users\Application Data\S1JveT30D.dat

2010-09-07 00:23 . 2003-04-10 09:45 40840 ----a-w- c:\windows\system32\drivers\termdd.sys

2010-09-06 12:03 . 2004-01-21 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-09-05 04:48 . 2010-01-27 06:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-05 04:15 . 2008-11-02 06:17 -------- d-----w- c:\program files\Games

2010-09-03 23:20 . 2008-02-25 02:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype

2010-09-03 21:42 . 2008-02-25 02:38 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM

2010-09-03 21:40 . 2008-02-25 02:34 -------- d-----w- c:\program files\Common Files\Skype

2010-09-03 21:39 . 2008-02-25 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2010-08-29 07:35 . 2005-01-06 08:16 -------- d-----w- c:\documents and settings\Owner\Application Data\CoreFTP

2010-08-24 23:59 . 2003-11-04 09:38 30360 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-22 02:06 . 2009-08-13 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper

2010-08-08 05:57 . 2010-08-05 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy3_Russia

2010-08-04 02:11 . 2009-03-09 23:07 -------- d-----w- c:\program files\Plantasia

2010-07-17 04:11 . 2005-01-06 08:15 -------- d-----w- c:\program files\CoreFTP

2010-07-17 04:06 . 2008-09-24 22:44 -------- d-----w- c:\documents and settings\Owner\Application Data\FileZilla

2010-07-15 15:52 . 2009-08-09 21:23 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-15 15:50 . 2009-08-09 21:23 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-07-04 13:03 . 2010-07-04 13:03 2286080 ----a-w- c:\windows\system32\python27.dll

2008-12-11 23:20 . 2008-12-11 23:21 774144 ----a-w- c:\program files\RngInterstitial.dll

2008-05-30 23:00 . 2008-05-30 23:00 0 -c--a-w- c:\program files\temp01

2008-12-17 21:59 . 2010-01-18 01:49 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll

2008-12-17 21:59 . 2010-01-18 01:49 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll

2008-12-17 21:59 . 2010-01-18 01:49 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll

2008-12-17 21:59 . 2010-01-18 01:49 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll

2008-12-17 21:59 . 2010-01-18 01:49 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll

2003-04-10 10:51 . 2003-04-10 10:51 32 -csha-w- c:\windows\{DA550BF1-5AE0-4007-B9B0-C9FF520E8090}.dat

2003-04-10 10:51 . 2003-04-10 10:51 32 -csha-w- c:\windows\system32\{1BADA6CB-9766-4CB8-9EA3-38879756A4DF}.dat

.

((((((((((((((((((((((((((((( SnapShot@2010-09-07_07.14.22 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-09-07 07:41 . 2010-09-07 07:41 16384 c:\windows\temp\Perflib_Perfdata_c54.dat

- 2010-01-27 09:14 . 2010-01-27 09:14 153376 c:\windows\system32\javaws.exe

+ 2010-09-07 07:41 . 2010-09-07 07:40 153376 c:\windows\system32\javaws.exe

+ 2010-09-07 07:41 . 2010-09-07 07:40 145184 c:\windows\system32\javaw.exe

- 2010-01-27 09:14 . 2010-01-27 09:14 145184 c:\windows\system32\javaw.exe

+ 2010-09-07 07:41 . 2010-09-07 07:40 145184 c:\windows\system32\java.exe

- 2010-01-27 09:14 . 2010-01-27 09:14 145184 c:\windows\system32\java.exe

+ 2010-09-07 07:41 . 2010-09-07 07:41 180224 c:\windows\Installer\25795.msi

+ 2010-09-07 07:40 . 2010-09-07 07:40 677376 c:\windows\Installer\2578f.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVIEW"="nview.dll" [2003-03-03 831557]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-03-12 114688]

"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-03-03 4595712]

"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-04 50176]

"PS2"="c:\windows\system32\ps2.exe" [2002-08-01 81920]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\

mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

c:\documents and settings\Default User\Start Menu\Programs\Startup\

mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

c:\documents and settings\Owner\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-6-24 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-15 15:52 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]

2003-02-21 10:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk

backup=c:\windows\pss\Compaq Connections.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk

backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2004-08-04 05:56 1667584 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2003-03-03 23:44 323584 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]

2003-03-18 08:50 331776 ----a-w- c:\windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]

2003-02-13 15:01 155648 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2010-01-18 12:47 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"omniserv"=2 (0x2)

"NVSvc"=2 (0x2)

"navapsvc"=3 (0x3)

"ccPwdSvc"=3 (0x3)

"ccEvtMgr"=3 (0x3)

"WUSB54Gv42SVC"=2 (0x2)

"Lavasoft Ad-Aware Service"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\AIM7\\aim.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/9/2009 5:23 PM 216400]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 11:52 AM 308136]

S2 mrtRate;mrtRate; [x]

S4 WUSB54Gv42SVC;WUSB54Gv42SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [5/17/2007 10:53 AM 53307]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://srch-qus8.hpwis.com/

mStart Page = hxxp://qus8.hpwis.com/

mSearch Bar = hxxp://srch-qus8.hpwis.com/

uInternet Connection Wizard,ShellNext = hxxp://www.avg.com/platforms

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = http=127.0.0.1:6092

LSP: SpSubLSP.dll

Trusted Zone: cbox.ws\www

Trusted Zone: gleerpg.com

Trusted Zone: gleerpg.com\www

Trusted Zone: wajas.com\www

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\a7b2f4yt.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage -

FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\a7b2f4yt.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

FF - HiddenExtension: XULRunner: {A6F03262-4EBF-431E-B984-8A3388AF1690} - c:\documents and settings\Owner\Local Settings\Application Data\{A6F03262-4EBF-431E-B984-8A3388AF1690}

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-07 20:54

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(624)

c:\program files\Softex\OmniPass\opxpgina.dll

- - - - - - - > 'lsass.exe'(680)

c:\windows\system32\SpSubLSP.dll

.

Completion time: 2010-09-07 21:00:12

ComboFix-quarantined-files.txt 2010-09-08 00:59

ComboFix2.txt 2010-09-07 07:22

ComboFix3.txt 2010-09-07 05:41

Pre-Run: 5,470,752,768 bytes free

Post-Run: 5,573,681,152 bytes free

- - End Of File - - 5729AE2F13215E36D4749F7CB1BF0398

Link to post
Share on other sites

Let me first congratulate you. You did a great job.

In regard to the Antivirus, I prefer AVAST. It wont slow down your computer and at the same time will provide you with real-time protection.

Lets do some housekeeping.

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)

1. Turn off System Restore.

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

Check Turn off System Restore.

Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

UN-Check *Turn off System Restore*.

Click Apply, and then click OK..

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

Follow these steps to uninstall Combofix.

  • Rename Combofix to Uninstall and click on it. That should remove the application.

Manually remove any tool left.

Create a Restore point:

  1. Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.
  2. In the System Restore dialog box, click Create a restore point, and then click Next.
  3. Type a description for your restore point, such as "After Cleanup", then click Create.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

  1. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  2. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  3. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  4. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  5. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  6. ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Miekiemoes.

Best wishes! wavey.gif

Link to post
Share on other sites

Done the above, as well as installed Avast.

Thank you so much. It's been a very long few days and I really appreciate your help. :blink:

Btw, I noticed something else that seems to be different now. In Task Manager, the "System" has been showing around 100,000K for forever and it is now showing 212K. From what I've read in the past, it is now where it is meant to be. I've never been able to figure out how to get it down from the 100,000K before, so whatever it was must have been cleaned while you were helping me with this.

Again, thank you for your help. :blink:

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.