Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google search redirect me to other websites


  • This topic is locked This topic is locked
14 replies to this topic

#1 dialout

dialout

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 03 April 2009 - 02:58 PM

Hi, thanks in advance.

If i do a google search the results pop up as usual. However if I click on one of them i get redirected to a different completely unrelated site. I can go directly to a site by typing it in the navigation bar, so it seems that this particular bug is hijacking me after a search.

I tried to research it a little, and it looks like an old virus, because most of the related posts I find are several years old. All of them say it is difficult to remove, and well hidden.


so far today I :

1. updated and ran McCafee
2. ran trend micro scan
3. ran adaware full scan
4. ran fixwareout i found this idea while researching my problem
5. banged my head a bit
6. came here for help


the first scans found some minor problems, adaware said it detected a major threat, and deleted it...i hoped my problem was gone...but it wasn't.




DDS (Ver_09-03-16.01) - NTFSx86
Run by john at 15:43:56.32 on Fri 04/03/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============


============== Pseudo HJT Report ===============

uWindow Title = Microsoft Internet Explorer provided by Comcast
mWindow Title = Microsoft Internet Explorer provided by Comcast
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {002F4E27-B273-4FA5-ADFC-1FB9ED210B37} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Nick LaunchPad] "c:\program files\nick launchpad\Nick LaunchPad.exe" -r
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [Nero PhotoShow Media Manager] c:\progra~1\nero\photos~1\data\xtras\mssysmgr.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [A00F24A330A1.exe] c:\docume~1\john\locals~1\temp\_A00F24A330A1.exe
uRunOnce: [CheckNetworkConnection] "c:\program files\support.com\providercomcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=53653898-dce7-4c08-8dc3-315f88196128
mRun: [inetlog] c:\windows\microsoft.net\inetlog.exe
mRun: [tgcmd] c:\program files\support.com\bin\tgcmd.exe /server /startmonitor /deaf
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Spyware Slayer] c:\program files\spyware slayer\SpywareSlayer.Exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [masqform.exe] c:\program files\pureedge\viewer 6.0\masqform.exe -UpdateCurrentUser
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [Easy Dock]
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\docume~1\john\startm~1\programs\startup\mp3roc~1.lnk - c:\program files\mp3rocket\MP3Rocket_on_startup.exe
StartupFolder: c:\docume~1\john\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Hawaiian%20Explorer%20-%20Pearl%20Harbor/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=48835
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - hxxp://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} - hxxp://games.bigfishgames.com/en_nightshift-legacy-the-jaguars-eye/online/Nightshift2Web.1.0.0.9.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} - hxxp://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} - hxxp://download.games.yahoo.com/games/web_games/sony/bewitched/main.cab
DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - hxxp://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Abra%20Academy/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
Notify: bakps - c:\docume~1\john\locals~1\temp\spkab.dat
Notify: canti - c:\windows\config\canti.dll
Notify: ctask - c:\docume~1\john\locals~1\temp\ksatc.dat
Notify: igfxcui - igfxsrvc.dll
Notify: __c00CC424 - c:\windows\system32\__c00CC424.dat
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\john\applic~1\mozilla\firefox\profiles\952xdtvo.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - plugin: c:\documents and settings\john\application data\mozilla\firefox\profiles\952xdtvo.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npActiveGS.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMySrWB.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-04-03 14:26 388 a---h--- C:\aaw7boot.cmd
2009-04-03 11:06 <DIR> --d----- C:\fixwareout
2009-04-02 20:17 346 ---shr-- C:\autorun.inf
2009-04-02 20:16 <DIR> --d----- c:\program files\DVDTool
2009-04-02 16:05 <DIR> --d----- c:\docume~1\john\applic~1\DVD Flick
2009-04-02 16:01 40,960 a------- c:\windows\system32\ssubtmr6.dll
2009-04-02 16:01 36,864 a------- c:\windows\system32\trayicon_handler.ocx
2009-04-02 16:01 28,672 a------- c:\windows\system32\mousewheel.ocx
2009-04-02 16:01 <DIR> --d----- c:\program files\DVD Flick
2009-04-02 15:13 <DIR> --d----- c:\program files\uTorrent
2009-04-01 16:11 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-04-01 08:45 <DIR> --d----- c:\program files\common files\SupportSoft
2009-04-01 03:11 <DIR> --d----- c:\windows\system32\KB905474
2009-04-01 01:09 <DIR> --d----- c:\windows\system32\XPSViewer
2009-04-01 00:59 117,760 -------- c:\windows\system32\prntvpt.dll
2009-04-01 00:59 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-01 00:59 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-01 00:59 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-04-01 00:59 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-01 00:59 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-04-01 00:59 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-04-01 00:59 <DIR> --d----- C:\a894a290115f4558f0
2009-03-25 13:03 <DIR> --d----- c:\docume~1\john\applic~1\SerpentOfIsis
2009-03-25 12:58 <DIR> --d----- c:\program files\The Serpent of Isis
2009-03-24 21:19 <DIR> --d----- c:\docume~1\john\applic~1\Lost in the City
2009-03-24 21:17 <DIR> --d----- c:\program files\Lost in the City
2009-03-14 23:24 <DIR> --d----- c:\program files\Luxor - Quest for the Afterlife
2009-03-13 16:16 <DIR> --d----- c:\program files\Curse of the Pharaoh - Napoleon's Secret
2009-03-10 12:01 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-10 08:25 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-10 08:19 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}

==================== Find3M ====================

2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 07:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-01-16 22:35 3,594,752 -------- c:\windows\system32\dllcache\mshtml.dll
2008-07-28 16:34 374 ac------ c:\docume~1\john\applic~1\internaldb6334.dat
2008-07-25 09:11 18,432 ac------ c:\docume~1\john\applic~1\internaldb41.dat
2008-07-25 09:03 555 ac------ c:\docume~1\john\applic~1\internaldb8467.dat
2008-03-01 13:38 0 ac------ c:\program files\temp01
2006-04-07 23:07 774,144 ac------ c:\program files\RngInterstitial.dll
2005-08-15 17:10 9,516,504 ac------ c:\documents and settings\john\DesktopDoctor1.0.exe
2005-04-29 06:14 502,366 -c-sh--- c:\windows\inf\itnaten.bak1
2005-04-28 18:14 496,911 -c-sh--- c:\windows\inf\itnaten.bak2
2002-11-06 00:55 207,759 ac------ c:\program files\INSTALL.LOG
2006-01-17 21:40 472,703 ac-sh--- c:\windows\config\itnac.bak2
2006-02-16 18:45 199,885 -c-sh--- c:\windows\config\itnac.ini2
2006-01-11 15:51 486,442 ac-sh--- c:\windows\config\lituofni.bak1
2006-01-12 15:53 474,215 ac-sh--- c:\windows\config\lituofni.bak2
2005-12-30 12:02 597 ac-sh--- c:\windows\config\lituofni.ini2
2005-03-06 22:11 597 -c-sh--- c:\windows\fonts\tacgepj.ini2
2005-04-29 06:14 502,366 -c-sh--- c:\windows\inf\itnaten.bak1
2005-04-28 18:14 496,911 -c-sh--- c:\windows\inf\itnaten.bak2
2006-01-21 14:57 479,477 -c-sh--- c:\windows\java\classes\ksatc.bak1
2006-01-21 14:58 479,477 -c-sh--- c:\windows\java\classes\ksatc.bak2
2005-02-24 23:14 0 -c-sh--- c:\windows\registration\javadll.exe
2005-02-25 11:04 748,864 -c-sh--- c:\windows\registration\lldavaj.bak2
2006-01-18 23:08 472,497 ac-sh--- c:\windows\registration\sodbil.bak1
2006-01-19 18:46 477,338 ac-sh--- c:\windows\registration\sodbil.bak2
2006-01-16 21:40 472,625 ac-sh--- c:\windows\security\database\evawcod.bak2
2008-06-17 12:15 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008061720080618\index.dat
2006-01-13 15:53 474,787 ac-sh--- c:\windows\windows update setup files\sarnur.bak2

============= FINISH: 15:45:15.53 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:53 AM

Posted 11 April 2009 - 09:03 PM

Hello dialout,

Posted Image

Sorry about the delay.:thumbup2: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 dialout

dialout
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 12 April 2009 - 02:32 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:33:11 PM, on 4/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
F1 - win.ini: run= C:\WESTWOOD\REDALERT\INSTICON.EXE
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [inetlog] C:\WINDOWS\Microsoft.NET\inetlog.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Spyware Slayer] C:\Program Files\Spyware Slayer\SpywareSlayer.Exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nick LaunchPad] "C:\Program Files\Nick LaunchPad\Nick LaunchPad.exe" -r
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [A00F24A330A1.exe] C:\DOCUME~1\john\LOCALS~1\Temp\_A00F24A330A1.exe
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=53653898-dce7-4c08-8dc3-315f88196128
O4 - HKUS\S-1-5-21-1779672970-1582333133-359561344-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1779672970-1582333133-359561344-1006\..\Run: [Nick LaunchPad] "C:\Program Files\Nick LaunchPad\Nick LaunchPad.exe" -r (User '?')
O4 - HKUS\S-1-5-21-1779672970-1582333133-359561344-1006\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 (User '?')
O4 - HKUS\S-1-5-21-1779672970-1582333133-359561344-1006\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-1779672970-1582333133-359561344-1006\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe (User '?')
O4 - HKUS\S-1-5-21-1779672970-1582333133-359561344-1006\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" (User '?')
O4 - HKUS\S-1-5-21-1779672970-1582333133-359561344-1006\..\Run: [A00F24A330A1.exe] C:\DOCUME~1\john\LOCALS~1\Temp\_A00F24A330A1.exe (User '?')
O4 - HKUS\S-1-5-21-1779672970-1582333133-359561344-1006\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=53653898-dce7-4c08-8dc3-315f88196128 (User '?')
O4 - S-1-5-21-1779672970-1582333133-359561344-1006 Startup: MP3Rocket (silent).lnk = C:\Program Files\MP3Rocket\MP3Rocket_on_startup.exe (User '?')
O4 - S-1-5-21-1779672970-1582333133-359561344-1006 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User '?')
O4 - Startup: MP3Rocket (silent).lnk = C:\Program Files\MP3Rocket\MP3Rocket_on_startup.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Hawaiian%20Explorer%20-%20Pearl%20Harbor/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} (CPlayFirstNightshiftControl Object) - http://games.bigfishgames.com/en_nightshif...Web.1.0.0.9.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_...loadControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://download.games.yahoo.com/games/web_...itched/main.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Abra%20Academy/Images/armhelper.ocx
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...580/mcfscan.cab
O20 - Winlogon Notify: bakps - C:\DOCUME~1\john\LOCALS~1\Temp\spkab.dat (file missing)
O20 - Winlogon Notify: canti - C:\WINDOWS\Config\canti.dll (file missing)
O20 - Winlogon Notify: ctask - C:\DOCUME~1\john\LOCALS~1\Temp\ksatc.dat (file missing)
O20 - Winlogon Notify: __c00CC424 - C:\WINDOWS\system32\__c00CC424.dat (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12757 bytes

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:53 AM

Posted 12 April 2009 - 04:26 PM

Hello,

I do hope your head is feeling better now. :thumbup2:

Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.

Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 dialout

dialout
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 13 April 2009 - 09:04 AM

GooredFix v1.92 by jpshortstuff
Log created at 09:18 on 13/04/2009 running Option #1 (john)
Firefox version 3.0.8 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"








i downloaded MBAM and installed it 2x...and it doesn't seem to open...when I click on the icon, the hourglass pops up on my pointer for a split second, then nothing happens....

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:53 AM

Posted 13 April 2009 - 10:31 PM

Hello there,

Good news is you don't need GooredFix at all....you can delete it. :step1: In other news I'm betting you have a rootkit that isn't letting MBAM run. We'll get it though. :thumbup2:

I need for you to go offline completely and disable ALL your protective programs after you download ComboFix, but before you run it. Sometimes those programs interfere with it, and we don't want that! :step5: You may have to temporarily uninstall McAfee, as it can be particularly annoying about this. :)

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

If ComboFix can't run at first, then rename ComboFix.exe to fluffybunny.exe and try it again. Okay, so fluffybunny isn't so technical, but we have to make sure you don't accidentally name it something that looks like a virus name. :step4:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 dialout

dialout
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 15 April 2009 - 10:13 AM

i saw it deleted some things as it ran...and I just googled this site, and got to it first try...am I fixed? or just fluke...

here are the new logs


ComboFix 09-04-15.08 - john 04/15/2009 10:09.1 - NTFSx86
Running from: c:\documents and settings\john\Desktop\ComboFix.exe
.
ADS - WINDOWS: deleted 72 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\john\Favorites\Online Security Test.url
c:\documents and settings\john\Start Menu\Online Security Guide.url
c:\documents and settings\sheila1\Favorites\Online Security Test.url
c:\program files\INSTALL.LOG
c:\recycler\S-2-7-75-100017707-100008728-100020815-9751.com
C:\setup.exe
c:\windows\bobsaver.exe
c:\windows\bobsaver.scr
c:\windows\Config\itnac.bak2
c:\windows\Config\itnac.ini
c:\windows\Config\itnac.ini2
c:\windows\Config\lituofni.bak1
c:\windows\Config\lituofni.bak2
c:\windows\Config\lituofni.ini
c:\windows\Config\lituofni.ini2
c:\windows\Downloaded Program Files\DDTums.1.0.0.12
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\cup.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\customer_cup.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\heart.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\menu_down.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\menu_up.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\plates.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\ticket.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\tray.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_bring_check_1_snd.ogg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_diner.ogg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_food_ready_1_snd.ogg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_gain_heart_1.ogg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_pencil_write_2.ogg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_rollover_1.ogg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_seat_people_snd.ogg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\choosedifficulty.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\credits.jpg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\flo_lose.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\flo_win.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\help1.jpg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\help2.jpg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\highscores.jpg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\levelintro.jpg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\levelintro_mask.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\levelover.jpg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\levelover_mask.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\mainmenu.jpg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\popup.jpg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\popup_mask.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\upgradegrid.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\upgradetitle.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\upsell.jpg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\arrowleft_blue.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\arrowleft_yellow.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\arrowright_blue.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\arrowright_yellow.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\back_blue.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\back_yellow.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\backchalk.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\backchalkup.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\backtomenu_blue.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\backtomenu_yellow.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\cancel.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\cancelup.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\career.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\career_over.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\close.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\closeup.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\continue.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\continueover.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\credits_blue.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\credits_yellow.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\download_blue.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\download_yellow.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\easy.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\easy_over.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\endlessshift.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\endlessshift_over.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\hard.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\hard_over.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\help.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\help_over.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\highscores.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\highscores_over.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\instructions_blue.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\instructions_yellow.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\letsplay.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\letsplayover.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\medium.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\medium_over.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\moreinfo.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\moreinfoup.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\off.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\off_on.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\on.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\on_on.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\pause.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\pauseover.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\quit.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\quitgame.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\quitgameover.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\quitover.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\resumegame.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\resumegameover.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\submit.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\submitup.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\tryagain.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\tryagainover.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\upgrade_over.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\upgrade_up.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewglobal.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewglobalup.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewhighscore.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewhighscoreon.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewlocal.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewlocalup.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\comics\webcomic.jpg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\config\career.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\config\customer.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\config\endless.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\config\global.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\config\powerups.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cook\cook.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cook\cook.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cook\stove.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cursor\arrow.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cursor\click.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cursor\click2.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cursor\grab.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cursor\open.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\anim.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\blue\anim.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\blue\anim.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\blue\sit_legs.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\green\anim.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\green\anim.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\green\sit_legs.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\purple\anim.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\purple\anim.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\purple\sit_legs.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\red\anim.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\red\anim.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\red\sit_legs.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\yellow\anim.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\yellow\anim.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\yellow\sit_legs.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\anim.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\blue\anim.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\blue\anim.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\blue\sit_legs.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\green\anim.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\green\anim.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\green\sit_legs.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\purple\anim.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\purple\anim.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\purple\sit_legs.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\red\anim.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\red\anim.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\red\sit_legs.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\yellow\anim.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\yellow\anim.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\yellow\sit_legs.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\idle.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\idle.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\lower.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\lower.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\upper.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\upper.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\fonts\arial.mvec
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\fonts\komikaaxis.mvec
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\chair.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\chair.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\dirt2top.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\dirt4top.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\dishcart.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\dishcart.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\drinkstation_off.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\drinkstation_on1.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\drinkstation_on2.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\ticketstation.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\ticketstation.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowdown.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowdownon.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowleft.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowlefton.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowright.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowrighton.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowup.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowupon.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\p1icon.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\textedit.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\title.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_1.txt
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_1_a.txt
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_1_b.txt
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_1_c.txt
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_2.txt
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_2_a.txt
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_2_b.txt
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_2_c.txt
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_2_d.txt
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_3.txt
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_3_a.txt
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_3_b.txt
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_3_c.txt
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_3_d.txt
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\fifth_level_diner.txt
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\first_level_diner.txt
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\fourth_level_diner.txt
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\second_level_diner.txt
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\playfirst_logo.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\background.jpg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food1.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food1.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food2.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food2.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food3.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food3.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\frames\upgrade_0001.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\tables\2top.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\tables\2top.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\tables\4top.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\tables\4top.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\upgrades.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\tableshadow.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\choosedifficulty.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\chooseplayer.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\chooserestaurant.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\credits.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\game.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\gothighscore.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\help.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\help2.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\hiscore.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\hiscoreinfo.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\hiscoresubmit.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\levelintro.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\levelover.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\loading.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\mainloop.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\mainmenu.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\ok.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\pause.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\style.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\tutorialintro.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\upgrade.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\upsell.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\webcomic.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\yesno.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\splash\aol_logo.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\splash\gamelabsplash.jpg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\strings.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\angersmoke.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\angersmoke.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\chairflags.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\chairflags.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\check.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\checkmark.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\clock.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\closed.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\closingtime.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\coinflip.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\coinflip.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\dollar.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\doodles\coffee.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\doodles\tables.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\doodles\wallpaper.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\expert.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\expertscore.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\foodpoof.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\foodpoof.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\fork_timer.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\goalcompleted.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\heartgrow.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\heartgrow.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\jar.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\jar.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\level.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\level_career.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\score.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\sound.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\staroff.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\staron.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\tablenumber.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\tablenumberup.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\traynumber.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\tutorial_character.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\tutorialarrow.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\tutorialbox.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgradeanim.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgradeanim.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\drinks.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\maitred.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\oven.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\select.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\shoes.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\stereo.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\table.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\dinerdash.exe
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\cup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\customer_cup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\heart.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\menu_down.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\menu_up.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\plates.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\ticket.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\tray.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_bring_check_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_diner.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_food_ready_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_gain_heart_1.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_pencil_write_2.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_rollover_1.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_seat_people_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\choosedifficulty.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\credits.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\flo_lose.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\flo_win.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\help1.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\help2.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\highscores.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\levelintro.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\levelintro_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\levelover.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\levelover_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\mainmenu.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\popup.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\popup_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\upgradegrid.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\upgradetitle.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\upsell.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\arrowleft_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\arrowleft_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\arrowright_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\arrowright_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\back_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\back_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\backchalk.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\backchalkup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\backtomenu_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\backtomenu_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\cancel.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\cancelup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\career.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\career_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\close.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\closeup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\continue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\continueover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\credits_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\credits_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\download_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\download_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\easy.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\easy_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\endlessshift.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\endlessshift_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\hard.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\hard_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\help.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\help_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\highscores.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\highscores_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\instructions_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\instructions_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\letsplay.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\letsplayover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\medium.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\medium_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\moreinfo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\moreinfoup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\off.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\off_on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\on_on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\pause.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\pauseover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\quit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\quitgame.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\quitgameover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\quitover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\resumegame.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\resumegameover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\submit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\submitup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\tryagain.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\tryagainover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\upgrade_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\upgrade_up.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\viewglobal.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\viewglobalup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\viewhighscore.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\viewhighscoreon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\viewlocal.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\viewlocalup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\comics\webcomic.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\config\career.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\config\customer.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\config\endless.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\config\global.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\config\powerups.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\cook\cook.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\cook\cook.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\cook\stove.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\cursor\arrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\cursor\click.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\cursor\click2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\cursor\grab.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\cursor\open.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\blue\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\blue\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\blue\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\green\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\green\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\green\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\purple\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\purple\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\purple\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\red\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\red\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\red\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\yellow\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\yellow\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\yellow\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\blue\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\blue\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\blue\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\green\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\green\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\green\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\purple\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\purple\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\purple\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\red\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\red\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\red\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\yellow\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\yellow\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\yellow\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\flo\idle.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\flo\idle.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\flo\lower.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\flo\lower.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\flo\upper.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\flo\upper.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\fonts\arial.mvec
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\fonts\komikaaxis.mvec
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\chair.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\chair.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\dirt2top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\dirt4top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\dishcart.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\dishcart.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\drinkstation_off.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\drinkstation_on1.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\drinkstation_on2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\ticketstation.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\ticketstation.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowdown.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowdownon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowleft.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowlefton.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowright.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowrighton.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowupon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\p1icon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\textedit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\title.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_1.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_1_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_1_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_1_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_2.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_2_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_2_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_2_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_2_d.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_3.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_3_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_3_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_3_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_3_d.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\fifth_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\first_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\fourth_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\second_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\playfirst_logo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\background.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\food\food1.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\food\food1.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\food\food2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\food\food2.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\food\food3.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\food\food3.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\frames\upgrade_0001.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\tables\2top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\tables\2top.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\tables\4top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\tables\4top.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\upgrades.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\tableshadow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\choosedifficulty.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\chooseplayer.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\chooserestaurant.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\credits.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\game.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\gothighscore.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\help.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\help2.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\hiscore.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\hiscoreinfo.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\hiscoresubmit.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\levelintro.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\levelover.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\loading.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\mainloop.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\mainmenu.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\ok.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\pause.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\style.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\tutorialintro.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\upgrade.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\upsell.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\webcomic.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\yesno.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\splash\aol_logo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\splash\gamelabsplash.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\strings.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\angersmoke.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\angersmoke.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\chairflags.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\chairflags.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\check.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\checkmark.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\clock.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\closed.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\closingtime.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\coinflip.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\coinflip.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\dollar.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\doodles\coffee.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\doodles\tables.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\doodles\wallpaper.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\expert.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\expertscore.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\foodpoof.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\foodpoof.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\fork_timer.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\goalcompleted.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\heartgrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\heartgrow.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\jar.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\jar.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\level.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\level_career.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\score.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\sound.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\staroff.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\staron.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\tablenumber.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\tablenumberup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\traynumber.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\tutorial_character.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\tutorialarrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\tutorialbox.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgradeanim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgradeanim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\drinks.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\maitred.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\oven.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\select.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\shoes.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\stereo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\table.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\dinerdash.exe
c:\windows\Downloaded Program Files\egcomservice_pack.inf
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\areabomb.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\beetlezap.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\bonusrow.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\bonustimer.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\bucketfilled.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\clearpyramid.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle1a.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle1b.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle1c.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle2a.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle2b.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle2c.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\colorchain.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\dialogbox.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\drumbeat.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\fillrow.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\gateopen.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\helptip.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\powerup.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\rotateboardleft.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\timerup.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\warning.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\warning2.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\artifacts-bb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\bar.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\chamber0.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\chamber1.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\circledoor.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\full_screen_dialog.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\global-hs-bb_large.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\global-hs-bb_small.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\help-bb_large.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\help-bb_small.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\hexfield.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\hidden-artifact_icon.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\large_dialog.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\local-hs-bb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\mainmenu.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\small_dialog.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\textfield.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\trifield.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetlehover1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetlehover2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetlehover3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetlehover4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetleshock1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetleshock2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetleshock3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetleshock4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetletatoo.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\dirt.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\scarabpost.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\scarabpostovr.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\tritop.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowdown_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowdown_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowdown_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowleft_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowleft_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowleft_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowright_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowright_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowright_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowup_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowup_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowup_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowleft_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowleft_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowleft_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowright_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowright_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowright_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\checkdown.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\checkup.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\long_button_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\long_button_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\long_button_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\orange-button_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\orange-button_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\orange-button_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotleft_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotleft_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotleft_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotright_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotright_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotright_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\simplebutton_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\simplebutton_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\simplebutton_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\sliderknob.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\sliderknobover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\sliderrail.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\characters\anwar\look\pl0001.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\characters\bast\look\bl0001.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\characters\kristine\look\kl0001.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\crackedstopper.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\cursor.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\doorlights.txt
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\fonts\jackarmstrong.mvec
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\fonts\lithos.mvec
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\greybomb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\helptips\arrowkeys.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\helptips\helptip.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\levels\levels.dat
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\disk.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\equilateraltriangle.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\flattri.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\pyramid.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\quad.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\rotatingpyramid.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\scarabpanel.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\p1icon.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\scenes\page1-0.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\scenes\page1-1.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\scenes\panel1-0-1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\scenes\panel1-1-1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\scorecloud.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\setup.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\areashockwave.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_starter.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_tail.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\flash.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\rubble.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\smoke.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\smoke2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\smoke3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\statues\statue0\snake_dirty.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\statues\statue1\arm01_dirty.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\statues\statue1\mask01_1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\statues\statue1\statue01_dirty.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\stopper.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\timer.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\timerglow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\timericon.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\tm.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseblue1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseblue2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseblue3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousegreen1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousegreen2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousegreen3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousered1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousered2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousered3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseyellow1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseyellow2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseyellow3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\areabomb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\areabombrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\blue.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\bluerollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\boardfill.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\brick.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\brick1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\brick2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\brick3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\bricktip.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared5.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared6.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\eye1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\eye2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\eye3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\eye4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\green.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\greenrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-blue.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-bluerollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-green.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-greenrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-red.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-redrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-yellow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-yellowrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\red.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\redrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\wild.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\wildrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\yellow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\yellowrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\upsell\image0.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\upsell\image1.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\upsell\image2.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\upsell\image3.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\bluebucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\buckettriangle.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\chainlink.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\chaintip.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\genericbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\greenbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\redbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\smallblue.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\smallgreen.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\smallred.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\smallyellow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\urnglow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\urnplatform.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\yellowbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\warning.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\error.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\game.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\gameover.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\hiscore.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\hiscoreinfo.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\hiscoresubmit.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\instructions.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\leveldesign.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\levelover.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\mainarcade.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\mainconfirm.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\maincontinue.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\maingames.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\mainpuzzle.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\maphelptip.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\options.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\pause.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\quitconfirm.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\start.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\storyplayer.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\style.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\upsell.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\strings.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\TriJinx.exe
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\areabomb.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\beetlezap.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\bonusrow.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\bonustimer.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\bucketfilled.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\clearpyramid.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\cleartriangle1a.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\cleartriangle1b.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\cleartriangle1c.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\cleartriangle2a.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\cleartriangle2b.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\cleartriangle2c.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\colorchain.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\dialogbox.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\drumbeat.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\fillrow.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\gateopen.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\helptip.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\powerup.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\rotateboardleft.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\timerup.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\warning.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\warning2.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\artifacts-bb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\bar.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\chamber0.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\chamber1.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\circledoor.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\full_screen_dialog.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\global-hs-bb_large.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\global-hs-bb_small.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\help-bb_large.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\help-bb_small.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\hexfield.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\hidden-artifact_icon.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\large_dialog.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\local-hs-bb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\mainmenu.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\small_dialog.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\textfield.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\trifield.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetlehover1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetlehover2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetlehover3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetlehover4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetleshock1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetleshock2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetleshock3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetleshock4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetletatoo.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\dirt.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\scarabpost.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\scarabpostovr.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\tritop.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowdown_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowdown_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowdown_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowleft_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowleft_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowleft_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowright_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowright_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowright_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowup_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowup_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowup_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\bluearrowleft_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\bluearrowleft_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\bluearrowleft_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\bluearrowright_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\bluearrowright_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\bluearrowright_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\checkdown.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\checkup.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\long_button_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\long_button_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\long_button_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\orange-button_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\orange-button_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\orange-button_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\rotleft_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\rotleft_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\rotleft_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\rotright_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\rotright_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\rotright_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\simplebutton_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\simplebutton_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\simplebutton_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\sliderknob.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\sliderknobover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\sliderrail.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\characters\anwar\look\pl0001.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\characters\bast\look\bl0001.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\characters\kristine\look\kl0001.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\crackedstopper.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\cursor.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\doorlights.txt
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\fonts\jackarmstrong.mvec
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\fonts\lithos.mvec
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\greybomb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\helptips\arrowkeys.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\helptips\helptip.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\levels\levels.dat
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\models\disk.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\models\equilateraltriangle.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\models\flattri.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\models\pyramid.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\models\quad.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\models\rotatingpyramid.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\models\scarabpanel.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\p1icon.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\scenes\page1-0.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\scenes\page1-1.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\scenes\panel1-0-1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\scenes\panel1-1-1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\scorecloud.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\setup.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\areashockwave.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\bolt_1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\bolt_2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\bolt_3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\bolt_4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\bolt_starter.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\bolt_tail.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\flash.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\rubble.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\smoke.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\smoke2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\smoke3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\splash\aol_logo.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\statues\statue0\snake_dirty.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\statues\statue1\arm01_dirty.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\statues\statue1\mask01_1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\statues\statue1\statue01_dirty.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\stopper.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\timer.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\timerglow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\timericon.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\tm.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mouseblue1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mouseblue2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mouseblue3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mousegreen1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mousegreen2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mousegreen3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mousered1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mousered2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mousered3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mouseyellow1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mouseyellow2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mouseyellow3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\areabomb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\areabombrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\blue.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\bluerollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\boardfill.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\brick.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\brick1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\brick2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\brick3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\bricktip.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\clearanim\cleared1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\clearanim\cleared2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\clearanim\cleared3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\clearanim\cleared4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\clearanim\cleared5.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\clearanim\cleared6.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\eye1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\eye2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\eye3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\eye4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\green.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\greenrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-blue.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-bluerollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-green.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-greenrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-red.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-redrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-yellow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-yellowrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\red.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\redrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\wild.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\wildrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\yellow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\yellowrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\upsell\image0.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\upsell\image1.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\upsell\image2.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\upsell\image3.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\bluebucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\buckettriangle.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\chainlink.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\chaintip.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\genericbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\greenbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\redbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\smallblue.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\smallgreen.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\smallred.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\smallyellow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\urnglow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\urnplatform.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\yellowbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\warning.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\error.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\game.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\gameover.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\hiscore.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\hiscoreinfo.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\hiscoresubmit.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\instructions.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\leveldesign.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\levelover.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\mainarcade.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\mainconfirm.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\maincontinue.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\maingames.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\mainpuzzle.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\maphelptip.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\options.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\pause.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\quitconfirm.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\start.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\storyplayer.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\style.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\upsell.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\strings.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\TriJinx.exe
c:\windows\Fonts\tacgepj.ini2
c:\windows\Fonts\tacgepj.tmp
c:\windows\Help\SBSI\ksidsm.tmp2
c:\windows\IE4 Error Log.txt
c:\windows\INF\itnaten.bak1
c:\windows\INF\itnaten.bak2
c:\windows\INF\itnaten.ini
c:\windows\JAVA\CLASSES\ksatc.bak1
c:\windows\JAVA\CLASSES\ksatc.bak2
c:\windows\JAVA\CLASSES\ksatc.ini
c:\windows\JAVA\CLASSES\ksatc.tmp
c:\windows\patch.exe
c:\windows\rballd.ini
c:\windows\Readme.txt
c:\windows\Registration\lldavaj.bak2
c:\windows\Registration\lldavaj.ini
c:\windows\Registration\lldavaj.tmp
c:\windows\Registration\sodbil.bak1
c:\windows\Registration\sodbil.bak2
c:\windows\Registration\sodbil.ini
c:\windows\SECURITY\Database\evawcod.bak2
c:\windows\SECURITY\Database\evawcod.ini
c:\windows\system32\bnbnkz.exe
c:\windows\system32\dnzwdc.exe
c:\windows\system32\drivers\gaopdxcliietpiwgqsvodtpyqwyspqhtfobrrl.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxxoybrqogkvhpkcyhiafuuvwuwjtiojya.dll
c:\windows\system32\jspkbn.exe
c:\windows\system32\repggx.exe
c:\windows\system32\scxggb.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\UpMedia
c:\windows\system32\UpMedia\uninstallSE.exe
c:\windows\system32\yjxeqo.exe
c:\windows\Web\spkab.tmp
c:\windows\Web\spkab.tmp2
C:\xcrashdump.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-03-15 to 2009-04-15 )))))))))))))))))))))))))))))))
.

2009-04-13 13:52 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-13 13:52 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-13 13:52 . 2009-04-13 13:52 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-13 13:48 . 2009-04-13 13:47 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-10 21:52 . 2009-04-10 21:52 -------- d-----w c:\windows\McAfee.com
2009-04-02 20:34 . 2009-04-04 03:17 -------- d-----w c:\documents and settings\john\Application Data\ImgBurn
2009-04-02 20:05 . 2009-04-09 23:07 -------- d-----w c:\documents and settings\john\Application Data\DVD Flick
2009-04-02 20:01 . 2003-01-26 16:41 40960 ----a-w c:\windows\system32\ssubtmr6.dll
2009-04-02 20:01 . 2008-08-31 16:27 28672 ----a-w c:\windows\system32\mousewheel.ocx
2009-04-02 20:01 . 2007-08-31 21:36 36864 ----a-w c:\windows\system32\trayicon_handler.ocx
2009-04-01 20:11 . 2009-01-09 19:19 1089593 ------w c:\windows\system32\dllcache\ntprint.cat
2009-04-01 12:45 . 2009-04-01 12:45 -------- d-----w c:\documents and settings\john\Local Settings\Application Data\SupportSoft
2009-04-01 07:11 . 2009-04-01 07:11 -------- d-----w c:\windows\system32\KB905474
2009-04-01 07:11 . 2009-03-11 02:26 1403264 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-04-01 07:11 . 2009-03-11 02:18 453512 ----a-w c:\windows\system32\KB905474\wgasetup.exe
2009-04-01 07:11 . 2009-02-09 22:51 12490 ----a-w c:\windows\system32\KB905474\wga_eula.txt
2009-04-01 05:09 . 2009-04-01 05:09 -------- d-----w c:\windows\system32\XPSViewer
2009-04-01 04:59 . 2008-07-06 12:06 89088 ------w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-01 04:59 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-04-01 04:59 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-04-01 04:59 . 2008-07-06 12:06 575488 ------w c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-01 04:59 . 2008-07-06 10:50 597504 ------w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-01 04:59 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-04-01 04:59 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\dllcache\xpssvcs.dll
2009-04-01 04:59 . 2009-04-01 05:06 -------- d-----w C:\a894a290115f4558f0
2009-03-25 17:03 . 2009-03-25 17:03 -------- d-----w c:\documents and settings\john\Application Data\SerpentOfIsis
2009-03-25 01:19 . 2009-03-25 02:17 -------- d-----w c:\documents and settings\john\Application Data\Lost in the City

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 14:08 . 2009-03-10 16:16 6512 ----a-w C:\aaw7boot.log
2009-04-15 13:34 . 2008-06-23 20:21 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-04-13 17:00 . 2007-03-21 14:03 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-13 13:53 . 2009-04-13 13:52 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-13 13:47 . 2005-12-24 05:31 -------- d-----w c:\program files\Java
2009-04-13 13:40 . 2006-05-02 23:57 -------- d-----w c:\program files\MP3Rocket
2009-04-12 17:31 . 2009-02-17 15:06 -------- d-----w c:\documents and settings\john\Application Data\Move Networks
2009-04-10 16:40 . 2007-07-26 21:09 -------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-04-09 22:01 . 2009-04-09 22:01 -------- d-----w c:\program files\Poppit! To Go
2009-04-09 02:38 . 2008-08-27 22:36 -------- d-----w c:\documents and settings\john\Application Data\uTorrent
2009-04-03 00:16 . 2009-04-03 00:16 -------- d-----w c:\program files\DVDTool
2009-04-02 20:11 . 2009-04-02 20:10 -------- d-----w c:\program files\ImgBurn
2009-04-02 20:02 . 2009-04-02 20:01 -------- d-----w c:\program files\DVD Flick
2009-04-02 19:13 . 2009-04-02 19:13 -------- d-----w c:\program files\uTorrent
2009-04-01 12:46 . 2005-02-16 16:54 -------- d-----w c:\program files\support.com
2009-04-01 12:45 . 2005-02-16 16:54 1098 ----a-w C:\net_save.dna
2009-04-01 12:45 . 2009-04-01 12:45 -------- d-----w c:\program files\Common Files\SupportSoft
2009-04-01 11:47 . 2002-11-06 04:47 58696 -c--a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-01 05:08 . 2009-04-01 05:08 -------- d-----w c:\program files\MSBuild
2009-04-01 05:08 . 2009-04-01 05:08 -------- d-----w c:\program files\Reference Assemblies
2009-03-31 17:35 . 2008-04-09 19:59 -------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-03-31 17:20 . 2008-05-24 18:39 3020 ----a-w C:\devicetable.log
2009-03-25 17:01 . 2009-03-25 16:58 -------- d-----w c:\program files\The Serpent of Isis
2009-03-25 01:19 . 2009-03-25 01:17 -------- d-----w c:\program files\Lost in the City
2009-03-15 13:54 . 2007-04-01 17:20 -------- d-----w c:\program files\Oberon Media
2009-03-15 13:52 . 2007-03-19 20:39 -------- d-----w c:\documents and settings\All Users\Application Data\iWin Games
2009-03-15 03:26 . 2009-03-15 03:24 -------- d-----w c:\program files\Luxor - Quest for the Afterlife
2009-03-13 20:17 . 2009-03-13 20:16 -------- d-----w c:\program files\Curse of the Pharaoh - Napoleon's Secret
2009-03-10 13:55 . 2009-03-10 12:19 -------- dc-h--w c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-10 12:24 . 2009-03-10 16:01 15688 ----a-w c:\windows\SYSTEM32\lsdelete.exe
2009-03-10 12:24 . 2009-03-10 12:25 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-03-10 12:19 . 2004-10-07 02:50 -------- d-----w c:\program files\Lavasoft
2009-03-03 22:30 . 2009-03-03 22:30 -------- d-----w c:\documents and settings\john\Application Data\BrandX Games
2009-02-24 23:23 . 2008-12-30 16:23 4352 ----a-w C:\Player Loader_log.txt
2009-02-24 21:21 . 2006-05-02 23:58 -------- d-----w c:\documents and settings\john\Application Data\MP3Rocket
2009-02-24 21:20 . 2008-11-13 21:36 -------- d-----w c:\program files\MP3 Rocket
2009-02-24 16:35 . 2009-02-24 16:31 -------- d-----w c:\program files\Mystery Case Files - Huntsville
2009-02-20 18:58 . 2009-02-20 18:58 -------- d-----w c:\documents and settings\All Users\Application Data\SpecialBit
2009-02-20 18:57 . 2009-02-20 18:55 -------- d-----w c:\program files\Haunted Hotel II - Believe the Lies
2009-02-09 11:13 . 2008-10-14 20:09 1846784 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2009-02-09 11:13 . 2002-02-21 00:46 1846784 ----a-w c:\windows\SYSTEM32\win32k.sys
2009-01-17 02:35 . 2006-11-08 02:03 3594752 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-10-28 17:12 . 2008-10-28 17:12 9583328 ----a-w c:\documents and settings\sheila1\DesktopDoctor1.5.4.exe
2008-07-28 20:34 . 2008-07-25 13:03 374 -c--a-w c:\documents and settings\john\Application Data\internaldb6334.dat
2008-07-25 13:11 . 2008-07-25 13:03 18432 -c--a-w c:\documents and settings\john\Application Data\internaldb41.dat
2008-07-25 13:03 . 2008-07-25 13:03 555 -c--a-w c:\documents and settings\john\Application Data\internaldb8467.dat
2008-03-01 17:38 . 2008-03-01 17:38 0 -c--a-w c:\program files\temp01
2006-04-08 03:07 . 2006-04-08 03:08 774144 -c--a-w c:\program files\RngInterstitial.dll
2005-08-15 21:10 . 2005-08-15 21:09 9516504 -c--a-w c:\documents and settings\john\DesktopDoctor1.0.exe
2004-10-21 16:46 . 2004-10-21 16:46 127 -c--a-w c:\documents and settings\john\Local Settings\Application Data\fusioncache.dat
2004-05-31 15:09 . 2004-05-31 15:09 887 -c--a-w c:\documents and settings\sheila1\UpdateReg.reg
2002-11-06 04:47 . 2002-11-10 00:09 12328 -c--a-w c:\documents and settings\john\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2002-11-06 04:47 . 2002-11-08 17:51 12328 -c--a-w c:\documents and settings\sheila1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-15 202024]
"Nero PhotoShow Media Manager"="c:\progra~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe" [2008-02-12 353544]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"CheckNetworkConnection"="c:\program files\Support.com\providerComcast\desktopdoctor.exe" [2005-05-15 1286144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2007-03-07 1773568]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2003-12-27 77824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-13 148888]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-10 515416]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]

c:\documents and settings\john\Start Menu\Programs\Startup\
MP3Rocket (silent).lnk - c:\program files\MP3Rocket\MP3Rocket_on_startup.exe [2005-12-21 63095]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2002-11-6 45056]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"VIDC.JDCT"= jl_jdct.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\support.com\\bin\\tgcmd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\GameHouse\\Solitaire\\Solitaire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=

R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-10 951632]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-10 64160]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]


--- Other Services/Drivers In Memory ---

*Deregistered* - AFD
*Deregistered* - agp440
*Deregistered* - ALG
*Deregistered* - ASCTRM
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - Beep
*Deregistered* - BITS
*Deregistered* - Browser
*Deregistered* - CdaD10BA
*Deregistered* - Cdfs
*Deregistered* - cdudf_xp
*Deregistered* - cisvc
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - dvd_2K
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fax
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - i2omgmt
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - JavaQuickStarterService
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - Lbd
*Deregistered* - LmHosts
*Deregistered* - mnmdd
*Deregistered* - Mouclass
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - Pml Driver HPZ12
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - UdfReadr_xp
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - Viewpoint Manager Service
*Deregistered* - VolSnap
*Deregistered* - w32time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d58e1927-ce9c-11dd-b61b-00c0a88c16ab}]
\Shell\AutoRun\command - F:\rcaeasyrip_setup.exe
\Shell\install\command - F:\rcaeasyrip_setup.exe
\Shell\usermanualEnglish\command - F:\rcaeasyrip_setup.exe /pdf_English
\Shell\usermanualFrench\command - F:\rcaeasyrip_setup.exe /pdf_French
\Shell\usermanualSpanish\command - F:\rcaeasyrip_setup.exe /pdf_Spanish

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d58e192b-ce9c-11dd-b61b-00c0a88c16ab}]
\Shell\AutoRun\command - F:\rcaeasyrip_setup.exe
\Shell\install\command - F:\rcaeasyrip_setup.exe
\Shell\usermanualEnglish\command - F:\rcaeasyrip_setup.exe /pdf_English
\Shell\usermanualFrench\command - F:\rcaeasyrip_setup.exe /pdf_French
\Shell\usermanualSpanish\command - F:\rcaeasyrip_setup.exe /pdf_Spanish
.
Contents of the 'Scheduled Tasks' folder

2009-04-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 12:24]

2009-04-15 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-11-06 15:04]

2009-04-15 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-01 02:18]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-_{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
HKCU-Run-Nick LaunchPad - c:\program files\Nick LaunchPad\Nick LaunchPad.exe
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
HKLM-Run-inetlog - c:\windows\Microsoft.NET\inetlog.exe
HKLM-Run-Spyware Slayer - c:\program files\Spyware Slayer\SpywareSlayer.Exe
HKLM-Run-masqform.exe - c:\program files\PureEdge\Viewer 6.0\masqform.exe
HKLM-Run-Easy Dock - (no file)
Notify-bakps - c:\docume~1\john\LOCALS~1\Temp\spkab.dat
Notify-canti - c:\windows\Config\canti.dll
Notify-ctask - c:\docume~1\john\LOCALS~1\Temp\ksatc.dat
Notify-__c00CC424 - c:\windows\system32\__c00CC424.dat


.
------- Supplementary Scan -------
.
mWindow Title = Microsoft Internet Explorer provided by Comcast
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - hxxp://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} - hxxp://games.bigfishgames.com/en_nightshift-legacy-the-jaguars-eye/online/Nightshift2Web.1.0.0.9.cab
FF - ProfilePath - c:\documents and settings\john\Application Data\Mozilla\Firefox\Profiles\952xdtvo.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - plugin: c:\documents and settings\john\Application Data\Mozilla\Firefox\Profiles\952xdtvo.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npActiveGS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMySrWB.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 10:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2009-04-15 10:29
ComboFix-quarantined-files.txt 2009-04-15 14:27

Pre-Run: 23,766,925,312 bytes free
Post-Run: 25,492,307,968 bytes free

1432 --- E O F --- 2009-04-02 07:03





:thumbup2: :) :step4: :step1: :step5:







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:01 AM, on 4/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
F1 - win.ini: run= C:\WESTWOOD\REDALERT\INSTICON.EXE
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=53653898-dce7-4c08-8dc3-315f88196128
O4 - HKUS\S-1-5-21-1779672970-1582333133-359561344-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1779672970-1582333133-359561344-1006\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-1779672970-1582333133-359561344-1006\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe (User '?')
O4 - HKUS\S-1-5-21-1779672970-1582333133-359561344-1006\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=53653898-dce7-4c08-8dc3-315f88196128 (User '?')
O4 - S-1-5-21-1779672970-1582333133-359561344-1006 Startup: MP3Rocket (silent).lnk = C:\Program Files\MP3Rocket\MP3Rocket_on_startup.exe (User '?')
O4 - S-1-5-21-1779672970-1582333133-359561344-1006 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User '?')
O4 - Startup: MP3Rocket (silent).lnk = C:\Program Files\MP3Rocket\MP3Rocket_on_startup.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Hawaiian%20Explorer%20-%20Pearl%20Harbor/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} (CPlayFirstNightshiftControl Object) - http://games.bigfishgames.com/en_nightshif...Web.1.0.0.9.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_...loadControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://download.games.yahoo.com/games/web_...itched/main.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Abra%20Academy/Images/armhelper.ocx
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...580/mcfscan.cab
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9975 bytes

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:53 AM

Posted 15 April 2009 - 08:33 PM

Hi there,

I need for you to be honest with me, please. Did you buy those games legit or are they torrents? Not making judgments, but since ComboFix deleted them the info would be very helpful. :)

Great that you aren't redirected! :thumbup2: How is it running otherwise? Yes, there was some super nasty nasty garbage on your system. I'll go over the logs in more detail after I post this.

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 dialout

dialout
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 16 April 2009 - 10:04 AM

my wife buys games from big fish games.

I did have a question since you brought it up


why are the so many logs for dinner dash, it looks like there is a separate file for every detail of the game. And as the ComboFix was running I saw it deleted some of them but left others...

and trijinx...i dont recognize that at all. i have no idea what or where that came from.


are those the games you are asking about?


The computer in general is running good. I had to remove McAfee because it kept locking up the computer at restart. Not sure if I will reinstall it yet...I may look for something else.

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:53 AM

Posted 17 April 2009 - 06:40 AM

Hello,

Yes, the ones ComboFix deleted are what I was asking about. Of course there was a ton more there, bad stuff, and utorrent in the log, which is why I asked that particular question. ComboFix would not have deleted them if they were good. I'm actually a fan of Diner Dash myself and have run ComboFix multiple times on my own system and it's never touched my Diner Dash files. I've never seen trijinx either.....the Mrs. doesn't know what it is?

Try downloading and running MBAM again and post the report in your reply.

For an AntiVirus, I use Avira on my own system. I've used all 3 of the following and been happy with them, but Avira is my favorite. AVG, Avira OR Avast are good FREE antivirus.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 dialout

dialout
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 17 April 2009 - 07:49 AM

:thumbup2:
Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

4/17/2009 8:45:12 AM
mbam-log-2009-04-17 (08-45-12).txt

Scan type: Quick Scan
Objects scanned: 83006
Time elapsed: 6 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5ed7d3de-6dbe-4516-8712-01b1b64b7057} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DVDTool (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDTool (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\downloader.downloaderctrl.1 (Adware.2020search) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\john\Start Menu\Programs\DVDTool (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\DVDTool (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\john\Start Menu\Programs\DVDTool\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\DVDTool\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\sheila1\Desktop\Click To Find and Fix Errors.lnk (Rogue.Link) -> Quarantined and deleted successfully.





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:47:39 AM, on 4/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Utopia\Angel\Angel.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
F1 - win.ini: run= C:\WESTWOOD\REDALERT\INSTICON.EXE
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=53653898-dce7-4c08-8dc3-315f88196128
O4 - HKUS\S-1-5-21-1779672970-1582333133-359561344-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1779672970-1582333133-359561344-1006\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-1779672970-1582333133-359561344-1006\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe (User '?')
O4 - HKUS\S-1-5-21-1779672970-1582333133-359561344-1006\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=53653898-dce7-4c08-8dc3-315f88196128 (User '?')
O4 - S-1-5-21-1779672970-1582333133-359561344-1006 Startup: MP3Rocket (silent).lnk = C:\Program Files\MP3Rocket\MP3Rocket_on_startup.exe (User '?')
O4 - S-1-5-21-1779672970-1582333133-359561344-1006 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User '?')
O4 - Startup: MP3Rocket (silent).lnk = C:\Program Files\MP3Rocket\MP3Rocket_on_startup.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Hawaiian%20Explorer%20-%20Pearl%20Harbor/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} (CPlayFirstNightshiftControl Object) - http://games.bigfishgames.com/en_nightshif...Web.1.0.0.9.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_...loadControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://download.games.yahoo.com/games/web_...itched/main.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Abra%20Academy/Images/armhelper.ocx
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_...outLauncher.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...580/mcfscan.cab
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9963 bytes






i have AVG on my computer at work, and have heard of Avast...but not Avira..i will give it a try

before I put McAfee on here, I got by just running trend micro. But now that I dont use it much, as you can see...it needs a little more protection.

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:53 AM

Posted 17 April 2009 - 08:04 AM

Hello there,

Excellent! How is it running now please? :thumbup2:

Can you tell me if you or the Mrs. knowingly downloaded this DVDTools rogue MBAM deleted? Perhaps it got bundled with a game or something, if not......this happens more than folks realize.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Reboot your computer.

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 dialout

dialout
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 22 April 2009 - 03:21 PM

done...things are running smooth...in your opinion....anything else need to go.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:18:38 PM, on 4/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F1 - win.ini: run= C:\WESTWOOD\REDALERT\INSTICON.EXE
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=53653898-dce7-4c08-8dc3-315f88196128
O4 - HKUS\S-1-5-21-1779672970-1582333133-359561344-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1779672970-1582333133-359561344-1006\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-1779672970-1582333133-359561344-1006\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe (User '?')
O4 - HKUS\S-1-5-21-1779672970-1582333133-359561344-1006\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=53653898-dce7-4c08-8dc3-315f88196128 (User '?')
O4 - S-1-5-21-1779672970-1582333133-359561344-1006 Startup: MP3Rocket (silent).lnk = C:\Program Files\MP3Rocket\MP3Rocket_on_startup.exe (User '?')
O4 - S-1-5-21-1779672970-1582333133-359561344-1006 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User '?')
O4 - Startup: MP3Rocket (silent).lnk = C:\Program Files\MP3Rocket\MP3Rocket_on_startup.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Hawaiian%20Explorer%20-%20Pearl%20Harbor/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} (CPlayFirstNightshiftControl Object) - http://games.bigfishgames.com/en_nightshif...Web.1.0.0.9.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_...loadControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://download.games.yahoo.com/games/web_...itched/main.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Abra%20Academy/Images/armhelper.ocx
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_...outLauncher.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...580/mcfscan.cab
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9485 bytes

#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:53 AM

Posted 22 April 2009 - 03:49 PM

Hello,

Great to know. :thumbup2: Looks good here.......just please be careful of the games in the future. Some not very nice people out there, and some of them use the games to infect computers. :) I still don't see an AntiVirus program. :step4: You'll just get infected all over again.

Please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle bin and reboot your computer.

http://mvps.org/winhelp2002/unwanted.htm Please also read Tony Klein's excellent article: How I got Infected in the First Place

Take care,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:53 AM

Posted 08 May 2009 - 01:30 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users