Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde


  • This topic is locked This topic is locked
10 replies to this topic

#1 st4198

st4198

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 21 January 2008 - 11:04 AM

I thank you in advance for all of your help. I think i contracted VirtuMonde (according to Spybot S&D), and tried Symantec's VirtuMonde Removal tool. I get a "gebcd.exe" error on startup, and an error for "iuiwvjvu" The Symantec tool couldn't find VirtuMonde, but now I'm getting errors opening Excel, somehow tied in with Norton, and Norton files can't be found. Once again, I appreciate your help. I try to roll back to System Restore, and I don't seem to have any restore points, although I didn't delete them. I'd like to restore that functionality as well.

I try to start NIS 2007, and I get the error message that Windows cannot find "C:\Program Files\Common Files\Symantec Shared\ccApp.exe. Make sure you typed in the name correctly, etc." My log file is below:

_____________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:43 AM, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.villanova.edu/homepage/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.villanova.edu/homepage/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F3 - REG:win.ini: load=C:\WINDOWS\system32\gebcd.exe
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [44f391da] rundll32.exe "C:\WINDOWS\system32\iuiwvjvu.dll",b
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://rmamail.rmahq.org/iNotes6W.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1198719030687
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 11348 bytes

Edited by st4198, 21 January 2008 - 12:17 PM.


BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:06 PM

Posted 27 January 2008 - 04:41 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum.
My name is Richie and i'll be helping you to fix your problems.

Apologies for the late response,as i'm sure you can appreciate we are extremely busy.

If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.

If you have not followed the info in the link below prior to posting your log then please do so now:
Preparation Guide for use before posting a HijackThis Log:
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

If you still require help,please post a new Hijackthis log into this topic in your next reply.

Also post a detailed description of the issues you're experiencing.

*Note*
Post all reports/logs directly into this topic,not as attachments,thanks.
Posted Image
Posted Image

#3 st4198

st4198
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 27 January 2008 - 07:38 PM

Hi, here's a full list of the issues I notice.

a) when using IE, I get pop-ups and pop-unders for AdvancedCleaner, asking me to insall (malware?). Also, occasional popups reading "NOTICE: If your computer is infected, we could suffer data loss, erratic PC behavior, PC freezes and crashes. Detect and remove viruses before they activate themselves on your PC to prevent all of these problems. Do you want to install Bestseller Antivirus to scan your PC for malware now? (Recommended)." I just Cancel out of that one.
b- I can't access NIS 2007 or any part of it (NAV, Norton Firewall, etc.). It just won't open. "Windows can't find C:\Program Files\Common Files\Symantec Shared\ccApp.exe." Make sure you typed the name correctly, and then try again. To search for the file, click the Start button, and then click Search."
c) Office products (Excel, Word) are waiting for Windows to configure ccCommon, and it can't continue. After closing a handful of those popups, I can finally open Excel. Word freezes without opening.
d) Pop-under from http://scanner2.malwarescan.com
e) Propmt on startup: Can't find gebcd.exe. Need to OK out of that twice before Windows will load.

Ad_Aware, after updating to the most recent definitions file, found only found a handful of tracking cookies. I ran through it once more, and nothing was found.
Spybot scan: Virtumonde was detected in four registry entries. Per Spybot:
"Virtumonde copies itself to the system folder and creates a BHO. Virtumonde connects to malicious websites in background. It also adds a randomly named dll to the Winlogon Notify, which will make it very resistable to removal. Removal requires the computer to be disconnected from the internet and restarted after first scan and fixing session. If you need help with removal please contact Team Spybot S&D via forums or email."

I will try the steps as given in Spybot, run another scan, and the post a HiJack This log after completing the rest of the steps. Thanks for your reply.

#4 st4198

st4198
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 27 January 2008 - 08:59 PM

I tried running SpyBot several times while disconnected from the internet, but don't want to post to another forum to try to resolve that. VirtuMonde still shows up in Spybot, and won't go away, since I can't seem to get past its removal, as posted above. I hope you can help. Here is my newest HJT log (I've bolded the line items that seem strange to me):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:51:30 PM, on 1/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.villanova.edu/homepage/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.villanova.edu/homepage/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F3 - REG:win.ini: load=C:\WINDOWS\system32\gebcd.exe
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [44f391da] rundll32.exe "C:\WINDOWS\system32\uxojokec.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA5985] command /c del "C:\WINDOWS\system32\gebcd.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6083] cmd /c del "C:\WINDOWS\system32\gebcd.dll_tobedeleted"

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://rmamail.rmahq.org/iNotes6W.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1198719030687
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 11443 bytes

#5 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:06 PM

Posted 28 January 2008 - 08:23 AM

Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 4'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation jre-6u4-windows-i586-p.exe' [15.12 MB] and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java version.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.


If you have previously downloaded ComboFix,please delete that version now.
Warning
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an expert,NOT for private use.
Using this tool incorrectly could render your system/pc inoperable.

Now download Combofix by sUBs and save to your desktop.
Alternative Combofix download link HERE.
Note
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.
Note
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#6 st4198

st4198
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 28 January 2008 - 08:27 PM

Richie,

Thanks for your quick responses. I appreciate your help. Here is my ComboFix log from C:/ComboFix.txt

ComboFix 08-01-29.2 - HP_Administrator 2008-01-28 17:57:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.459 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\gebcd.dll
H:\Autorun.inf
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\#SharedObjects\9H78AYQ3\www.broadcaster.com
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\accessories\cup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\accessories\customer_cup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\accessories\heart.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\accessories\menu_down.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\accessories\menu_up.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\accessories\plates.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\accessories\ticket.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\accessories\tray.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\audio\sfx\sfx_bring_check_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\audio\sfx\sfx_diner.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\audio\sfx\sfx_food_ready_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\audio\sfx\sfx_gain_heart_1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\audio\sfx\sfx_pencil_write_2.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\audio\sfx\sfx_rollover_1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\audio\sfx\sfx_seat_people_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\backgrounds\choosedifficulty.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\backgrounds\credits.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\backgrounds\flo_lose.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\backgrounds\flo_win.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\backgrounds\help1.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\backgrounds\help2.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\backgrounds\highscores.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\backgrounds\levelintro.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\backgrounds\levelintro_mask.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\backgrounds\levelover.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\backgrounds\levelover_mask.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\backgrounds\popup.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\backgrounds\popup_mask.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\backgrounds\upgradegrid.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\backgrounds\upgradetitle.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\backgrounds\upsell.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\arrowleft_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\arrowleft_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\arrowright_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\arrowright_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\back_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\back_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\backchalk.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\backchalkup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\backtomenu_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\backtomenu_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\cancel.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\cancelup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\career.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\career_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\close.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\closeup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\continue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\continueover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\credits_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\credits_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\download_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\download_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\easy.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\easy_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\endlessshift.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\endlessshift_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\hard.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\hard_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\help.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\help_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\highscores.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\highscores_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\instructions_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\instructions_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\letsplay.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\letsplayover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\medium.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\medium_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\moreinfo.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\moreinfoup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\off.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\off_on.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\on.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\on_on.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\pause.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\pauseover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\quit.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\quitgame.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\quitgameover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\quitover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\resumegame.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\resumegameover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\submit.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\submitup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\tryagain.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\tryagainover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\upgrade_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\upgrade_up.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\viewglobal.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\viewglobalup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\viewhighscore.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\viewhighscoreon.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\viewlocal.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\buttons\viewlocalup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\comics\webcomic.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\config\career.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\config\customer.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\config\endless.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\config\global.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\config\powerups.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\cook\cook.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\cook\cook.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\cook\stove.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\cursor\arrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\cursor\click.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\cursor\click2.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\cursor\grab.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\cursor\open.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\customers\old_male\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\customers\old_male\blue\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\customers\old_male\blue\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\customers\old_male\blue\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\customers\old_male\green\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\customers\old_male\green\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\customers\old_male\green\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\customers\old_male\purple\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\customers\old_male\purple\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\customers\old_male\purple\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\customers\old_male\red\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\customers\old_male\red\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\customers\old_male\red\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\customers\old_male\yellow\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\customers\old_male\yellow\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\customers\old_male\yellow\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\customers\young_female\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\customers\young_female\blue\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\customers\young_female\blue\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\customers\young_female\blue\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\customers\young_female\green\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\customers\young_female\green\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\customers\young_female\green\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\customers\young_female\purple\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\customers\young_female\purple\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\customers\young_female\purple\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\customers\young_female\red\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\customers\young_female\red\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\customers\young_female\red\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\customers\young_female\yellow\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\customers\young_female\yellow\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\customers\young_female\yellow\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\flo\idle.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\flo\idle.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\flo\lower.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\flo\lower.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\flo\upper.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\flo\upper.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\fonts\arial.mvec
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\fonts\komikaaxis.mvec
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\furniture\chair.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\furniture\chair.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\furniture\dirt2top.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\furniture\dirt4top.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\furniture\dishcart.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\furniture\dishcart.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\furniture\drinkstation_off.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\furniture\drinkstation_on1.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\furniture\drinkstation_on2.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\furniture\ticketstation.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\furniture\ticketstation.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\hiscore\arrowdown.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\hiscore\arrowdownon.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\hiscore\arrowleft.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\hiscore\arrowlefton.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\hiscore\arrowright.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\hiscore\arrowrighton.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\hiscore\arrowup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\hiscore\arrowupon.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\hiscore\p1icon.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\hiscore\textedit.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\hiscore\title.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\layouts\endless_1_1.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\layouts\endless_1_1_a.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\layouts\endless_1_1_b.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\layouts\endless_1_1_c.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\layouts\endless_1_2.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\layouts\endless_1_2_a.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\layouts\endless_1_2_b.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\layouts\endless_1_2_c.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\layouts\endless_1_2_d.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\layouts\endless_1_3.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\layouts\endless_1_3_a.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\layouts\endless_1_3_b.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\layouts\endless_1_3_c.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\layouts\endless_1_3_d.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\layouts\fifth_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\layouts\first_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\layouts\fourth_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\layouts\second_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\playfirst_logo.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\restaurants\diner\background.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\restaurants\diner\food\food1.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\restaurants\diner\food\food1.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\restaurants\diner\food\food2.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\restaurants\diner\food\food2.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\restaurants\diner\food\food3.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\restaurants\diner\food\food3.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\restaurants\diner\frames\upgrade_0001.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\restaurants\diner\tables\2top.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\restaurants\diner\tables\2top.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\restaurants\diner\tables\4top.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\restaurants\diner\tables\4top.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\restaurants\diner\upgrades.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\restaurants\tableshadow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\scripts\choosedifficulty.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\scripts\chooseplayer.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\scripts\chooserestaurant.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\scripts\credits.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\scripts\game.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\scripts\gothighscore.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\scripts\help.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\scripts\help2.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\scripts\hiscore.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\scripts\hiscoreinfo.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\scripts\hiscoresubmit.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\scripts\levelintro.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\scripts\levelover.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\scripts\loading.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\scripts\mainloop.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\scripts\mainmenu.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\scripts\ok.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\scripts\pause.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\scripts\style.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\scripts\tutorialintro.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\scripts\upgrade.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\scripts\upsell.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\scripts\webcomic.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\scripts\yesno.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\splash\aol_logo.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\splash\gamelabsplash.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\splash\playfirst_logo.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\strings.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\angersmoke.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\angersmoke.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\chairflags.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\chairflags.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\check.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\checkmark.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\clock.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\closed.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\closingtime.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\coinflip.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\coinflip.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\dollar.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\doodles\coffee.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\doodles\tables.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\doodles\wallpaper.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\expert.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\expertscore.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\foodpoof.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\foodpoof.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\fork_timer.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\goalcompleted.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\heartgrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\heartgrow.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\jar.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\jar.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\level.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\level_career.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\score.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\sound.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\staroff.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\staron.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\tablenumber.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\tablenumberup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\traynumber.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\tutorial_character.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\tutorialarrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\tutorialbox.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\upgradeanim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\upgradeanim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\upgrades\drinks.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\upgrades\maitred.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\upgrades\oven.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\upgrades\select.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\upgrades\shoes.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\upgrades\stereo.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\assets\ui\upgrades\table.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87\dinerdash.exe
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\areabomb.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\beetlezap.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bonusrow.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bonustimer.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bucketfilled.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\clearpyramid.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1a.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1b.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1c.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2a.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2b.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2c.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\colorchain.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\dialogbox.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\drumbeat.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\fillrow.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\gateopen.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\helptip.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\powerup.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\rotateboardleft.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\timerup.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\warning.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\warning2.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\artifacts-bb.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\bar.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\chamber0.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\chamber1.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\circledoor.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\full_screen_dialog.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_large.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_small.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\help-bb_large.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\help-bb_small.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\hexfield.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\hidden-artifact_icon.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\large_dialog.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\local-hs-bb.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\small_dialog.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\textfield.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\trifield.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetletatoo.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\dirt.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\scarabpost.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\scarabpostovr.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\tritop.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\checkdown.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\checkup.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderknob.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderknobover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderrail.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\anwar\look\pl0001.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\bast\look\bl0001.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\kristine\look\kl0001.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\crackedstopper.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\cursor.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\doorlights.txt
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\fonts\jackarmstrong.mvec
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\fonts\lithos.mvec
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\greybomb.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\helptips\arrowkeys.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\helptips\helptip.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\levels\levels.dat
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\disk.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\equilateraltriangle.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\flattri.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\pyramid.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\quad.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\rotatingpyramid.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\scarabpanel.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\p1icon.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\page1-0.xml
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\page1-1.xml
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\panel1-0-1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\panel1-1-1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\scorecloud.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\setup.xml
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\areashockwave.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_starter.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_tail.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\flash.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\rubble.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\splash\aol_logo.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\splash\playfirst_logo.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue0\snake_dirty.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\arm01_dirty.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\mask01_1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\statue01_dirty.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\stopper.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\timer.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\timerglow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\timericon.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\tm.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\areabomb.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\areabombrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\blue.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\bluerollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\boardfill.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\bricktip.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared5.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared6.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\green.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\greenrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-blue.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-bluerollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-green.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-greenrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-red.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-redrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellowrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\red.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\redrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\wild.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\wildrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\yellow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\yellowrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image0.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image1.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image2.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image3.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\bluebucket.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\buckettriangle.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\chainlink.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\chaintip.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\genericbucket.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\greenbucket.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\redbucket.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallblue.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallgreen.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallred.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallyellow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\urnglow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\urnplatform.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\yellowbucket.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\warning.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\error.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\game.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\gameover.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscore.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscoreinfo.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscoresubmit.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\instructions.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\leveldesign.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\levelover.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainarcade.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainconfirm.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\maincontinue.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\maingames.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainpuzzle.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\maphelptip.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\options.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\pause.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\quitconfirm.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\start.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\storyplayer.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\style.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\upsell.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\strings.xml
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\TriJinx.exe
C:\WINDOWS\system32\cekojoxu.ini
C:\WINDOWS\system32\dcbeg.ini
C:\WINDOWS\system32\dcbeg.ini2
C:\WINDOWS\system32\dmfltmrk.dll
C:\WINDOWS\system32\esdmirsq.ini
C:\WINDOWS\system32\gebcd.dll
C:\WINDOWS\system32\hebjuwpk.dll
C:\WINDOWS\system32\lauhufwj.dll
C:\WINDOWS\system32\lsnugpgx.ini
C:\WINDOWS\system32\qqmflqfu.ini
C:\WINDOWS\system32\qtutv.ini
C:\WINDOWS\system32\qtutv.ini2
C:\WINDOWS\system32\ufqlfmqq.dll
C:\WINDOWS\system32\vtykjini.ini
H:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-29 )))))))))))))))))))))))))))))))
.

2008-01-28 17:51 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-22 17:30 . 2008-01-22 17:30 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\HorizonWimba
2008-01-21 14:05 . 2008-01-21 14:05 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-21 14:05 . 2008-01-21 14:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-21 12:47 . 2008-01-21 12:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-21 12:22 . 2008-01-21 15:18 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-21 12:21 . 2008-01-21 15:53 <DIR> d-------- C:\Documents and Settings\HP_Administrator\.housecall6.6
2008-01-21 12:20 . 2008-01-21 12:20 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-21 11:07 . 2008-01-21 11:08 1,953,799 --a------ C:\Program Files\stinger.exe
2008-01-21 07:49 . 2008-01-21 08:11 <DIR> d-------- C:\VundoFix Backups
2008-01-20 14:04 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-20 13:34 . 2008-01-20 14:40 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-20 13:34 . 2008-01-20 14:40 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-20 13:34 . 2008-01-20 14:40 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-20 13:33 . 2008-01-20 14:51 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-19 17:19 . 2008-01-19 17:19 39,424 --a------ C:\WINDOWS\system32\urqomlk.dll.vir
2008-01-19 07:06 . 2007-12-04 15:44 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-01-18 20:21 . 2008-01-18 20:21 21,504 --a------ C:\WINDOWS\jestertb.dll
2008-01-18 19:26 . 2008-01-18 19:26 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-01-17 20:38 . 2008-01-19 16:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-17 20:38 . 2008-01-17 20:38 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-17 20:37 . 2008-01-19 17:24 <DIR> d-------- C:\Program Files\iTunes
2008-01-17 20:37 . 2008-01-17 20:37 <DIR> d-------- C:\Program Files\iPod
2008-01-17 20:35 . 2008-01-19 17:24 <DIR> d-------- C:\Program Files\QuickTime
2008-01-14 19:27 . 2004-08-04 00:56 116,224 --a------ C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-01-14 19:27 . 2001-08-17 22:37 99,865 --a------ C:\WINDOWS\system32\dllcache\xlog.exe
2008-01-14 19:27 . 2001-08-17 22:37 27,648 --a------ C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-01-14 19:27 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-01-14 19:27 . 2001-08-17 22:36 17,408 --a------ C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-01-14 19:27 . 2001-08-17 12:11 16,970 --a------ C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-01-14 19:27 . 2001-08-17 22:37 4,608 --a------ C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-01-14 19:25 . 2001-08-17 13:28 604,253 --a------ C:\WINDOWS\system32\dllcache\vmodem.sys
2008-01-14 19:24 . 2001-08-17 13:28 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys
2008-01-14 19:23 . 2001-08-17 22:36 525,568 --a------ C:\WINDOWS\system32\dllcache\tridxp.dll
2008-01-14 19:22 . 2001-08-17 14:56 172,768 --a------ C:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-01-14 19:21 . 2001-08-17 12:18 285,760 --a------ C:\WINDOWS\system32\dllcache\stlnata.sys
2008-01-14 19:20 . 2001-08-17 14:56 147,200 --a------ C:\WINDOWS\system32\dllcache\smidispb.dll
2008-01-14 19:19 . 2004-08-03 22:41 404,990 --a------ C:\WINDOWS\system32\dllcache\slntamr.sys
2008-01-14 19:18 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll
2008-01-14 19:17 . 2004-08-04 00:56 397,056 --a------ C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-01-14 19:16 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-01-14 19:15 . 2001-08-17 14:04 173,696 --a------ C:\WINDOWS\system32\dllcache\philcam2.sys
2008-01-14 19:14 . 2004-08-04 00:56 259,328 --a------ C:\WINDOWS\system32\dllcache\perm3dd.dll
2008-01-14 19:13 . 2004-08-04 00:56 4,274,816 --a------ C:\WINDOWS\system32\dllcache\nv4_disp.dll
2008-01-14 19:12 . 2004-08-03 22:31 132,695 --a------ C:\WINDOWS\system32\dllcache\netwlan5.sys
2008-01-14 19:11 . 2004-08-04 00:56 1,737,856 --a------ C:\WINDOWS\system32\dllcache\mtxparhd.dll
2008-01-14 19:10 . 2001-08-17 12:50 320,384 --a------ C:\WINDOWS\system32\dllcache\mgaum.sys
2008-01-14 19:09 . 2001-08-17 13:28 802,683 --a------ C:\WINDOWS\system32\dllcache\ltsm.sys
2008-01-14 19:08 . 2004-08-04 00:56 152,576 --a------ C:\WINDOWS\system32\dllcache\irftp.exe
2008-01-14 19:08 . 2001-08-17 22:36 90,200 --a------ C:\WINDOWS\system32\dllcache\io8ports.dll
2008-01-14 19:08 . 2004-08-03 23:00 87,424 --a------ C:\WINDOWS\system32\dllcache\irda.sys
2008-01-14 19:08 . 2001-08-17 12:12 45,632 --a------ C:\WINDOWS\system32\dllcache\ip5515.sys
2008-01-14 19:08 . 2001-08-17 13:50 38,784 --a------ C:\WINDOWS\system32\dllcache\io8.sys
2008-01-14 19:08 . 2004-08-04 00:56 27,136 --a------ C:\WINDOWS\system32\dllcache\irmon.dll
2008-01-14 19:08 . 2001-08-17 13:49 26,624 --a------ C:\WINDOWS\system32\dllcache\irstusb.sys
2008-01-14 19:08 . 2001-08-17 13:49 23,552 --a------ C:\WINDOWS\system32\dllcache\irmk7.sys
2008-01-14 19:08 . 2001-08-17 13:51 18,688 --a------ C:\WINDOWS\system32\dllcache\irsir.sys
2008-01-14 19:08 . 2001-08-17 13:52 16,000 --a------ C:\WINDOWS\system32\dllcache\ini910u.sys
2008-01-14 19:08 . 2001-08-17 13:47 13,056 --a------ C:\WINDOWS\system32\dllcache\inport.sys
2008-01-14 19:06 . 2004-08-03 22:41 685,056 --a------ C:\WINDOWS\system32\dllcache\hsfcxts2.sys
2008-01-14 19:05 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\system32\dllcache\g400d.dll
2008-01-14 19:04 . 2001-08-17 13:28 594,238 --a------ C:\WINDOWS\system32\dllcache\es56hpi.sys
2008-01-14 19:03 . 2001-08-17 13:28 634,134 --a------ C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-01-14 19:02 . 2001-08-17 12:14 952,007 --a------ C:\WINDOWS\system32\dllcache\diwan.sys
2008-01-14 19:01 . 2004-08-04 00:56 249,856 --a------ C:\WINDOWS\system32\dllcache\ctmasetp.dll
2008-01-14 19:00 . 2001-08-17 12:13 980,034 --a------ C:\WINDOWS\system32\dllcache\cicap.sys
2008-01-14 18:59 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-01-14 18:58 . 2001-08-17 13:28 762,780 --a------ C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-01-14 18:57 . 2001-08-17 14:56 66,048 --a------ C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-01-12 07:52 . 2008-01-12 07:52 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Talkback
2008-01-10 17:19 . 2008-01-10 17:22 <DIR> d-------- C:\Program Files\PHStat2
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-08 20:13 . 2008-01-08 20:14 7,531,128 --a------ C:\Program Files\Windows Malicious Software Remover.exe
2008-01-04 20:12 . 2008-01-04 20:12 <DIR> d-------- C:\atxWeb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 22:51 --------- d-----w C:\Program Files\Java
2008-01-28 22:49 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-28 22:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-28 03:58 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\.purple
2008-01-28 02:05 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\gtk-2.0
2008-01-28 00:22 17 ----a-w C:\Program Files\stinger.opt
2008-01-27 23:04 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-25 23:23 --------- d-----w C:\Program Files\ATX2007
2008-01-25 23:23 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Azureus
2008-01-21 17:14 672 ----a-w C:\Program Files\Windows Malicious Software Remover.lnk
2008-01-21 16:23 --------- d-----w C:\Program Files\Autoruns
2008-01-21 14:16 --------- d-----w C:\Program Files\Norton Internet Security
2008-01-20 19:42 --------- d---a-w C:\Program Files\Common Files\LightScribe
2008-01-20 18:39 --------- d-----w C:\Program Files\ATX2006
2008-01-19 22:24 --------- d-----w C:\Program Files\DISC
2008-01-19 00:06 --------- d-----w C:\Program Files\Foxit Software
2008-01-14 02:23 --------- d-----w C:\Program Files\Common Files\Ahead
2008-01-12 15:21 --------- d-----w C:\Program Files\SpywareBlaster
2008-01-12 13:29 72,440 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-01-10 22:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-02 02:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-30 23:26 --------- d-----w C:\Program Files\Yahoo!
2007-12-27 01:17 --------- d-----w C:\Program Files\Microsoft Baseline Security Analyzer 2
2007-12-23 19:29 --------- d-----w C:\Program Files\Azureus
2007-12-22 13:59 --------- d-----w C:\Program Files\YouTube to Mp3 Converter
2007-12-22 13:55 --------- d-----w C:\Program Files\DVDVideoSoft
2007-12-22 13:55 --------- d-----w C:\Program Files\Common Files\DVDVIDEOSOFT
2007-12-20 14:53 --------- d-----w C:\Program Files\AviSynth 2.5
2007-12-20 14:52 --------- d-----w C:\Program Files\Red Kawa
2007-12-20 14:50 --------- d-----w C:\Program Files\DVD Decrypter
2007-12-15 20:36 --------- d-----w C:\Program Files\ZonedOut
2007-12-15 17:23 --------- d-----w C:\Program Files\MilePort
2007-12-15 13:45 50,688 ----a-w C:\Program Files\ATF-Cleaner.exe
2007-12-10 02:43 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\WinBatch
2007-12-07 15:48 --------- d-----w C:\Program Files\Common Files\ATX
2007-12-06 04:26 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-06 04:26 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-06 04:26 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-06 04:26 --------- d-----w C:\Program Files\Symantec
2007-12-01 04:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 04:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 04:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 04:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 04:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 04:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 04:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 04:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 04:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-29 01:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-25 14:16 1,831 ----a-w C:\lsass.vbs
2007-07-02 00:36 135,680 ----a-w C:\Program Files\MySpaceMp3Gopher.exe
2007-06-26 03:23 184,168,776 ----a-w C:\Program Files\Nero 7.8.5.0.exe
2007-06-25 18:55 2,012,824 ----a-w C:\Program Files\LightScribe.exe
2007-06-25 14:05 71,680 ----a-w C:\Program Files\Nero 7850 KeyGen.exe
2007-02-18 04:18 92,064 ----a-w C:\Documents and Settings\HP_Administrator\mqdmmdm.sys
2007-02-18 04:18 9,232 ----a-w C:\Documents and Settings\HP_Administrator\mqdmmdfl.sys
2007-02-18 04:18 79,328 ----a-w C:\Documents and Settings\HP_Administrator\mqdmserd.sys
2007-02-18 04:18 66,656 ----a-w C:\Documents and Settings\HP_Administrator\mqdmbus.sys
2007-02-18 04:18 6,208 ----a-w C:\Documents and Settings\HP_Administrator\mqdmcmnt.sys
2007-02-18 04:18 5,936 ----a-w C:\Documents and Settings\HP_Administrator\mqdmwhnt.sys
2007-02-18 04:18 4,048 ----a-w C:\Documents and Settings\HP_Administrator\mqdmcr.sys
2007-02-18 04:18 25,600 ----a-w C:\Documents and Settings\HP_Administrator\usbsermptxp.sys
2007-02-18 04:18 22,768 ----a-w C:\Documents and Settings\HP_Administrator\usbsermpt.sys
2003-01-03 03:32 7,168 ----a-w C:\Program Files\driveinfo22.exe
2001-09-10 01:49 1,327,616 ----a-w C:\Program Files\mini golf.exe
2000-11-15 13:21 178,688 ----a-w C:\Program Files\hjsplit.exe
1993-12-05 20:19 36,880 ----a-w C:\Program Files\ALWAYS.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 18:19 77312 C:\WINDOWS\arpwrmsg.exe]
"eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [ ]
"KBD"="C:\HP\KBD\KBD.EXE" [ ]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [ ]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [ ]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [ ]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [ ]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdateMgr.exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [ ]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [ ]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\gebcd

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
--a------ 2006-06-25 15:20 1073152 C:\Program Files\DISC\DISCover.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
--a------ 2005-06-02 01:35 49152 c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-10 00:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2006-07-01 18:15 16384 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-10 00:00 59392 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-10 00:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-10 00:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe

S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-02-27 13:31]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 18:03]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 00:39]
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 13:31]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a41d4082-cfbd-11da-b8ad-806d6172696f}]
\Shell\AutoRun\command - I:\HPUpdate.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba9bfa3e-53e6-11da-9f04-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-17 23:39:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-15 01:00:54 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - HP_Administrator.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2008-01-29 23:23:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-29 18:10:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
.
**************************************************************************
.
Completion time: 2008-01-29 18:24:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-29 23:24:11
.
2008-01-22 22:41:48 --- E O F ---




Here is a new HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:23:00 PM, on 1/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.villanova.edu/homepage/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.villanova.edu/homepage/index.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://rmamail.rmahq.org/iNotes6W.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1198719030687
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 11415 bytes

#7 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:06 PM

Posted 29 January 2008 - 04:47 AM

Find and delete:
C:\WINDOWS\system32\urqomlk.dll.vir

Copy and paste ALL the following text in the code box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.reg to your desktop.
Then double click on the fix.reg file on your desktopPosted Imageand agree to merge the information into the registry,then restart your pc.
REGEDIT4
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba9bfa3e-53e6-11da-9f04-806d6172696f}]

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1
Do not run it just yet.

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.
Do not run it just yet.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - AutorunsDisabled - (no file)

Exit Hijackthis.

Now double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.
Click 'Exit' on the Main menu to close the program.

Now Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image

#8 st4198

st4198
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 30 January 2008 - 12:46 AM

Thank you once again for your help. I'm no longer getting any Vundo popups, but when I start Excel, Windows tries to "configure ccCommon", and NIS doesn't show up on startup. Cancelling the "ccCommon" thing twice lets me start Excel. Otherwise, it runs fine so far. Starting NIS from the Start menu gives me the error: "Windows cannot find C:\Program Files\Common Files\Symantec Shared\ccApp.exe. Make sure you typed the name correctly...(etc.)"

I followed all the steps above:

SuperAntiSpyware Log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/30/2008 at 00:32 AM

Application Version : 3.9.1008

Core Rules Database Version : 3391
Trace Rules Database Version: 1383

Scan type : Complete Scan
Total Scan Time : 1280:29918:01

Memory items scanned : 436
Memory threats detected : 0
Registry items scanned : 8027
Registry threats detected : 4
File items scanned : 87708
File threats detected : 14

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{96E4BDA4-8D47-4EEA-BC8B-53DACED164E3}
HKCR\CLSID\{96E4BDA4-8D47-4EEA-BC8B-53DACED164E3}
HKCR\CLSID\{96E4BDA4-8D47-4EEA-BC8B-53DACED164E3}\InprocServer32
HKCR\CLSID\{96E4BDA4-8D47-4EEA-BC8B-53DACED164E3}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\VTUTQ.DLL

Adware.Vundo-Variant/Small-A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{106CF321-99A3-4E3A-9103-1BD027606A99}\RP386\A0109798.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{106CF321-99A3-4E3A-9103-1BD027606A99}\RP389\A0110352.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{106CF321-99A3-4E3A-9103-1BD027606A99}\RP389\A0110358.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{106CF321-99A3-4E3A-9103-1BD027606A99}\RP390\A0110419.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{106CF321-99A3-4E3A-9103-1BD027606A99}\RP391\A0110617.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{106CF321-99A3-4E3A-9103-1BD027606A99}\RP394\A0110650.DLL

Adware.Vundo-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{106CF321-99A3-4E3A-9103-1BD027606A99}\RP386\A0109799.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{106CF321-99A3-4E3A-9103-1BD027606A99}\RP394\A0110661.DLL

Trojan.Unclassifed/AffiliateBundle
C:\SYSTEM VOLUME INFORMATION\_RESTORE{106CF321-99A3-4E3A-9103-1BD027606A99}\RP386\A0109817.DLL

Trojan.Vundo/Variant-Installer/A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{106CF321-99A3-4E3A-9103-1BD027606A99}\RP386\A0109820.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{106CF321-99A3-4E3A-9103-1BD027606A99}\RP386\A0109822.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{106CF321-99A3-4E3A-9103-1BD027606A99}\RP386\A0109824.EXE

Trojan.Vundo/Variant-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{106CF321-99A3-4E3A-9103-1BD027606A99}\RP386\A0109825.EXE


HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:14 AM, on 1/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.villanova.edu/homepage/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.villanova.edu/homepage/index.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://rmamail.rmahq.org/iNotes6W.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1198719030687
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 12169 bytes



Plus, I have all of these anti-spyware/anti-malware programs installed. Which do I keep and which do I uninstall?
AdAware 2007
Spybot Search and Destroy
Spyware Blaster
Stinger
Super AntiSpyware (I like this one the best with this Vundo malware removal)
Windows Malicious Software Removal

I don't know if all do the same thing, or which are better than the others, but I don't want to keep what I don't need.

#9 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:06 PM

Posted 30 January 2008 - 06:53 AM

I'm no longer getting any Vundo popups, but when I start Excel, Windows tries to "configure ccCommon", and NIS doesn't show up on startup. Cancelling the "ccCommon" thing twice lets me start Excel. Otherwise, it runs fine so far. Starting NIS from the Start menu gives me the error: "Windows cannot find C:\Program Files\Common Files\Symantec Shared\ccApp.exe. Make sure you typed the name correctly...(etc.)"

Try uninstalling/reinstalling Norton Internet Security.

Plus, I have all of these anti-spyware/anti-malware programs installed. Which do I keep and which do I uninstall?
AdAware 2007
Spybot Search and Destroy
Spyware Blaster
Stinger
Super AntiSpyware (I like this one the best with this Vundo malware removal)
Windows Malicious Software Removal

I don't know if all do the same thing, or which are better than the others, but I don't want to keep what I don't need.

Keep them all installed,you'll then have good all round protection.

Your log is clean :thumbsup: ,please do the following:

Click on Start/Run,copy and paste ComboFix /u into the 'Open:' space,then press Ok.
This will uninstall Combofix,delete its related folders and files,reset your clock settings,hide file extensions,hide the system/hidden files and resets System Restore again.

Posted Image

You should take the time to read and follow the information found in the links below,to help you prevent any possible future infections and stay safe and secure while online:

Simple and easy ways to keep your computer safe and secure on the Internet:
http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

How to prevent Malware:
http://users.telenet.be/bluepatchy/miekiem...prevention.html

So how did I get infected in the first place:
http://forums.spybot.info/showthread.php?t=279

Malware Cleanup Programs and Preventative Procedures:
http://russelltexas.com/malware/allclear.htm

Hardening Windows Security - Part 1:
http://www.malwarehelp.org/Malware-Prevent...-Security1.html

Hardening Windows Security - Part 2:
http://www.malwarehelp.org/malware-prevent...-security2.html
Posted Image
Posted Image

#10 st4198

st4198
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 30 January 2008 - 07:32 AM

Many thanks! You'll find a small donation in your PayPal account. Not much, but it might be enough to buy breakfast. Thanks again!

Edited by st4198, 30 January 2008 - 07:35 AM.


#11 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:06 PM

Posted 30 January 2008 - 08:44 AM

You're most welcome :thumbsup:

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users