Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My work program freezes and yahoo messenger


  • This topic is locked This topic is locked
22 replies to this topic

#1 Hotfootks

Hotfootks

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 30 September 2009 - 10:43 PM

I am having problems with my work program I use freezing up and not responding, and also yahoo messenger throughout the day. I do medical transcription on my computer, and when this happens I am not able to type into the program what the doctor has said. Any yahoo messenger IM windows I have open will also freeze on me and if someone has messaged me I am not able to respond to them. I am using Bitdefender Antivirus 2010, and when this happens I notice in task manager that the vsserv.exe is increasing in the memory usage, peak memory usage, and volume size. It gets very annoying when this happens, and at times the dictation will continue even though I do not have the foot pedal engaged.

Here is my Hijack This log from today:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:22:49 PM, on 9/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\1-Click Answers\answers.exe
C:\Program Files\Keyboard Express 3\keyexp.exe
C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
C:\Program Files\TimeLeft3\TimeLeft.exe
C:\PROGRA~1\1-CLIC~1\agtserv.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DocQscribe\DocQscribe.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\BitDefender\BitDefender 2010\uiscan.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn11\yt.dll
R3 - URLSearchHook: Answers.com Toolbar - {6341761b-babe-406d-b0d6-8d99b81c2ee5} - C:\Program Files\Answers.com\tbAnsw.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn11\yt.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Answers.com Toolbar - {6341761b-babe-406d-b0d6-8d99b81c2ee5} - C:\Program Files\Answers.com\tbAnsw.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn11\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn11\yt.dll
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
O4 - Startup: TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe
O4 - Global Startup: 1-Click Answers.lnk = C:\Program Files\1-Click Answers\answers.exe
O4 - Global Startup: Keyboard Express 3.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Answers... - file://C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://clubgames.pogo.com/online2/pogop/lu...mjolauncher.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://clubgames.pogo.com/online2/pogop/ma...mesLauncher.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} (CPlayFirstSandScriptControl Object) - http://clubgames.pogo.com/online2/pogop/sa...pt.1.0.0.21.cab
O16 - DPF: {D9E4E21E-60E0-11DA-91EB-00123F33E209} (DNInstallerOCX Class) - https://mq1webc2.speechmachines.org/Install...NInstaller2.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://clubgames.pogo.com/online2/pogop/as...aploader_v6.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9913 bytes


Thanks for any help you can give me,
Karen

BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 PM

Posted 18 October 2009 - 09:55 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 Hotfootks

Hotfootks
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 26 October 2009 - 09:37 AM

I am having problems with my work program I use freezing up and not responding, and also yahoo messenger throughout the day. I do medical transcription on my computer, and when this happens I am not able to type into the program what the doctor has said. Any yahoo messenger IM windows I have open will also freeze on me and if someone has messaged me I am not able to respond to them. I am using Bitdefender Antivirus 2010, and when this happens I notice in task manager that the vsserv.exe is increasing in the memory usage, peak memory usage, and volume size. It gets very annoying when this happens, and at times the dictation will continue even though I do not have the foot pedal engaged.

Here is my Hijack This log from today:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:56 AM, on 10/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\1-Click Answers\answers.exe
C:\Program Files\Keyboard Express 3\keyexp.exe
C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
C:\Program Files\TimeLeft3\TimeLeft.exe
C:\PROGRA~1\1-CLIC~1\agtserv.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn11\yt.dll
R3 - URLSearchHook: Answers.com Toolbar - {6341761b-babe-406d-b0d6-8d99b81c2ee5} - C:\Program Files\Answers.com\tbAnsw.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn11\yt.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Answers.com Toolbar - {6341761b-babe-406d-b0d6-8d99b81c2ee5} - C:\Program Files\Answers.com\tbAnsw.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn11\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn11\yt.dll
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
O4 - Startup: TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe
O4 - Global Startup: 1-Click Answers.lnk = C:\Program Files\1-Click Answers\answers.exe
O4 - Global Startup: Keyboard Express 3.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Answers... - file://C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://clubgames.pogo.com/online2/pogop/lu...mjolauncher.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://clubgames.pogo.com/online2/pogop/ma...mesLauncher.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} (CPlayFirstSandScriptControl Object) - http://clubgames.pogo.com/online2/pogop/sa...pt.1.0.0.21.cab
O16 - DPF: {D9E4E21E-60E0-11DA-91EB-00123F33E209} (DNInstallerOCX Class) - https://mq1webc2.speechmachines.org/Install...NInstaller2.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://clubgames.pogo.com/online2/pogop/as...aploader_v6.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9709 bytes


Any help you can give me will be appreciated


Enclosed is also a zip DDS file

Thanks, Karen

Attached Files


Edited by Hotfootks, 26 October 2009 - 10:18 AM.


#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:58 PM

Posted 27 October 2009 - 09:38 PM

Hello Hotfootks,

For the sake of continuity and to avoid confusion, I have merged your latest HiJack This topic to your previous existing topic which I reopened. Please keep all posts regarding this issue to this topic by using the Add Reply button at the bottom of the topic.

Back to you thcbytes,

Orange Blossom :(
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 PM

Posted 27 October 2009 - 10:46 PM

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,

I am Posted Image and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

==========

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.Posted Image
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
==========

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

==========

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

With your next post please provide:

* OTL.txt
* OTL Extra.txt
* Gmer log

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#6 Hotfootks

Hotfootks
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 28 October 2009 - 02:07 AM

I ran both scans and here are the results:

OTL.TxT is:

OTL logfile created on: 10/28/2009 12:11:49 AM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.49 Mb Total Physical Memory | 202.28 Mb Available Physical Memory | 42.19% Memory free
1.84 Gb Paging File | 1.31 Gb Available in Paging File | 70.79% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.33 Gb Total Space | 21.57 Gb Free Space | 56.27% Space Free | Partition Type: NTFS
Drive D: | 180.78 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-C8B20C955
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/10/28 00:10:29 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/10/15 10:16:30 | 00,320,424 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2009/09/28 12:48:48 | 01,595,016 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
PRC - [2009/09/28 12:48:44 | 01,086,232 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
PRC - [2009/09/28 12:48:20 | 01,114,536 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
PRC - [2009/09/24 21:06:06 | 05,145,912 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/08/31 16:52:47 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/08/27 01:18:44 | 00,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/08/17 18:24:18 | 02,013,880 | ---- | M] (NesterSoft Inc.) -- C:\Program Files\TimeLeft3\TimeLeft.exe
PRC - [2009/06/23 17:23:48 | 00,600,944 | ---- | M] () -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe
PRC - [2009/03/30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 00,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
PRC - [2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/02/03 09:15:18 | 00,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/09 16:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/06/12 11:31:34 | 00,806,912 | ---- | M] (Answers Corporation) -- C:\Program Files\1-Click Answers\answers.exe
PRC - [2008/06/12 11:30:40 | 00,020,480 | ---- | M] (Answers Corporation) -- C:\Program Files\1-Click Answers\agtserv.exe
PRC - [2008/06/05 18:06:32 | 00,125,208 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
PRC - [2008/04/13 20:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2008/04/13 20:12:37 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskmgr.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/16 02:01:02 | 00,464,240 | ---- | M] (3B Software, Inc.) -- C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
PRC - [2007/08/31 17:15:33 | 02,312,704 | ---- | M] (Insight Software Solutions) -- C:\Program Files\Keyboard Express 3\keyexp.exe
PRC - [2007/07/24 17:07:08 | 00,180,224 | ---- | M] (Netropa Corp.) -- C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
PRC - [2006/10/18 20:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
PRC - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe
PRC - [2005/04/27 14:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2003/01/10 18:13:04 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2002/08/07 00:36:16 | 00,110,592 | ---- | M] () -- C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
PRC - [2001/11/14 04:03:12 | 00,090,112 | ---- | M] (Netropa Corp.) -- C:\Program Files\Netropa\Onscreen Display\OSD.exe
PRC - [2001/08/17 18:36:54 | 00,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\System32\pctspk.exe
PRC - [2001/08/06 06:41:48 | 00,028,672 | ---- | M] () -- C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/10/15 10:16:30 | 00,320,424 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV [Auto | Running])
SRV - [2009/09/28 12:49:07 | 00,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3 [On_Demand | Stopped])
SRV - [2009/09/28 12:48:48 | 01,595,016 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV [Auto | Running])
SRV - [2009/08/31 16:52:47 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/07/13 20:28:18 | 00,323,584 | ---- | M] (S.C. BitDefender S.R.L) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan [On_Demand | Stopped])
SRV - [2009/06/23 17:23:48 | 00,600,944 | ---- | M] () -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe -- (ioloSystemService [Auto | Running])
SRV - [2009/06/23 17:23:48 | 00,600,944 | ---- | M] () -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe -- (ioloFileInfoList [Auto | Running])
SRV - [2009/04/26 14:29:24 | 00,090,352 | ---- | M] (PC Pitstop LLC) -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling [Disabled | Stopped])
SRV - [2009/03/30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc [Auto | Running])
SRV - [2008/11/09 16:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running])
SRV - [2005/04/27 14:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean [Auto | Running])
SRV - [2004/04/21 12:16:02 | 01,434,848 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS [On_Demand | Stopped])
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/01/10 18:13:04 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService [Auto | Running])
SRV - [2001/08/17 18:36:54 | 00,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\System32\pctspk.exe -- (Pctspk [Auto | Running])
SRV - [2001/08/06 06:41:48 | 00,028,672 | ---- | M] () -- C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe -- (nhksrv [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2009/10/09 09:54:00 | 00,152,328 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfm.sys -- (bdfm [On_Demand | Running])
DRV - [2009/09/28 12:49:25 | 00,014,720 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos [On_Demand | Running])
DRV - [2009/09/28 12:49:04 | 00,118,536 | ---- | M] (BitDefender LLC) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif [System | Running])
DRV - [2009/07/24 12:26:08 | 00,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr [Boot | Running])
DRV - [2009/05/07 04:22:06 | 00,039,808 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos [On_Demand | Running])
DRV - [2009/01/12 12:27:58 | 00,008,832 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys -- (BDSelfPr [On_Demand | Running])
DRV - [2008/09/22 11:41:04 | 00,043,520 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys -- (FET5X86V [On_Demand | Running])
DRV - [2008/04/13 14:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usb8023.sys -- (USB_RNDIS_XP [On_Demand | Stopped])
DRV - [2008/04/13 14:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usb8023.sys -- (USB_RNDIS [On_Demand | Stopped])
DRV - [2008/04/13 14:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2008/04/13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2007/07/23 14:23:45 | 00,076,560 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
DRV - [2007/06/27 14:42:00 | 00,207,488 | R--- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\drivers\vinyl97.sys -- (VIAudio [On_Demand | Running])
DRV - [2006/11/10 13:51:46 | 00,505,984 | ---- | M] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\DRIVERS\PFC027.SYS -- (PAC207 [On_Demand | Stopped])
DRV - [2005/02/23 14:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\System32\drivers\Afc.sys -- (Afc [On_Demand | Stopped])
DRV - [2004/11/22 20:36:39 | 00,018,003 | ---- | M] (Motive, Inc.) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5 [On_Demand | Stopped])
DRV - [2004/11/22 20:36:34 | 00,019,345 | ---- | M] (Motive, Inc.) -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5 [On_Demand | Stopped])
DRV - [2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2004/08/04 08:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Stopped])
DRV - [2004/03/02 14:02:30 | 00,167,040 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\DRIVERS\s3gnbm.sys -- (S3SavageNB [On_Demand | Stopped])
DRV - [2004/03/02 14:02:30 | 00,167,040 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\DRIVERS\s3gnbm.sys -- (S3Psddr [On_Demand | Running])
DRV - [2003/01/10 18:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])
DRV - [2001/12/20 09:02:12 | 00,006,656 | ---- | M] (Netropa Corporation) -- C:\WINDOWS\System32\DRIVERS\msikbd2k.sys -- (msikbd2k [System | Running])
DRV - [2001/08/17 10:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
DRV - [2001/08/17 09:28:16 | 00,397,502 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\DRIVERS\vpctcom.sys -- (Vpctcom [Boot | Running])
DRV - [2001/08/17 09:28:16 | 00,064,605 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\DRIVERS\vvoice.sys -- (Vvoice [Boot | Running])
DRV - [2001/08/17 09:28:14 | 00,604,253 | ---- | M] (PCTEL, INC.) -- C:\WINDOWS\system32\DRIVERS\vmodem.sys -- (Vmodem [Boot | Running])
DRV - [2001/08/17 09:28:14 | 00,112,574 | ---- | M] (PCTEL, INC.) -- C:\WINDOWS\System32\DRIVERS\ptserlp.sys -- (Ptserlp [On_Demand | Stopped])
DRV - [2001/08/17 08:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\DRIVERS\fetnd5.sys -- (FETNDIS [On_Demand | Stopped])

========== Modules (SafeList) ==========

MOD - [2009/10/28 00:10:29 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/06/12 11:31:04 | 00,053,248 | ---- | M] (Answers Corporation) -- C:\Program Files\1-Click Answers\agthook.dll
MOD - [2008/06/12 11:30:32 | 00,532,480 | ---- | M] (Answers Corporation) -- C:\Program Files\1-Click Answers\agtctrl.dll
MOD - [2008/06/12 11:30:28 | 00,028,672 | ---- | M] (Answers Corporation) -- C:\Program Files\1-Click Answers\agtthook.dll
MOD - [2008/06/12 11:30:26 | 00,032,768 | ---- | M] (Answers Corporation) -- C:\Program Files\1-Click Answers\agtproc.dll
MOD - [2008/06/12 11:30:22 | 00,040,960 | ---- | M] (Answers Corporation) -- C:\Program Files\1-Click Answers\agtpchnt.dll
MOD - [2008/06/12 11:30:14 | 00,028,672 | ---- | M] (Answers Corporation) -- C:\Program Files\1-Click Answers\agtcmpnt.dll
MOD - [2008/04/13 20:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2007/05/23 15:13:12 | 00,046,080 | ---- | M] (Insight Software Solutions) -- C:\Program Files\Keyboard Express 3\KEYHOOK.DLL
MOD - [2002/06/19 09:39:14 | 00,053,248 | ---- | M] (Netropa Corp.) -- C:\Program Files\Netropa\Multimedia Keyboard\nhkdll.dll

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\..\URLSearchHook: {6341761b-babe-406d-b0d6-8d99b81c2ee5} - C:\Program Files\Answers.com\tbAnsw.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn11\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\S-1-5-21-1275210071-1935655697-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/01 09:46:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/31 16:52:52 | 00,000,000 | ---D | M]


O1 HOSTS File: (23 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn11\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Answers.com Toolbar) - {6341761b-babe-406d-b0d6-8d99b81c2ee5} - C:\Program Files\Answers.com\tbAnsw.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn11\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn11\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\..\Toolbar\WebBrowser: (no name) - {7754C418-F62E-44AA-B169-E719E718BCFD} - No CLSID value found.
O3 - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\..\Toolbar\WebBrowser: (no name) - {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No CLSID value found.
O3 - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn11\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\1-Click Answers.lnk = C:\Program Files\1-Click Answers\answers.exe (Answers Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Keyboard Express 3.lnk = C:\Program Files\Keyboard Express 3\keyexp.exe (Insight Software Solutions)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Scheduler.lnk = C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe (3B Software, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe (NesterSoft Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - File not found
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2009/06/15 22:44:24 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Answers... - C:\Program Files\1-Click Answers\Html\atiemenu.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2009/06/15 22:44:24 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2009/06/15 22:44:24 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2009/06/15 22:44:24 | 00,000,000 | ---D | M]
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 52 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 52 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 52 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://clubgames.pogo.com/online2/pogop/lu...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} http://clubgames.pogo.com/online2/pogop/ma...mesLauncher.cab (SpinTop Games Launcher)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} http://clubgames.pogo.com/online2/pogop/sa...pt.1.0.0.21.cab (CPlayFirstSandScriptControl Object)
O16 - DPF: {D9E4E21E-60E0-11DA-91EB-00123F33E209} https://mq1webc2.speechmachines.org/Install...NInstaller2.cab (DNInstallerOCX Class)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://clubgames.pogo.com/online2/pogop/as...aploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/01 09:30:40 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/06/26 14:45:00 | 00,630,784 | R--- | M] (Electronic Arts Inc.) - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/06/26 14:45:00 | 00,630,784 | R--- | M] (Electronic Arts Inc.) - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/06/15 22:54:02 | 00,585,728 | R--- | M] (Electronic Arts Inc.) - D:\AutoRunGUI.dll -- [ CDFS ]
O32 - AutoRun File - [2007/06/26 14:46:06 | 00,000,144 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2007/06/26 14:45:00 | 00,630,784 | R--- | M] (Electronic Arts Inc.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/28 12:31:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2009/09/28 12:32:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\BitDefender
[2009/10/14 12:49:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PCHealth
[2009/09/28 12:29:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2009/10/03 01:06:50 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/10/09 13:35:19 | 00,000,000 | ---D | C] -- C:\Program Files\ThreatExpert Memory Scanner
[2009/10/28 00:18:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Bleeping Fixes
[2009/10/09 13:30:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Threat Expert

========== Files - Modified Within 30 Days ==========

[2009/10/27 23:47:57 | 00,000,245 | ---- | M] () -- C:\WINDOWS\Msiosd.ini
[2009/10/27 21:34:32 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F6EBE20D-169B-4346-AC23-46B71F249DC9}.job
[2009/10/27 09:37:58 | 00,001,832 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Scheduler.lnk
[2009/10/27 09:36:50 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/27 09:25:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/27 09:25:02 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/27 09:24:56 | 50,284,9536 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/26 11:10:46 | 00,002,402 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip
[2009/10/26 01:26:43 | 00,000,912 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/26 01:26:43 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/26 01:26:43 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/10/25 14:25:48 | 00,001,524 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DocQscribe.lnk
[2009/10/21 22:20:09 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/14 12:20:44 | 00,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/14 12:20:44 | 00,070,724 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/14 12:20:41 | 00,500,244 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/13 11:04:35 | 00,000,132 | ---- | M] () -- C:\WINDOWS\System32\rezumatenoi.dat
[2009/10/12 09:41:01 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/09 09:54:00 | 00,152,328 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfm.sys
[2009/10/02 14:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/09/28 13:55:44 | 00,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
[2009/09/28 12:49:22 | 00,105,736 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdhv.sys
[2009/09/28 12:32:09 | 00,001,869 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitDefender Antivirus 2010.lnk
[2009/09/28 12:21:08 | 00,416,005 | ---- | M] () -- C:\BdUninstallTool2009.09.28-12.05.50.reg
[2009/09/28 12:02:26 | 00,000,038 | ---- | M] () -- C:\BdUninstallTool2009.09.28-12.02.02.reg

========== Files - No Company Name ==========
[2009/10/26 11:10:46 | 00,002,402 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip
[2009/10/25 14:25:47 | 00,001,524 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DocQscribe.lnk
[2009/09/28 13:55:44 | 00,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
[2009/09/28 12:32:09 | 00,001,869 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitDefender Antivirus 2010.lnk
[2009/09/28 12:05:50 | 00,416,005 | ---- | C] () -- C:\BdUninstallTool2009.09.28-12.05.50.reg
[2009/09/28 12:02:03 | 00,000,038 | ---- | C] () -- C:\BdUninstallTool2009.09.28-12.02.02.reg
[2009/08/13 12:20:44 | 00,938,328 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2009/08/13 12:18:12 | 00,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2009/07/15 12:29:29 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2009/07/11 00:31:13 | 00,000,622 | ---- | C] () -- C:\WINDOWS\RegGenie.ini
[2009/07/02 00:31:53 | 04,313,846 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/07/01 18:01:27 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/05/10 13:45:18 | 00,223,232 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2009/05/10 13:45:17 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\SQLiteWrapper.dll
[2009/01/15 13:45:34 | 00,181,248 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2009/01/11 15:02:50 | 00,027,184 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
[2008/07/29 18:14:07 | 00,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2008/06/30 18:40:13 | 00,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.INI
[2008/03/07 20:48:43 | 00,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2007/12/24 01:59:20 | 00,000,032 | ---- | C] () -- C:\WINDOWS\tdlp32.ini
[2007/08/31 18:02:54 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2007/08/31 18:02:54 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2007/08/31 18:02:54 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2007/08/31 18:02:54 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2007/08/31 17:15:31 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\armaccess.dll
[2007/07/21 14:02:55 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/11 16:03:56 | 00,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007/06/25 12:53:06 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/06 15:36:52 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/06/06 15:35:39 | 00,000,058 | ---- | C] () -- C:\WINDOWS\EPSONSC88+.ini
[2007/04/10 18:01:18 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/31 12:32:27 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2007/03/31 12:32:27 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/02/20 01:26:25 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/01/31 14:50:32 | 00,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2006/06/18 17:09:12 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/06/05 09:38:41 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/06/02 16:09:55 | 00,000,051 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2006/06/02 16:09:42 | 00,000,066 | ---- | C] () -- C:\WINDOWS\EPSC66EF.ini
[2006/06/02 15:06:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/02 15:06:17 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2006/06/02 15:06:17 | 00,000,245 | ---- | C] () -- C:\WINDOWS\Msiosd.ini
[2006/06/01 09:35:50 | 00,027,768 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/06/01 09:35:17 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2006/06/01 05:19:12 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/04 08:00:00 | 00,000,912 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/08/08 09:44:34 | 00,000,223 | ---- | C] () -- C:\WINDOWS\System32\pspveccomm.ini
[2001/05/03 08:03:58 | 00,000,221 | ---- | C] () -- C:\WINDOWS\System32\smcelp32.ini
[1999/11/05 10:42:36 | 00,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspusbct.ini
[1999/10/08 14:58:24 | 00,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspusblb.ini
[1998/12/11 11:55:00 | 00,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspsbext.ini
[1998/08/10 14:04:00 | 00,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspfidrv.ini
[1998/08/10 14:04:00 | 00,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspaudrv.ini
[1998/08/10 14:03:00 | 00,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspapdrv.ini
[1998/08/10 14:03:00 | 00,000,221 | ---- | C] () -- C:\WINDOWS\System32\mcipspwa.ini
[1998/08/10 14:03:00 | 00,000,221 | ---- | C] () -- C:\WINDOWS\System32\mcipspct.ini
[1998/08/10 14:02:00 | 00,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspfbase.ini
[1998/08/10 14:02:00 | 00,000,220 | ---- | C] () -- C:\WINDOWS\System32\pspwave.ini
[1998/08/10 14:02:00 | 00,000,219 | ---- | C] () -- C:\WINDOWS\System32\pspdss.ini
[1998/08/10 14:02:00 | 00,000,219 | ---- | C] () -- C:\WINDOWS\System32\pspddi.ini
[1996/04/03 15:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009/10/08 14:59:06 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/09/05 01:06:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AENGXCKABH
[2008/08/12 00:43:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AJNGXCKABH
[2009/09/10 22:59:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AONGXCKABH
[2009/09/28 12:36:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2008/10/22 10:48:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CCNGXCKABH
[2009/08/23 15:27:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CGNGXCKABH
[2007/10/30 15:11:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DocQscribe
[2007/06/23 12:17:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DQRCWYUJYG
[2008/01/03 16:08:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA
[2007/01/30 20:39:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2008/09/27 14:46:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GBNGXCKABH
[2009/01/11 09:48:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GNNGXCKABH
[2008/02/12 17:18:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HFEAIMZYXG
[2007/07/24 18:38:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software
[2006/06/02 16:25:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
[2009/08/13 12:48:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/07/04 01:20:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2007/09/17 18:44:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KeyText
[2007/12/25 17:38:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LQEAIMZYXG
[2008/10/16 00:49:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCNGXCKABH
[2007/10/24 11:08:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2007/10/24 11:09:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MotiveSysIDs
[2008/08/01 14:42:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/10/02 10:50:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2007/03/31 12:32:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2007/10/01 23:22:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2007/09/05 10:17:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PYRCWYUJYG
[2007/08/31 18:02:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2006/11/20 11:08:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeechMachines
[2008/12/02 01:48:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SWMGXCKABH
[2009/10/21 11:34:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/03/06 01:39:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TPRCWYUJYG
[2007/07/22 14:46:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TURCWYUJYG
[2008/10/29 12:07:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TVMGXCKABH
[2008/08/26 01:30:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UONGXCKABH
[2007/02/19 18:47:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/05/24 13:03:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VVMGXCKABH
[2008/09/29 23:06:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2008/10/08 16:15:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/01/01 12:52:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WMNGXCKABH
[2009/01/16 11:33:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XGNGXCKABH
[2008/04/22 00:58:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XJEAIMZYXG
[2007/11/02 18:25:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZORCWYUJYG
[2006/06/01 05:19:12 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2009/06/13 12:26:58 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Guest\Application Data
[2009/08/13 12:21:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2009/09/25 08:42:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2009/08/05 22:24:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2009/09/28 12:06:45 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Owner\Application Data
[2006/06/01 19:28:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ahead
[2008/12/02 01:43:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AweSEM
[2009/09/28 12:32:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitDefender
[2007/06/05 16:11:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EA
[2007/05/17 18:48:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FloodLightGames
[2008/08/30 14:58:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2008/07/28 00:49:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Hulabee
[2009/09/17 21:47:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iolo
[2007/02/17 00:48:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWin
[2006/06/02 16:11:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2008/09/10 21:47:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2007/10/27 00:03:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Move Networks
[2007/10/07 09:12:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NesterSoft
[2009/01/15 21:19:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Pogo Games
[2007/08/31 18:02:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Simply Super Software
[2007/02/19 18:48:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2009/07/16 17:32:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search
[2009/10/12 09:41:01 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/10/21 22:20:09 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 08:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/27 09:25:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/27 21:34:32 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F6EBE20D-169B-4346-AC23-46B71F249DC9}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\drwatson.exe:SummaryInformation
@Alternate Data Stream - 192 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07348C09
@Alternate Data Stream - 180 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EFDF5FB
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1880ACB
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A6AFE3D
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8E29393
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B7E8561
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8DFFF5E
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:588B60C7
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EC637CB
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B1CE48A
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D0C22DC
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15F163AE
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F3421F5
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40751495
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05113FB9
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A73EAFFB
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72DE5382
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3447AB86
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:06029D5A
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1D123B2B
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D240B1B9
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1109A4B
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38C65A30
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F43628AB
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A88A1788
< End of report >


Extras.TxT:

OTL Extras logfile created on: 10/28/2009 12:11:49 AM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.49 Mb Total Physical Memory | 202.28 Mb Available Physical Memory | 42.19% Memory free
1.84 Gb Paging File | 1.31 Gb Available in Paging File | 70.79% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.33 Gb Total Space | 21.57 Gb Free Space | 56.27% Space Free | Partition Type: NTFS
Drive D: | 180.78 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-C8B20C955
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0208A7E3-0D30-11D4-A1FC-00508B9D1BA2}" = Smart Office Keyboard
"{066A1255-1299-4EBA-B9B3-FA7FB14F92E4}" = CIF USB Camera
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{244E21B9-164C-4EC1-AED8-9BD64161E66D}" = ArcSoft VideoImpression 2
"{25E81740-CA17-489E-A8B6-54319A1C4D41}}_is1" = Dell PC TuneUp
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{52EF718A-8220-4E60-009A-E9684E926F60}" = Lottso! Deluxe
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7029D123-6CF0-4414-A3B2-4B3B99B21E59}" = e-Sword
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110533803}" = Tri-Peaks Solitaire To Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111715607}" = The Poppit! Show
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113269180}" = Mahjong Garden Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116436960}" = Word Whomp( TM) Underground
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A706C466-E03D-4293-850B-067C785A4A3F}" = Philips Correction Components
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}" = WinZip 11.2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ECAEAA35-952F-42A7-B19E-01EDE80309D5}" = BitDefender Antivirus 2010
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3ECED46-91CC-4F44-9917-9A20085D5D26}" = Debugging Tools for Windows
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"1-Click Answers" = 1-Click Answers
"ADC4_is1" = Advanced Disk Cleaner 4.7
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Answers.com Toolbar" = Answers.com Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AolCoach" = AOL Coach Version 1.0(Build:20030807.3)
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"CCleaner" = CCleaner (remove only)
"CleanUp!" = CleanUp!
"DocQscribe" = DocQscribe
"EPSON Printer and Utilities" = EPSON Printer Software
"FreeMem Professional Version 5.2" = FreeMem Professional Version 5.2
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Keyboard Express 3" = Keyboard Express 3
"MahjSaf Buddy - Pogo Version_is1" = MahjSaf Buddy 1.2 - Pogo Version
"Malwarebytes' RogueRemover FREE_is1" = Malwarebytes' RogueRemover
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSNINST" = MSN
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Pitstop Driver Alert_is1" = PC Pitstop Driver Alert 1.0.0.13
"PC Pitstop Driver Alert2_is1" = PC Pitstop Driver Alert2 2.0.0.0
"Pdf995" = Pdf995
"PrintKey2000" = PrintKey2000
"RealPlayer 6.0" = RealPlayer
"Registry Repair Pro_is1" = Registry Repair Pro
"S3Display" = S3Display
"S3Gamma2" = S3Gamma2
"S3Info2" = S3Info2
"S3Overlay" = S3Overlay
"Smith Micro Fax Viewer" = Smith Micro Fax Viewer
"SpiderSol Buddy - Pogo Version_is1" = SpiderSol Buddy - Pogo Version 1.6
"Sun™ Download Manager 2.0" = Sun™ Download Manager 2.0
"T r o j a n R e m o v e r_is1" = Trojan Remover 6.6.1
"ThreatExpert Memory Scanner_is1" = ThreatExpert Memory Scanner 1.0
"TimeLeft_is1" = TimeLeft 3 Freeware edition
"TIMELEFT3_is1" = TimeLeft
"ViewpointMediaPlayer" = Viewpoint Media Player
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"WIC" = Windows Imaging Component
"Windows Clean-Up Pro" = Windows Clean-Up Pro
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1275210071-1935655697-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Attached Files

  • Attached File  gmer.log   174.6KB   2 downloads


#7 Hotfootks

Hotfootks
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 28 October 2009 - 02:09 AM

Forgot to say thanks so much for your help.

Karen

#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 PM

Posted 28 October 2009 - 09:36 PM

Hello,
Let's begin.....
Please take your time.

==========

RKill by Grinler

Link #1
Link #2
Link #3
Link #4

  • Download Link #1.
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
    If you are using Vista please right click and run as Admin!
  • A black screen with briefly flash indicating a successful run.
  • If this does not occur please delete that application and download Link #2.
  • Continue process until the tool runs.
  • If the tool does not run from any of the links tell me about it.
==========

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

==========

The following is referring to Registry Repair Pro.
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.

***Registry Repair Pro is notoriously heavy on the resources as an aside.***

==========

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O3 - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O3 - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\..\Toolbar\WebBrowser: (no name) - {7754C418-F62E-44AA-B169-E719E718BCFD} - No CLSID value found.
    O3 - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\..\Toolbar\WebBrowser: (no name) - {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No CLSID value found.
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Search - File not found
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18 - Protocol\Handler\ipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    
    :Files
    C:\WINDOWS\System32\rezumatenoi.dat
    C:\Program Files\viewpoint
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled"=-
    
    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
==========

Please download Malwarebytes Anti-Malware and save it to your desktop.

alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

==========

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
==========

Your hard disk displays errors - Let's fix that!

* Click Start > Run and type chkdsk /f and the click OK.
o Note the space between the k and the /

* Allow the scan to run and when completed, reboot the system.

==========

We need to create a batch file.

:( Warning :(
This file was written specifically for this user, for use on this particular machine.
Running this on another machine may cause irreparable damage to your operating system
  • Please copy the contents of the code box below
  • Open notepad and paste the contents of the code box there
  • On the top toolbar in notepad select file
  • Then save as
  • In the box that opens type in eventlog.bat for the file name
  • Right below that click the down arrow in the line for save as type and select all files
  • Save this to your desktop and close notepad
@echo off
sc query eventlog >log.txt
notepad log.txt
del eventlog.bat
EXIT
  • Locate the eventlog.bat icon on your desktop and double click it. A box will pop up briefly on your screen and disappear, this is normal
A log shall be created. Copy & paste the results for my review.

==========

Let's take a look at the eventlog service in the registry

First..........
  • Create a new folder on your Desktop by right-clicking and selecting New > Folder.
  • Name the folder SWRegfolder.
Next.............
  • Download SWReg by Bobbi Flekman
  • Save it to the SWRegfolder on your Desktop.
Finally.........
  • Launch Notepad, (Start > Run, type in: notepad)
  • Copy/paste all the text inside the code box below to Notepad:
@echo off
swreg query "HKLM\SYSTEM\CurrentControlSet\Services\Eventlog" /s >>log.txt
Notepad log.txt
  • In Notepad, go to File (upper menu bar), and select: Save as
  • Save in: SWRegfolder
  • File Name: SWReg.bat
  • Save as Type: All files
  • Click: Save
  • Exit out of Notepad.
Note: Both SWReg.exe and SWReg.bat must be in the same folder for this to work.
  • Locate SWReg.bat in the SWRegfolder and double-click on it.
  • When done, a log opens in Notepad.
  • Please post the contents of the log in your reply.
==========

The last thing I want you to do is.....

- Start
- Right click My Computer
- Manage
- Device Manager
- Do you see any exclamation point, question marks or red x?

==========

With your next post please provide:

* OTL fix log
* MBAM log
* ESET log
* Eventlog log
* SWReg log
* Any devices in device manager problematic?
* How is your computer running now?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 Hotfootks

Hotfootks
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 29 October 2009 - 06:33 PM

Hiya,
I did all the steps you asked me to do. There were no problematic devices showing in device manager. I am still getting the freezing of my work program and yahoo messenger unless I disable the real time protection for Bitdefender. Other than that things seem to be running better.

Here are the results of the scans:

OTL Fix:
All processes killed
========== OTL ==========
Process explorer.exe killed successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-1275210071-1935655697-1060284298-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_USERS\S-1-5-21-1275210071-1935655697-1060284298-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_USERS\S-1-5-21-1275210071-1935655697-1060284298-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7754C418-F62E-44AA-B169-E719E718BCFD} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7754C418-F62E-44AA-B169-E719E718BCFD}\ not found.
Registry value HKEY_USERS\S-1-5-21-1275210071-1935655697-1060284298-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-1275210071-1935655697-1060284298-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1275210071-1935655697-1060284298-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
========== FILES ==========
C:\WINDOWS\System32\rezumatenoi.dat moved successfully.
File\Folder C:\Program Files\viewpoint not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33237 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 113784 bytes

User: Owner
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_e34.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp\~DF89B3.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 357196 bytes
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\FBELDDDR\iframe[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\EMI75G18\client_ad[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\EMI75G18\today[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\DGQSKD9T\client_ad[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\118BSGOP\iframe[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\118BSGOP\iframe[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\118BSGOP\topic261436[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 28544097 bytes
->Java cache emptied: 10254632 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\fb_272.lck scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_158.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_e7c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 2975006 bytes
RecycleBin emptied: 3139962 bytes

Total Files Cleaned = 43.31 mb


OTL by OldTimer - Version 3.0.22.1 log created on 10292009_002423

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_e34.dat not found!
C:\Documents and Settings\Owner\Local Settings\Temp\~DF89B3.tmp moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\FBELDDDR\iframe[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\EMI75G18\client_ad[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\EMI75G18\today[2].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\DGQSKD9T\client_ad[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\118BSGOP\iframe[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\118BSGOP\iframe[2].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\118BSGOP\topic261436[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
File\Folder C:\WINDOWS\temp\fb_272.lck not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_158.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_e7c.dat moved successfully.

Registry entries deleted on Reboot...

MBAM:
Malwarebytes' Anti-Malware 1.41
Database version: 3051
Windows 5.1.2600 Service Pack 3

10/29/2009 1:10:47 AM
mbam-log-2009-10-29 (01-10-47).txt

Scan type: Quick Scan
Objects scanned: 106276
Time elapsed: 7 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Intelinet (Rogue.Intelinet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.

Thanks so very much for all your help.
Karen

Attached Files



#10 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 PM

Posted 29 October 2009 - 08:50 PM

Very well done :( ....

So your problems only occur while realtime protection with Bitdefender is running? Have you had this problem as long as you have had Bitdefender running?

=========

I see you have run Combofix unsupervised.....this is ill advised!!

:( This is a complex and powerful tool that should not be used except under the supervision and direction of a malware expert. It can and will render your computer unbootable permanently!! Also realize that in most circumstances a single run of Combofix is ineffective. Specialized scripts will be written specifically directing this program to clean-up based on your logs!! :)

I would like to see your most recent CF logs. You will find them @ C:\ComboFix.txt

==========

Please rerun MBAM.

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
    • Update Malwarebytes' Anti-Malware <--- Important!!
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

==========

We need to create an OTL Quick Scan
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here
==========

With your next post please provide:

* Answer to questions
* Combofix log
* MBAM log
* OTL log

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#11 Hotfootks

Hotfootks
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 29 October 2009 - 11:50 PM

:( Thanks! The problems started when I upgraded from Bitdefender Antivirus 2008 to 2009, and have continued with my upgrade to 2010. I contacted Bitdefender and explained what it was doing but never got anything that fixed the problem. According to them it should have been fixed when I changed to 2010, but it hasn't.

As for Combofix, the only log I could find was from 2007, and is as follows:

ComboFix 07-08-30.3 - "Owner" 2007-08-31 18:52:11.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.163 [GMT -4:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup.\autorun.exe
C:\DOCUME~1\Guest\STARTM~1\Programs\Startup\system.exe
C:\DOCUME~1\Owner\APPLIC~1\FunWebProducts
C:\DOCUME~1\Owner\STARTM~1\Programs\Startup\system.exe
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\PopSwatr\History\allowed
C:\Program Files\FunWebProducts\PopSwatr\History\notallow
C:\Program Files\FunWebProducts\screensaver\Images\005D4BF3.urr
C:\Program Files\FunWebProducts\shared\cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\shared\cache\cursormaniabtn.html
C:\Program Files\FunWebProducts\shared\cache\funbuddyiconbtn.html
C:\Program Files\FunWebProducts\shared\cache\MailStampBtn.html
C:\Program Files\FunWebProducts\shared\cache\myfuncardsimbtn.html
C:\Program Files\FunWebProducts\shared\cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\shared\cache\smileycentralbtn.html
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\f3bkgerr.jpg
C:\Program Files\MyWebSearch\bar\1.bin\f3brovly.dll
C:\Program Files\MyWebSearch\bar\1.bin\f3cjpeg.dll
C:\Program Files\MyWebSearch\bar\1.bin\f3dtactl.dll
C:\Program Files\MyWebSearch\bar\1.bin\f3histsw.dll
C:\Program Files\MyWebSearch\bar\1.bin\f3htmlmu.dll
C:\Program Files\MyWebSearch\bar\1.bin\f3httpct.dll
C:\Program Files\MyWebSearch\bar\1.bin\f3imstub.dll
C:\Program Files\MyWebSearch\bar\1.bin\f3popswt.dll
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\f3reprox.dll
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\f3scrctr.dll
C:\Program Files\MyWebSearch\bar\1.bin\f3shllvw.dll
C:\Program Files\MyWebSearch\bar\1.bin\f3spacer.wmv
C:\Program Files\MyWebSearch\bar\1.bin\f3wallpp.dat
C:\Program Files\MyWebSearch\bar\1.bin\f3wphook.dll
C:\Program Files\MyWebSearch\bar\1.bin\m3ffxtbr.jar
C:\Program Files\MyWebSearch\bar\1.bin\m3ffxtbr.manifest
C:\Program Files\MyWebSearch\bar\1.bin\m3html.dll
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\m3impipe.exe
C:\Program Files\MyWebSearch\bar\1.bin\m3msg.dll
C:\Program Files\MyWebSearch\bar\1.bin\m3ntstbr.jar
C:\Program Files\MyWebSearch\bar\1.bin\m3ntstbr.manifest
C:\Program Files\MyWebSearch\bar\1.bin\m3outlcn.dll
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\m3skin.dll
C:\Program Files\MyWebSearch\bar\1.bin\m3skplay.exe
C:\Program Files\MyWebSearch\bar\1.bin\m3slsrch.exe
C:\Program Files\MyWebSearch\bar\1.bin\m3srchmn.exe
C:\Program Files\MyWebSearch\bar\1.bin\mwsbar.dll
C:\Program Files\MyWebSearch\bar\1.bin\mwsoeplg.dll
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\avatar\common.f3s
C:\Program Files\MyWebSearch\bar\Cache\00097450
C:\Program Files\MyWebSearch\bar\Cache\003A99BA.bin
C:\Program Files\MyWebSearch\bar\Cache\003A9C13.bin
C:\Program Files\MyWebSearch\bar\Cache\003A9F5C.bin
C:\Program Files\MyWebSearch\bar\Cache\003AA0F6.bin
C:\Program Files\MyWebSearch\bar\Cache\003AA287.bin
C:\Program Files\MyWebSearch\bar\Cache\003AA526
C:\Program Files\MyWebSearch\bar\Cache\003AA77F.bin
C:\Program Files\MyWebSearch\bar\Cache\003AA96A.bin
C:\Program Files\MyWebSearch\bar\Cache\003AB684.bin
C:\Program Files\MyWebSearch\bar\Cache\003AC395.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\game\checkers.f3s
C:\Program Files\MyWebSearch\bar\game\chess.f3s
C:\Program Files\MyWebSearch\bar\game\reversi.f3s
C:\Program Files\MyWebSearch\bar\history\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\settings\s_pid.dat
C:\Program Files\MyWebSearch\srchastt\1.bin\mwssrcas.dll
C:\WINDOWS\system32\explore.exe
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\silc_dll.dll
C:\WINDOWS\system32\WinAvXX.exe


((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-31 )))))))))))))))))))))))))))))))


2007-08-31 18:50 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-31 18:31 9,728 --a------ C:\WINDOWS\wwwdac.exe
2007-08-31 18:02 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2007-08-31 18:02 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-08-31 18:02 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2007-08-31 18:02 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2007-08-31 18:02 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-08-31 17:15 49,152 --a------ C:\WINDOWS\system32\armaccess.dll
2007-08-31 10:53 39,424 --a------ C:\WINDOWS\system32\vtr.dll
2007-08-31 10:53 16,896 --a------ C:\WINDOWS\system32\printer.exe.ren
2007-08-23 23:47 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-07-23 14:54 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-07-23 13:18 8,576 --a------ C:\WINDOWS\system32\drivers\gehvjcedyhlb.sys
2007-07-23 12:02 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-07-23 11:57 8,576 --a------ C:\WINDOWS\system32\drivers\tfdlfjdmxwol.sys
2007-07-23 11:42 <DIR> d-------- C:\WINDOWS\system32\ActiveScan


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

08/31/2007 06:44 PM --------- d-------- C:\Program Files\Trojan Remover
08/31/2007 06:38 PM 8517 --a------ C:\dnsbak.reg
08/31/2007 06:22 PM --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
08/31/2007 06:02 PM --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Simply Super Software
08/31/2007 06:02 PM --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Simply Super Software
08/31/2007 05:03 PM --------- d-------- C:\Program Files\a-squared Free
08/30/2007 04:51 PM --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
08/30/2007 01:13 PM --------- d-------- C:\Program Files\DocQscribe
08/28/2007 05:53 PM --------- d-------- C:\Program Files\iTunes
08/28/2007 05:52 PM --------- d-------- C:\Program Files\iPod
08/24/2007 06:13 PM --------- d-------- C:\Program Files\Oberon Media
08/23/2007 11:47 PM --------- dr-h----- C:\DOCUME~1\Owner\APPLIC~1\SecuROM
08/23/2007 11:46 PM --------- d-------- C:\Program Files\Pogo Games
08/20/2007 08:55 PM --------- d-------- C:\Program Files\SpeedFan
08/16/2007 05:50 PM --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\PlayFirst
08/16/2007 05:50 PM --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
08/15/2007 12:50 AM --------- d-------- C:\Program Files\BadgeHelp
08/06/2007 12:56 AM --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Escape From Paradise
07/31/2007 11:35 AM --------- d-------- C:\Program Files\3B Software
07/31/2007 10:37 PM --------- d-------- C:\Program Files\MSN Messenger
07/31/2007 05:56 PM --------- d-------- C:\Program Files\Common Files\EasyInfo
07/30/2007 07:19 PM 92504 --a------ C:\WINDOWS\system32\cdm.dll
07/30/2007 07:19 PM 549720 --a------ C:\WINDOWS\system32\wuapi.dll
07/30/2007 07:19 PM 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
07/30/2007 07:19 PM 43352 --a------ C:\WINDOWS\system32\wups2.dll
07/30/2007 07:19 PM 325976 --a------ C:\WINDOWS\system32\wucltui.dll
07/30/2007 07:19 PM 271224 --a------ C:\WINDOWS\system32\mucltui.dll
07/30/2007 07:19 PM 207736 --a------ C:\WINDOWS\system32\muweb.dll
07/30/2007 07:19 PM 203096 --a------ C:\WINDOWS\system32\wuweb.dll
07/30/2007 07:19 PM 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
07/30/2007 07:18 PM 33624 --a------ C:\WINDOWS\system32\wups.dll
07/25/2007 04:14 PM --------- d-------- C:\Program Files\America Online 9.0
07/24/2007 06:40 PM --------- d-------- C:\Program Files\Keyboard Express 3
07/24/2007 06:38 PM --------- d-------- C:\Program Files\Common Files\Insight Software Solutions
07/24/2007 06:38 PM --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Insight Software
07/24/2007 06:32 PM --------- d-------- C:\Program Files\KeyText
07/24/2007 04:21 PM --------- d-------- C:\Program Files\TimeLeft3
07/24/2007 04:21 PM --------- d-------- C:\Program Files\PrintKey2000
07/24/2007 04:21 PM --------- d-------- C:\Program Files\1-Click Answers
07/24/2007 04:20 PM --------- d-------- C:\Program Files\Macrogaming
07/22/2007 02:46 PM --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TURCWYUJYG
07/17/2007 05:47 PM --------- d-------- C:\Program Files\QuickTime
07/11/2007 12:45 AM --------- d-------- C:\Program Files\MTV Networks
07/11/2007 06:41 PM --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Uniblue
07/03/2007 05:46 PM --------- d-------- C:\Program Files\Common Files\Apple
07/03/2007 05:46 PM --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
06/28/2007 12:35 PM --------- d-------- C:\Program Files\MSXML 6.0
06/28/2007 12:33 PM --------- d-------- C:\Program Files\MSBuild
06/28/2007 12:24 PM --------- d-------- C:\Program Files\Reference Assemblies
06/28/2007 12:21 PM --------- d-------- C:\Program Files\Windows Media Connect 2
06/28/2007 04:35 PM --------- d-------- C:\Program Files\Windows Live Safety Center
06/26/2007 02:08 AM 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
06/19/2007 09:31 AM 282112 --a------ C:\WINDOWS\system32\gdi32.dll
06/13/2007 06:23 AM 1033216 --a------ C:\WINDOWS\explorer.exe
06/03/2007 01:58 PM 73216 --a------ C:\WINDOWS\ST6UNST.EXE
06/03/2007 01:58 PM 249856 --------- C:\WINDOWS\Setup1.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [08/11/2007 08:11 PM]
"DoNotDelete"="C:\WINDOWS\system32\explore.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [03/01/2007 06:11 PM]
"DoNotDelete"="C:\WINDOWS\system32\explore.exe" []

C:\DOCUME~1\Owner\STARTM~1\Programs\Startup\
info.exe [8/31/2007 6:31:53 PM]
Registry Repair Pro.lnk - C:\Program Files\3B Software\Registry Repair Pro\RegistryRepairPro.exe [7/31/2007 11:35:20 AM]
Scheduler.lnk - C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe [7/31/2007 11:35:21 AM]
TimeLeft.lnk - C:\Program Files\TimeLeft3\TimeLeft.exe [8/31/2007 5:15:30 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\hadjajr.ini

R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys
R2 nhksrv;Netropa NHK Server;C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe
R3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys
S3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys


Contents of the 'Scheduled Tasks' folder
2007-08-28 21:40:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-31 19:04:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 08/31/2007 19:09:20 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 08/31/2007 07:08 PM

--- E O F ---


Here is the new OTL log:

OTL logfile created on: 10/30/2009 12:23:36 AM - Run 2
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Owner\Desktop\Bleeping Fixes
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.49 Mb Total Physical Memory | 191.88 Mb Available Physical Memory | 40.02% Memory free
1.85 Gb Paging File | 1.31 Gb Available in Paging File | 71.02% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.33 Gb Total Space | 21.15 Gb Free Space | 55.18% Space Free | Partition Type: NTFS
Drive D: | 180.78 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-C8B20C955
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/28 00:10:29 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Bleeping Fixes\OTL.exe
PRC - [2009/10/15 10:16:30 | 00,320,424 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2009/09/28 12:48:48 | 01,595,016 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
PRC - [2009/09/28 12:48:44 | 01,086,232 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
PRC - [2009/09/28 12:48:20 | 01,114,536 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
PRC - [2009/09/24 21:06:06 | 05,145,912 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/09/10 14:53:56 | 01,312,080 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/08/31 16:52:47 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/08/27 01:18:44 | 00,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/08/17 18:24:18 | 02,013,880 | ---- | M] (NesterSoft Inc.) -- C:\Program Files\TimeLeft3\TimeLeft.exe
PRC - [2009/06/23 17:23:48 | 00,600,944 | ---- | M] () -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe
PRC - [2009/03/30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 00,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
PRC - [2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/02/03 09:15:18 | 00,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/09 16:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/06/12 11:31:34 | 00,806,912 | ---- | M] (Answers Corporation) -- C:\Program Files\1-Click Answers\answers.exe
PRC - [2008/06/12 11:30:40 | 00,020,480 | ---- | M] (Answers Corporation) -- C:\Program Files\1-Click Answers\agtserv.exe
PRC - [2008/06/05 18:06:32 | 00,125,208 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
PRC - [2008/04/13 20:12:37 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskmgr.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/10/16 02:01:02 | 00,464,240 | ---- | M] (3B Software, Inc.) -- C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
PRC - [2007/08/31 17:15:33 | 02,312,704 | ---- | M] (Insight Software Solutions) -- C:\Program Files\Keyboard Express 3\keyexp.exe
PRC - [2007/07/24 17:07:08 | 00,180,224 | ---- | M] (Netropa Corp.) -- C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
PRC - [2006/10/18 20:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
PRC - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe
PRC - [2005/04/27 14:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2003/01/10 18:13:04 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2002/08/07 00:36:16 | 00,110,592 | ---- | M] () -- C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
PRC - [2001/11/14 04:03:12 | 00,090,112 | ---- | M] (Netropa Corp.) -- C:\Program Files\Netropa\Onscreen Display\OSD.exe
PRC - [2001/08/17 18:36:54 | 00,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\System32\pctspk.exe
PRC - [2001/08/06 06:41:48 | 00,028,672 | ---- | M] () -- C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/10/15 10:16:30 | 00,320,424 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV [Auto | Running])
SRV - [2009/09/28 12:49:07 | 00,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3 [On_Demand | Stopped])
SRV - [2009/09/28 12:48:48 | 01,595,016 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV [Auto | Running])
SRV - [2009/08/31 16:52:47 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/07/13 20:28:18 | 00,323,584 | ---- | M] (S.C. BitDefender S.R.L) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan [On_Demand | Stopped])
SRV - [2009/06/23 17:23:48 | 00,600,944 | ---- | M] () -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe -- (ioloSystemService [Auto | Running])
SRV - [2009/06/23 17:23:48 | 00,600,944 | ---- | M] () -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe -- (ioloFileInfoList [Auto | Running])
SRV - [2009/04/26 14:29:24 | 00,090,352 | ---- | M] (PC Pitstop LLC) -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling [Disabled | Stopped])
SRV - [2009/03/30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc [Auto | Running])
SRV - [2008/11/09 16:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running])
SRV - [2005/04/27 14:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean [Auto | Running])
SRV - [2004/04/21 12:16:02 | 01,434,848 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS [On_Demand | Stopped])
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/01/10 18:13:04 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService [Auto | Running])
SRV - [2001/08/17 18:36:54 | 00,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\System32\pctspk.exe -- (Pctspk [Auto | Running])
SRV - [2001/08/06 06:41:48 | 00,028,672 | ---- | M] () -- C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe -- (nhksrv [Auto | Running])

========== Modules (SafeList) ==========

MOD - [2009/10/28 00:10:29 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Bleeping Fixes\OTL.exe
MOD - [2009/10/07 11:48:34 | 00,282,624 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_55\plugin_fragments.m32
MOD - [2009/10/07 11:48:34 | 00,233,472 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_55\plugin_nt.m32
MOD - [2009/10/07 11:48:34 | 00,212,992 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_55\midas32.dll
MOD - [2009/10/07 11:48:34 | 00,172,032 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_55\plugin_extra.m32
MOD - [2009/10/07 11:48:34 | 00,126,976 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_55\plugin_registry.m32
MOD - [2009/10/07 11:48:34 | 00,122,880 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_55\plugin_base.m32
MOD - [2009/10/07 11:48:34 | 00,098,304 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_55\plugin_net.m32
MOD - [2008/06/12 11:31:04 | 00,053,248 | ---- | M] (Answers Corporation) -- C:\Program Files\1-Click Answers\agthook.dll
MOD - [2008/06/12 11:30:32 | 00,532,480 | ---- | M] (Answers Corporation) -- C:\Program Files\1-Click Answers\agtctrl.dll
MOD - [2008/06/12 11:30:28 | 00,028,672 | ---- | M] (Answers Corporation) -- C:\Program Files\1-Click Answers\agtthook.dll
MOD - [2008/06/12 11:30:26 | 00,032,768 | ---- | M] (Answers Corporation) -- C:\Program Files\1-Click Answers\agtproc.dll
MOD - [2008/06/12 11:30:22 | 00,040,960 | ---- | M] (Answers Corporation) -- C:\Program Files\1-Click Answers\agtpchnt.dll
MOD - [2008/06/12 11:30:14 | 00,028,672 | ---- | M] (Answers Corporation) -- C:\Program Files\1-Click Answers\agtcmpnt.dll
MOD - [2008/04/13 20:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2007/05/23 15:13:12 | 00,046,080 | ---- | M] (Insight Software Solutions) -- C:\Program Files\Keyboard Express 3\KEYHOOK.DLL
MOD - [2002/06/19 09:39:14 | 00,053,248 | ---- | M] (Netropa Corp.) -- C:\Program Files\Netropa\Multimedia Keyboard\nhkdll.dll

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\..\URLSearchHook: {6341761b-babe-406d-b0d6-8d99b81c2ee5} - C:\Program Files\Answers.com\tbAnsw.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn11\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\S-1-5-21-1275210071-1935655697-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/01 09:46:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/31 16:52:52 | 00,000,000 | ---D | M]


O1 HOSTS File: (56 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn11\yt.dll (Yahoo! Inc.)
O2 - BHO: (Answers.com Toolbar) - {6341761b-babe-406d-b0d6-8d99b81c2ee5} - C:\Program Files\Answers.com\tbAnsw.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn11\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn11\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn11\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\1-Click Answers.lnk = C:\Program Files\1-Click Answers\answers.exe (Answers Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Keyboard Express 3.lnk = C:\Program Files\Keyboard Express 3\keyexp.exe (Insight Software Solutions)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Scheduler.lnk = C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe (3B Software, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe (NesterSoft Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2009/06/15 22:44:24 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Answers... - C:\Program Files\1-Click Answers\Html\atiemenu.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2009/06/15 22:44:24 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2009/06/15 22:44:24 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2009/06/15 22:44:24 | 00,000,000 | ---D | M]
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 52 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 52 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 52 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1275210071-1935655697-1060284298-1003\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://clubgames.pogo.com/online2/pogop/lu...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} http://clubgames.pogo.com/online2/pogop/ma...mesLauncher.cab (SpinTop Games Launcher)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} http://clubgames.pogo.com/online2/pogop/sa...pt.1.0.0.21.cab (CPlayFirstSandScriptControl Object)
O16 - DPF: {D9E4E21E-60E0-11DA-91EB-00123F33E209} https://mq1webc2.speechmachines.org/Install...NInstaller2.cab (DNInstallerOCX Class)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://clubgames.pogo.com/online2/pogop/as...aploader_v6.cab (PopCapLoader Object)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/01 09:30:40 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/06/26 14:45:00 | 00,630,784 | R--- | M] (Electronic Arts Inc.) - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/06/26 14:45:00 | 00,630,784 | R--- | M] (Electronic Arts Inc.) - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/06/15 22:54:02 | 00,585,728 | R--- | M] (Electronic Arts Inc.) - D:\AutoRunGUI.dll -- [ CDFS ]
O32 - AutoRun File - [2007/06/26 14:46:06 | 00,000,144 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{2bfa8ff0-fcc4-11db-a8b1-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{2bfa8ff0-fcc4-11db-a8b1-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2bfa8ff0-fcc4-11db-a8b1-806d6172696f}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2007/06/26 14:45:00 | 00,630,784 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2007/06/26 14:45:00 | 00,630,784 | R--- | M] (Electronic Arts Inc.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/10/29 00:54:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/29 00:54:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/10/29 09:55:20 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/10/29 00:54:26 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/29 10:15:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\SWRegfolder
[2009/10/29 00:54:31 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/29 00:54:27 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/29 00:24:23 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/28 00:18:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Bleeping Fixes

========== Files - Modified Within 14 Days ==========

[2009/10/29 18:23:30 | 00,001,832 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Scheduler.lnk
[2009/10/29 18:23:17 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/29 18:21:33 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/29 18:21:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/29 18:21:08 | 50,284,9536 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/29 18:15:45 | 00,000,245 | ---- | M] () -- C:\WINDOWS\Msiosd.ini
[2009/10/29 17:17:46 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F6EBE20D-169B-4346-AC23-46B71F249DC9}.job
[2009/10/29 00:54:34 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/29 00:35:20 | 55,115,776 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009/10/29 00:24:28 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2009/10/28 22:21:40 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/28 21:25:09 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/26 11:10:46 | 00,002,402 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip
[2009/10/26 01:26:43 | 00,000,912 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/26 01:26:43 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/26 01:26:43 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/10/25 14:25:48 | 00,001,524 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DocQscribe.lnk

========== Files - No Company Name ==========
[2009/10/29 00:54:34 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/26 11:10:46 | 00,002,402 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip
[2009/10/25 14:25:47 | 00,001,524 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DocQscribe.lnk
[2009/08/13 12:20:44 | 00,938,328 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2009/08/13 12:18:12 | 00,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2009/07/15 12:29:29 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2009/07/11 00:31:13 | 00,000,622 | ---- | C] () -- C:\WINDOWS\RegGenie.ini
[2009/07/02 00:31:53 | 04,313,846 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/07/01 18:01:27 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/05/10 13:45:18 | 00,223,232 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2009/05/10 13:45:17 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\SQLiteWrapper.dll
[2009/01/15 13:45:34 | 00,181,248 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2009/01/11 15:02:50 | 00,027,184 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
[2008/07/29 18:14:07 | 00,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2008/06/30 18:40:13 | 00,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.INI
[2008/03/07 20:48:43 | 00,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2007/12/24 01:59:20 | 00,000,032 | ---- | C] () -- C:\WINDOWS\tdlp32.ini
[2007/08/31 18:02:54 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2007/08/31 18:02:54 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2007/08/31 18:02:54 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2007/08/31 18:02:54 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2007/08/31 17:15:31 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\armaccess.dll
[2007/07/21 14:02:55 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/11 16:03:56 | 00,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007/06/25 12:53:06 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/06 15:36:52 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/06/06 15:35:39 | 00,000,058 | ---- | C] () -- C:\WINDOWS\EPSONSC88+.ini
[2007/04/10 18:01:18 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/31 12:32:27 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2007/03/31 12:32:27 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/02/20 01:26:25 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/01/31 14:50:32 | 00,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2006/06/18 17:09:12 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/06/05 09:38:41 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/06/02 16:09:55 | 00,000,051 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2006/06/02 16:09:42 | 00,000,066 | ---- | C] () -- C:\WINDOWS\EPSC66EF.ini
[2006/06/02 15:06:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/02 15:06:17 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2006/06/02 15:06:17 | 00,000,245 | ---- | C] () -- C:\WINDOWS\Msiosd.ini
[2006/06/01 09:35:50 | 00,027,768 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/06/01 09:35:17 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2006/06/01 05:19:12 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/04 08:00:00 | 00,000,912 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/08/08 09:44:34 | 00,000,223 | ---- | C] () -- C:\WINDOWS\System32\pspveccomm.ini
[2001/05/03 08:03:58 | 00,000,221 | ---- | C] () -- C:\WINDOWS\System32\smcelp32.ini
[1999/11/05 10:42:36 | 00,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspusbct.ini
[1999/10/08 14:58:24 | 00,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspusblb.ini
[1998/12/11 11:55:00 | 00,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspsbext.ini
[1998/08/10 14:04:00 | 00,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspfidrv.ini
[1998/08/10 14:04:00 | 00,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspaudrv.ini
[1998/08/10 14:03:00 | 00,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspapdrv.ini
[1998/08/10 14:03:00 | 00,000,221 | ---- | C] () -- C:\WINDOWS\System32\mcipspwa.ini
[1998/08/10 14:03:00 | 00,000,221 | ---- | C] () -- C:\WINDOWS\System32\mcipspct.ini
[1998/08/10 14:02:00 | 00,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspfbase.ini
[1998/08/10 14:02:00 | 00,000,220 | ---- | C] () -- C:\WINDOWS\System32\pspwave.ini
[1998/08/10 14:02:00 | 00,000,219 | ---- | C] () -- C:\WINDOWS\System32\pspdss.ini
[1998/08/10 14:02:00 | 00,000,219 | ---- | C] () -- C:\WINDOWS\System32\pspddi.ini
[1996/04/03 15:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009/10/29 00:54:27 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/09/05 01:06:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AENGXCKABH
[2008/08/12 00:43:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AJNGXCKABH
[2009/09/10 22:59:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AONGXCKABH
[2009/09/28 12:36:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2008/10/22 10:48:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CCNGXCKABH
[2009/08/23 15:27:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CGNGXCKABH
[2007/10/30 15:11:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DocQscribe
[2007/06/23 12:17:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DQRCWYUJYG
[2008/01/03 16:08:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA
[2007/01/30 20:39:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2008/09/27 14:46:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GBNGXCKABH
[2009/01/11 09:48:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GNNGXCKABH
[2008/02/12 17:18:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HFEAIMZYXG
[2007/07/24 18:38:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software
[2006/06/02 16:25:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
[2009/08/13 12:48:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/07/04 01:20:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2007/09/17 18:44:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KeyText
[2007/12/25 17:38:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LQEAIMZYXG
[2008/10/16 00:49:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCNGXCKABH
[2007/10/24 11:08:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2007/10/24 11:09:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MotiveSysIDs
[2008/08/01 14:42:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/10/02 10:50:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2007/03/31 12:32:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2007/10/01 23:22:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2007/09/05 10:17:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PYRCWYUJYG
[2007/08/31 18:02:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2006/11/20 11:08:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeechMachines
[2008/12/02 01:48:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SWMGXCKABH
[2009/10/21 11:34:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/03/06 01:39:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TPRCWYUJYG
[2007/07/22 14:46:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TURCWYUJYG
[2008/10/29 12:07:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TVMGXCKABH
[2008/08/26 01:30:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UONGXCKABH
[2007/02/19 18:47:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/05/24 13:03:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VVMGXCKABH
[2008/09/29 23:06:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2008/10/08 16:15:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/01/01 12:52:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WMNGXCKABH
[2009/01/16 11:33:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XGNGXCKABH
[2008/04/22 00:58:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XJEAIMZYXG
[2007/11/02 18:25:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZORCWYUJYG
[2006/06/01 05:19:12 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2009/06/13 12:26:58 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Guest\Application Data
[2009/08/13 12:21:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2009/09/25 08:42:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2009/08/05 22:24:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2009/10/29 00:54:48 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Owner\Application Data
[2006/06/01 19:28:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ahead
[2008/12/02 01:43:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AweSEM
[2009/09/28 12:32:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitDefender
[2007/06/05 16:11:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EA
[2007/05/17 18:48:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FloodLightGames
[2008/08/30 14:58:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2008/07/28 00:49:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Hulabee
[2009/09/17 21:47:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iolo
[2007/02/17 00:48:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWin
[2006/06/02 16:11:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2008/09/10 21:47:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2007/10/27 00:03:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Move Networks
[2007/10/07 09:12:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NesterSoft
[2009/01/15 21:19:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Pogo Games
[2007/08/31 18:02:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Simply Super Software
[2007/02/19 18:48:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2009/07/16 17:32:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search
[2009/10/12 09:41:01 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/10/28 22:21:40 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 08:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/29 18:21:33 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/29 17:17:46 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F6EBE20D-169B-4346-AC23-46B71F249DC9}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\drwatson.exe:SummaryInformation
@Alternate Data Stream - 192 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07348C09
@Alternate Data Stream - 180 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EFDF5FB
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1880ACB
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A6AFE3D
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8E29393
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B7E8561
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8DFFF5E
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:588B60C7
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EC637CB
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B1CE48A
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D0C22DC
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15F163AE
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F3421F5
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40751495
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05113FB9
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A73EAFFB
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72DE5382
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3447AB86
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:06029D5A
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1D123B2B
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D240B1B9
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1109A4B
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38C65A30
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F43628AB
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A88A1788
< End of report >

Thanks so much for all of your help!!

Attached Files



#12 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 PM

Posted 30 October 2009 - 09:59 AM

Good morning, :(

A classic example of why Combofix should not be run unsupervised. Your Combofix log from 2007 shows that after you ran the application it left behind quite a bit of malware. :(

==========

We better take a deeper look....

First....

Please right click and delete and copies of Combofix that you might still have.

Next....

Download and Run ComboFix (by sUBs)

You must rename it before saving it.

Posted Image

Posted Image

Please download ComboFix from one of these locations:

Link 1
Link 2

Save thcbytes.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click on thcbytes.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


==========

With your next post please provide:

* Combofix.txt

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#13 Hotfootks

Hotfootks
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 31 October 2009 - 12:06 AM

:( Hiya,

Here is the log from ComboFix:

ComboFix 09-10-30.01 - Owner 10/31/2009 0:00.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.255 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\thcbytes.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\DinerDash.1.0.0.80
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\cup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\customer_cup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\heart.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_down.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_up.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\plates.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\ticket.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\tray.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_bring_check_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_diner.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_food_ready_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_gain_heart_1.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pencil_write_2.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_rollover_1.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_seat_people_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\choosedifficulty.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\credits.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_lose.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_win.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help1.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help2.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\highscores.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\mainmenu.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradegrid.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradetitle.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upsell.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalk.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalkup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancel.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancelup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\close.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\closeup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continueover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplay.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplayover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfoup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off_on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on_on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pause.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pauseover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgame.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgameover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegame.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegameover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submitup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagain.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagainover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_up.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobal.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobalup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscore.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscoreon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocal.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocalup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\comics\webcomic.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\career.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\customer.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\endless.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\global.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\powerups.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\stove.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\arrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\grab.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\open.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\arial.mvec
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\komikaaxis.mvec
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt2top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt4top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_off.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on1.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdown.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdownon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowleft.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowlefton.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowright.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowrighton.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowupon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\p1icon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\textedit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\title.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_d.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_d.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fifth_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\first_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fourth_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\second_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\playfirst_logo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\background.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\frames\upgrade_0001.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\upgrades.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\tableshadow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\choosedifficulty.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooseplayer.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooserestaurant.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\credits.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\game.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\gothighscore.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help2.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscore.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoreinfo.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoresubmit.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelintro.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelover.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\loading.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainloop.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainmenu.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\ok.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\pause.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\style.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\tutorialintro.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upgrade.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upsell.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\webcomic.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\yesno.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\aol_logo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\gamelabsplash.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\strings.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\check.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\checkmark.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\clock.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closed.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closingtime.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\dollar.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\coffee.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\tables.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\wallpaper.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expert.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expertscore.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\fork_timer.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\goalcompleted.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level_career.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\score.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\sound.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staroff.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staron.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumber.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumberup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\traynumber.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorial_character.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialarrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialbox.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\drinks.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\maitred.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\oven.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\select.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\shoes.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\stereo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\table.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\dinerdash.exe
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\dirty_dishes.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\foodtray.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart3.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\menu_down.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\menu_up.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\mop_prop.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\ticket.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a1.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a2.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a3.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a4.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\baby_cry.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\chef_cook1.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\closing_time.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\customer_ditch.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_down.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_up.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\drink_table.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\expert.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_deliver.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_pickup.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\keystroke2.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\level_lose.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\level_win.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\menu_click.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\menu_rollover.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\mop_pickup.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\mop_spill.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_bring_check_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dropoff_drinks_1.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_food_ready_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_gain_heart_1.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_menu_down.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pencil_write_2.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_seat_people_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\spill.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\table_drink.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\tip_2.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\flo_lose.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\flo_win.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\fullscreendialog.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\high_score_menu_bg.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelover.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu_logo.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\popup.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\popup.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\textfield.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\upgrade_lines.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_highlight.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_normal.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_selected.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_3.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_3.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a3.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_mask.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_mask.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_down.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_over.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_up.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\welcome_player.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\actionpoints.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\career.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\customer.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\endless.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\global.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\powerups.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cook\stove.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\arrow.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\click.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\click2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\grab.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\open.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\blue_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\legs.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\red_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\blue_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\legs.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\red_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_baby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\legs.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red_baby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\anim.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\anim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\blue_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\legs.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\red_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\idle.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\idle.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\lower.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\lower.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\upper.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\upper.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\fonts\mercurius.mvec
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\bench.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\bench.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\blue_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\chair.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\chair.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dirt2top.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dirt4top.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dishcart.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dishcart.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\green_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium_heart.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium_heart.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\purple_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\radio.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\red_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\spill.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\spill.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\stereo.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\ticketstation.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\ticketstation.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\yellow_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\family.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help_dividerline.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_colormatch1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_colormatch2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_noise.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_score.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_cleardishes.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_givecheck.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_pickupfood.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_servefood.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_takeorder.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\hiscore\local-hs-bb.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\hiscore\p1icon.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_1.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_2.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_3.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_4.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_5.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_6.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_a.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_b.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_c.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\playfirstlogo.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\background.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\grey.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\cup1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_0.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\props\cup_prop1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrades.xml
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\tableshadow.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\careerupgrade.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\choosedifficulty.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\closeconfirm.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\entername.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\game.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\getmoregames.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\help1.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\help2.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscore.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscoreinfo.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscoresubmit.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\levelintro.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\levelover.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\loading.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\mainloop.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\mainmenu.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\ok.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\pause.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\style.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\upgrade.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\upsell.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\yesno.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\splash\aol_logo.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\strings.xml
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\angersmoke.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\angersmoke.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_bubble.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_mop.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_rejectmeal.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\chairflags.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\chairflags.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\check.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\checkmark.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\closed.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\coinflip.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\coinflip.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\decor_lines.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\dollar.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\expert.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\foodpoof.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\foodpoof.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\heartgrow.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\heartgrow.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\jar.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\jar.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\lives_icon.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\noisering.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_d.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_e.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_f.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tablenumber_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tablenumber_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\traynumber.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tutorialarrow.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tutorialbox.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_base.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_hand.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_timer_off.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_timer_on.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgradeanim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd1.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd2.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd3.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd4.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\dinerdash2.exe
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\Downloaded Program Files\popcaploader.inf

.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-31 )))))))))))))))))))))))))))))))
.

2009-10-31 03:52 . 2009-10-31 03:53 -------- d-----w- C:\thcbytes
2009-10-29 13:55 . 2009-10-29 13:55 -------- d-----w- c:\program files\ESET
2009-10-29 04:54 . 2009-10-29 04:54 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-10-29 04:54 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-29 04:54 . 2009-10-29 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-29 04:54 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-29 04:54 . 2009-10-29 04:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-29 04:24 . 2009-10-29 04:24 -------- d-----w- C:\_OTL
2009-10-14 16:49 . 2009-10-14 16:49 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PCHealth
2009-10-09 17:35 . 2009-10-09 17:55 -------- d-----w- c:\program files\ThreatExpert Memory Scanner
2009-10-03 05:06 . 2009-10-03 05:07 -------- d-----w- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-31 03:36 . 2007-05-24 22:33 -------- d-----w- c:\program files\DocQscribe
2009-10-30 17:31 . 2009-07-16 21:28 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-30 17:29 . 2008-03-07 20:47 -------- d-----w- c:\program files\RogueRemover FREE
2009-10-29 20:44 . 2009-09-02 19:02 -------- d-----w- c:\program files\RegistryFix7
2009-10-29 20:29 . 2007-03-06 05:39 -------- d-----w- c:\program files\BadgeHelp
2009-10-21 23:49 . 2009-05-20 18:46 -------- d-----w- c:\program files\CleanUp!
2009-10-21 15:34 . 2006-11-07 05:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-11 18:28 . 2006-06-01 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2009-10-09 13:54 . 2009-06-29 18:12 152328 ----a-w- c:\windows\system32\drivers\bdfm.sys
2009-10-02 15:01 . 2009-07-11 05:01 -------- d-----w- c:\program files\PCPitstop
2009-10-02 14:50 . 2009-07-15 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2009-09-28 18:31 . 2006-06-01 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-28 16:49 . 2009-06-29 18:12 105736 ----a-w- c:\windows\system32\drivers\bdhv.sys
2009-09-28 16:36 . 2009-09-28 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-09-28 16:32 . 2009-09-28 16:32 -------- d-----w- c:\documents and settings\Owner\Application Data\BitDefender
2009-09-28 16:31 . 2009-09-28 16:29 -------- d-----w- c:\program files\Common Files\BitDefender
2009-09-28 16:21 . 2009-09-28 16:05 416005 ----a-w- C:\BdUninstallTool2009.09.28-12.05.50.reg
2009-09-28 16:02 . 2009-09-28 16:02 38 ----a-w- C:\BdUninstallTool2009.09.28-12.02.02.reg
2009-09-25 12:42 . 2009-08-13 16:21 -------- d-----w- c:\documents and settings\LocalService\Application Data\iolo
2009-09-24 02:28 . 2009-09-24 02:28 -------- d-----w- c:\program files\Common Files\Apple
2009-09-24 02:27 . 2007-12-17 15:59 -------- d-----w- c:\program files\QuickTime
2009-09-18 01:47 . 2009-08-13 16:13 -------- d-----w- c:\documents and settings\Owner\Application Data\iolo
2009-09-17 12:00 . 2009-07-16 21:25 -------- d-----w- c:\program files\Windows Desktop Search
2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 02:59 . 2009-09-11 02:29 -------- d-----w- c:\documents and settings\All Users\Application Data\AONGXCKABH
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-02 12:24 . 2006-08-17 19:18 -------- d-----w- c:\program files\TimeLeft3
2009-08-31 20:52 . 2008-12-04 15:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-29 07:36 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 19:09 . 2009-08-20 19:09 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-19 15:32 . 2009-08-19 15:32 0 ----a-w- C:\pcwords2.dat
2009-08-19 15:32 . 2009-08-19 15:32 0 ----a-w- C:\pcwords.dat
2009-08-19 15:32 . 2009-08-19 15:32 4 ----a-w- c:\windows\system32\aspdict-en.dat
2009-08-19 15:32 . 2009-08-19 15:32 16 ----a-w- c:\windows\system32\asdict.dat
2009-08-19 15:15 . 2008-03-17 18:46 81984 ----a-w- c:\windows\system32\bdod.bin
2009-08-13 16:18 . 2009-08-13 16:18 74703 ----a-w- c:\windows\system32\mfc45.dll
2009-08-10 14:34 . 2009-08-10 02:06 132 ----a-w- C:\httpdwl.dat
2009-08-10 14:34 . 2009-08-10 02:06 815 ----a-w- C:\rtsr_eml_sr.dat
2009-08-10 14:34 . 2009-08-10 02:06 141 ----a-w- C:\dwl.dat
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 00:44 . 2004-08-04 12:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

------- Sigcheck -------

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\Windows Updates\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\Windows Updates\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\Windows Updates\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\Windows Updates\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\Windows Updates\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\Windows Updates\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\Windows Updates\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\Windows Updates\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\Windows Updates\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\Windows Updates\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\Windows Updates\$NtUninstallKB917953$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\Windows Updates\$NtUninstallKB913446$\tcpip.sys

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\Windows Updates\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\Windows Updates\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\Windows Updates\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\Windows Updates\$hf_mig$\KB950974\SP2QFE\es.dll
[7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\Windows Updates\$NtUninstallKB950974$\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\Windows Updates\$NtUninstallKB950974_0$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\Windows Updates\$hf_mig$\KB902400\SP2QFE\es.dll
[7] 2004-08-04 12:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\Windows Updates\$NtUninstallKB902400$\es.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\Windows Updates\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\Windows Updates\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\Windows Updates\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\Windows Updates\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[7] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\Windows Updates\$NtUninstallKB951748$\mswsock.dll
[7] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\Windows Updates\$NtUninstallKB951748_0$\mswsock.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6341761b-babe-406d-b0d6-8d99b81c2ee5}"= "c:\program files\Answers.com\tbAnsw.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{6341761b-babe-406d-b0d6-8d99b81c2ee5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6341761b-babe-406d-b0d6-8d99b81c2ee5}]
2008-09-15 10:47 1784856 ----a-w- c:\program files\Answers.com\tbAnsw.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 125208]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-09-28 71152]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2009-09-28 1114536]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Scheduler.lnk - c:\program files\3B Software\Common\Scheduler\wcomschd.exe [2009-1-20 464240]
TimeLeft.lnk - c:\program files\TimeLeft3\TimeLeft.exe [2007-8-31 2013880]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
1-Click Answers.lnk - c:\program files\1-Click Answers\answers.exe [2007-8-31 806912]
Keyboard Express 3.lnk - c:\program files\Keyboard Express 3\keyexp.exe [2007-8-31 2312704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Registry Repair Pro.lnk]
backup=c:\windows\pss\Registry Repair Pro.lnkStartup
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Registry Repair Pro.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Scheduler.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Scheduler.lnk
backup=c:\windows\pss\Scheduler.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intelinet
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegGenie Scheduler

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-09-28 183880]
R3 PAC207;CIF USB Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-11-10 505984]
R4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [2009-04-26 90352]
S1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\DRIVERS\msikbd2k.sys [2001-12-20 6656]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-06-23 600944]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-06-23 600944]
S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2009-10-09 152328]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - 3B9607B1
*NewlyCreated* - 9548C497
*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - MBR
*NewlyCreated* - PCIIDEX_2
*Deregistered* - 3b9607b1
*Deregistered* - 9548c497
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
*Deregistered* - PCIIDEX_2
*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2009-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-10-31 c:\windows\Tasks\User_Feed_Synchronization-{F6EBE20D-169B-4346-AC23-46B71F249DC9}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 23:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Answers... - file://c:\program files\1-Click Answers\Html\atiemenu.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://clubgames.pogo.com/online2/pogop/mahjong_escape_ancient_japan/SpinTopGamesLauncher.cab
DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} - hxxp://clubgames.pogo.com/online2/pogop/sandscript/SandScript.1.0.0.21.cab
DPF: {D9E4E21E-60E0-11DA-91EB-00123F33E209} - hxxps://mq1webc2.speechmachines.org/Installer/DNInstaller2.cab
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

AddRemove-MahjSaf Buddy - Pogo Version_is1 - c:\program files\Mahjong Safari Buddy Pogo\unins000.exe
AddRemove-SpiderSol Buddy - Pogo Version_is1 - c:\program files\SpiderSol Buddy Pogo\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-31 00:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-10-31 0:44
ComboFix-quarantined-files.txt 2009-10-31 04:44
ComboFix2.txt 2007-08-31 23:09

Pre-Run: 22,811,074,560 bytes free
Post-Run: 22,521,425,920 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - B728BB4C18548A5BEB6AB92CCC366CD0


Thanks so much for all your help!!
Karen

#14 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 PM

Posted 31 October 2009 - 11:50 AM

Happy Halloween, :(

Much better. I bet your still having troubles with Bitdefender interfering though yes? I am not sure I am going to have a reasonable remedy other than changing your antivirus.

One last scan please.....

Perform an online scan with Kaspersky WebScanner. This can take a long time so please be patient.

If you have troubles getting it to run.... - STOP - and tell me about it!

(Requires free Java Runtime Environment (JRE) be installed before scanning for malware as ActiveX is no longer being used.)
  • Click on the Posted Image ...button.
  • The program will launch and fill in the Information section ... on the left.
  • Read the "Requirements and Limitations" then press... the Posted Image ...button.
  • The program will begin downloading the latest program and definition files.
    It takes a while... please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image ...button, if you made any changes.
  • Now under the Scan section on the left:Select My Computer
  • The program will start and scan your system. This will run for a while, be patient... let it run.
    Once the scan is complete, it will display if your system has been infected.
  • Save the scan results as a Text file ... save it to your desktop.
  • Copy and paste the saved scan results file in your next reply.
Posted Image

==========

With your next post please provide:

* Answer to question
* Kas scan results

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#15 Hotfootks

Hotfootks
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 01 November 2009 - 03:00 PM

:( Hiya,

Yes I am still having trouble with Bitdefender and have to disable the real time protection. As for Kaspersky, twice now it goes so far then stops running. The first time it stopped at 44% completed. I stopped the scan and restarted it. Now it has gotten to 74% completed and has stopped again. I am not sure why it is doing this. I did put Bitdefender on permanent disable of real time protection while trying to do this scan. Not sure if I should try again or just wait to see if the scan restarts itself.

This is what it shows so far:

Scan statistics

Objects scanned: 48914

Threats found: 0

Infected objects found: 0

Suspicious objects found: 0

Scan duration: 05:01:30
Scan beginning
Scanning in progress (74%)

Select the area for scanning in the Scan section of the left window part.

Last start:
Status:
Please wait, scanning can take some time depending upon the size of the area to scan. You can continue work with other browser windows.

Scanning: System.Web.Extensions.Design.ni.dll
Path: C:\WINDOWS\assemb...b8b342f66aedff5f8ef9


Thanks,
Karen

Edited by Hotfootks, 01 November 2009 - 03:34 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users