Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

suspected white smoke infection


  • This topic is locked This topic is locked
7 replies to this topic

#1 tjack

tjack

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 06 March 2011 - 04:51 PM

computer freezes, redirects,system tools took over last week. I removed with malibytes.
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jackie at 14:40:08.77 on Sun 03/06/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.137 [GMT -6:00]
.
AV: ESET Smart Security 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Vid HD\Vid.exe
C:\Program Files\ooVoo\oovoo.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Documents and Settings\Jackie\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uSearch Bar =
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearchAssistant =
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Shop to Win 2: {20fec4e7-f7b7-438b-8191-33d2efc5ebea} - c:\program files\shop to win 2\ShoppingBHO.dll
BHO: Surf Canyon Search Engine Assistant: {5ab7104a-b71f-49ad-9154-f7f8806ae848} - c:\program files\surf canyon\surfcanyon.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Simppull Toolbar: {627af46b-2076-42ae-a2fd-8428734d3e74} - c:\program files\simppulltoolbar\simppulldx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Updater For Simppull Toolbar: {c4b8bab4-1667-11df-a242-ba9455d89593} - c:\program files\simppulltoolbar\auxi\simppulltoolbAu.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Simppull Toolbar: {627af46b-2076-42ae-a2fd-8428734d3e74} - c:\program files\simppulltoolbar\simppulldx.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_0
uRun: [RegistryCleanFixMFC] c:\program files\registrycleaner\registrycleaner2008.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
uRun: [ooVoo.exe] c:\program files\oovoo\oovoo.exe /minimized
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [CinemaNowMediaManagerApp]
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\broderbund\broderbund party and crafts creator\pmremind.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\progra~1.lnk - c:\program files\citrix\ica client\pnagent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\309731\program\Updates from HP.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
IE: &Search
IE: Add To HP Organize... - c:\progra~1\hewlet~1\hporga~1\bin/module.main/favorites\ie_add_to.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: cinemanow.com
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: RaptisoftGameLoader - hxxp://real.gamehouse.com/games/raptisoft/raptisoftgameloader.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} - hxxp://games.bigfishgames.com/en_cooking-dash/online/CookingDashWeb.1.0.0.9.cab
DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://games.bigfishgames.com/en_chocolatier/online/ChocolatierWeb.1.0.0.13.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {38A5F6F0-0B64-421B-A553-3D49A76ECDCD} - hxxp://games.bigfishgames.com/en_mythic-marbles/online/MythicMarbles.1.0.0.2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195764695140
DPF: {74EF5274-F439-2168-B543-14745B625C72} - hxxp://games.bigfishgames.com/en_wedding-dash-2-rings-around-world-game/online/WeddingDash2Web.1.0.0.11.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://real.gamehouse.com/games/luxor/mjolauncher.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} - hxxp://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} - hxxp://games.bigfishgames.com/en_sweetopia/online/Sweetopia.1.0.0.20.cab
Filter: text/html - {a0f28e8c-fbb4-4984-b6c1-34fc018b4030} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
.
============= SERVICES / DRIVERS ===============
.
R2 ekrn;Eset Service;c:\program files\eset\eset smart security\ekrn.exe [2009-10-7 472280]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-30 24652]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-1-21 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-3-16 18560]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-6-27 11520]
.
=============== File Associations ===============
.
regfile=regedit.exe "%1" %*
scrfile="%1" %*
.
=============== Created Last 30 ================
.
2011-03-02 02:23:20 -------- d-----w- c:\docume~1\jackie\locals~1\applic~1\PackageAware
2011-03-01 04:30:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\eLcJjHp06504
2011-02-25 21:58:08 -------- d-----r- c:\program files\Skype
2011-02-21 23:32:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\EmailNotifier
2011-02-21 23:32:15 -------- d-----w- c:\program files\Yontoo Layers Client
2011-02-21 23:32:14 -------- d-----w- c:\program files\Surf Canyon
2011-02-21 23:32:02 -------- d-----w- c:\docume~1\jackie\applic~1\simppulltoolbar
2011-02-21 23:32:01 -------- d-----w- c:\program files\simppulltoolbar
2011-02-21 23:31:50 -------- d-----w- c:\docume~1\jackie\applic~1\FCSB000062035
2011-02-21 23:31:28 -------- d-----w- c:\program files\Shop to Win 2
.
==================== Find3M ====================
.
2011-02-03 03:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 01:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-15 00:51:20 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38:47 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:05 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2006-06-03 17:12:58 774144 -c--a-w- c:\program files\RngInterstitial.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3100011A rev.3.02 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86F26439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86f2c7b8]; MOV EAX, [0x86f2c834]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x86F72AB8]
3 CLASSPNP[0xF7736FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000069[0x86F76F18]
5 ACPI[0xF768D620] -> nt!IofCallDriver[0x804E37D5] -> [0x86F8FD98]
\Driver\atapi[0x86F90DF0] -> IRP_MJ_CREATE -> 0x86F26439
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5c; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST3100011A______________________________3.02____#5&35840656&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x86F2627F
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 14:42:25.53 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:13 AM

Posted 07 March 2011 - 03:46 PM

Good evening. :)

Take a trip to this webpage for download links and instructions for running Combofix by sUBs.*

  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply.
  • Let me know how the PC is behaving.
* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console so, should you choose not to allow the installation, you may not get the results you hoped for.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for either.

So long, and thanks for all the fish.

 

 


#3 tjack

tjack
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 07 March 2011 - 06:51 PM

Thanks for your help! I followed the insructions and ran ComdoFix. It was a bit tricky until I restarted windows. It kept telling me I had a corrupt download. The computer is mostly running normal maybe a little slow. Here is the log. And thanks agian for your time.

ComboFix 11-03-07.02 - Jackie 03/07/2011 16:54:33.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.650 [GMT -6:00]
Running from: c:\documents and settings\Jackie\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jackie\Application Data\.#
c:\program files\Freeze.com Toolbar
c:\program files\Freeze.com Toolbar\basis.xml
c:\program files\Freeze.com Toolbar\freeze.bmp
c:\program files\Freeze.com Toolbar\frzToolbar_logo.bmp
c:\program files\Freeze.com Toolbar\icons.bmp
c:\program files\Freeze.com Toolbar\options.html
c:\program files\Freeze.com Toolbar\powered_yahoo_search.bmp
c:\program files\Freeze.com Toolbar\version.txt
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\dirty_dishes.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\foodtray.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart3.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\menu_down.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\menu_up.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\mop_prop.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\ticket.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a1.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a2.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a3.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a4.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\baby_cry.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\chef_cook1.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\closing_time.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\customer_ditch.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_down.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_up.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\drink_table.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\expert.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_deliver.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_pickup.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\keystroke2.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\level_lose.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\level_win.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\menu_click.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\menu_rollover.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\mop_pickup.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\mop_spill.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_bring_check_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dropoff_drinks_1.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_food_ready_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_gain_heart_1.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_menu_down.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pencil_write_2.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_seat_people_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\spill.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\table_drink.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\tip_2.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\flo_lose.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\flo_win.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\fullscreendialog.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\high_score_menu_bg.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelover.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu_logo.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\popup.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\popup.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\textfield.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\upgrade_lines.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_highlight.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_normal.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_selected.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_3.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_3.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a3.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_mask.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_mask.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_down.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_over.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_up.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\welcome_player.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\actionpoints.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\career.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\customer.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\endless.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\global.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\powerups.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cook\stove.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\arrow.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\click.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\click2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\grab.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\open.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\blue_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\legs.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\red_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\blue_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\legs.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\red_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_baby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\legs.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red_baby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\anim.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\anim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\blue_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\legs.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\red_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\idle.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\idle.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\lower.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\lower.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\upper.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\upper.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\fonts\mercurius.mvec
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\bench.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\bench.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\blue_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\chair.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\chair.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dirt2top.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dirt4top.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dishcart.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dishcart.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\green_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium_heart.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium_heart.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\purple_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\radio.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\red_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\spill.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\spill.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\stereo.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\ticketstation.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\ticketstation.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\yellow_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\family.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help_dividerline.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_colormatch1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_colormatch2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_noise.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_score.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_cleardishes.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_givecheck.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_pickupfood.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_servefood.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_takeorder.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\hiscore\local-hs-bb.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\hiscore\p1icon.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_1.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_2.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_3.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_4.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_5.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_6.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_a.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_b.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_c.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\playfirstlogo.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\background.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\grey.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\cup1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_0.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\props\cup_prop1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrades.xml
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\tableshadow.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\careerupgrade.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\choosedifficulty.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\closeconfirm.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\entername.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\game.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\getmoregames.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\help1.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\help2.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscore.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscoreinfo.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscoresubmit.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\levelintro.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\levelover.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\loading.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\mainloop.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\mainmenu.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\ok.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\pause.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\style.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\upgrade.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\upsell.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\yesno.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\splash\aol_logo.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\strings.xml
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\angersmoke.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\angersmoke.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_bubble.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_mop.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_rejectmeal.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\chairflags.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\chairflags.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\check.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\checkmark.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\closed.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\coinflip.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\coinflip.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\decor_lines.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\dollar.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\expert.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\foodpoof.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\foodpoof.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\heartgrow.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\heartgrow.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\jar.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\jar.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\lives_icon.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\noisering.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_d.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_e.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_f.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tablenumber_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tablenumber_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\traynumber.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tutorialarrow.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tutorialbox.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_base.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_hand.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_timer_off.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_timer_on.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgradeanim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd1.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd2.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd3.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd4.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\dinerdash2.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\activextest.bat
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\Music\Level01.ogg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\Music\Level01B.ogg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ALARM01.ogg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ALARM02.ogg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ALARM03.ogg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ANYLOOP.ogg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_BONUS100.ogg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_BUMPSCENERY01.ogg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_BUMPSWEET01.ogg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_BUTTONCLICK.ogg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_CASCADEGOOD.ogg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_COMBOGOOD.ogg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_FAILED.ogg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_FIREWOOSH01.ogg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_KATEHURRAY01.ogg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_KATEHURRAY02.ogg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_KEYSTROKE.ogg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_LAUNCHERDOWN.ogg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_POP01.ogg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_PRODUCTION01.ogg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_PUREWIND.ogg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_PUSHERBONUS.ogg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_PUSHERPOP.ogg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ROLLINGEND.ogg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ROLLINGLOOP.ogg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ROLLINGSTART.ogg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_SHERBETDONE.ogg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_SHUFFLE.ogg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_SUCKEREND.ogg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_SUCKERLOOP.ogg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_SUCKERSTART.ogg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_SWAP.ogg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_TRANSITION.ogg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\arcadepanel.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\dialog.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\fullscreendialoglocal.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\infodialog.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\longdialog.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\panel.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\screenshots.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\submitdialog.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\textfield.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\backgrounds\yesnodialog.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowdown_down.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowdown_over.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowdown_up.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowleft_down.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowleft_over.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowleft_up.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowright_down.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowright_over.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowright_up.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowup_down.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowup_over.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\bluearrowup_up.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\buttondown.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\buttonrollover.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\buttonup.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\checkdown.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\checkup.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\choosenamedown.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\choosenameover.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\long_button_down.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\long_button_over.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\long_button_up.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\sliderknob.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\sliderknobover.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\buttons\sliderrail.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\cursor\cursor.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\cursor\nocursor.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\fonts\main.mvec
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Comic\Intros.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Comic\TipWindow.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\FX\FX_Flame.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\FX\FX_Hot.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\FX\FX_PowerUp.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\FX\FX_Ring.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\FX\FX_Sherbet.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\FX\FX_Steam.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\FX\FX_SugarFloor.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\FX\FX_White.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach01_PistonA.mesh
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach01A.mesh
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach02_RingA.mesh
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach02A.mesh
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach03_HammerA.mesh
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach03A.mesh
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach04_CrankA.mesh
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach04A.mesh
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach05A.mesh
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach06_CrossA.mesh
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach06_PistonA.mesh
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach06A.mesh
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach07A.mesh
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach08A.mesh
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach09A.mesh
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Mixers\MixerBase01A.mesh
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Mixers\MixerBase02A.mesh
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Mixers\MixerTop01A.mesh
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Mixers\MixerTop01B.mesh
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Mixers\MixerTop02A.mesh
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Mixers\MixerTop02B.mesh
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleBase.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleDoor.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHead.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHead2.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHole.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHoleA.mesh
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHoleB.mesh
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHurray1.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHurray2.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleKateAhead.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleKateFire.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleKateLeft.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleKateRight.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleSling.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleSlingA.mesh
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleTop.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleTunnel.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Sucker\SuckerTop.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Sucker\SuckerWind.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Textures\Glass\Glass01.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Textures\Ingredients\Ingredient02.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Textures\Machines\Mach02A.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Textures\Walls\Wall02.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Vats\Vat01A.mesh
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Vats\Vat01B.mesh
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Vats\Vat01C.mesh
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Vents\Joints\JointCross01A.mesh
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Vents\Joints\JointStraight01A.mesh
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Vents\Vent01.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Walls\Wall01A.mesh
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Walls\Wall01B.mesh
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Walls\Wall02A.mesh
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Walls\Wall02B.mesh
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Walls\Wall03A.mesh
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Models\Walls\Wall03B.mesh
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Channels\Channel06.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Channels\ChannelShadow.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Channels\InsChannel.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Floors\Floor01.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Pusher\Pusher.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Pusher\PusherBang.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Pusher\PusherWheel.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Shadows\Shadow01.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Shadows\Shadow02.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetA.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetC.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetC_S.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetG.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetG_S.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetH.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetP.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetP_S.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetPUs.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetR.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetR_S.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetS.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetS_S.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetShine.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Vat\MacLight01.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\Textures\Vat\VatPipes01.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\UI\InGame\PUDialog.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\UI\Instructions\InstBackdrop.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\UI\Instructions\SweetTypes.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\UI\Loading\LoadingBar.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\UI\Loading\LoadingScreen.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\UI\MainMenu\MainMenuScreen.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\UI\Pointers\InGameHole.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Game\UI\Pointers\InGamePointer.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\hiscore\global-hs-bb_large.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\hiscore\global-hs-bb_small.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\hiscore\hi.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\hiscore\local-hs-bb.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\hiscore\p1icon.png
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A01.lev
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A02.lev
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A03.lev
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A04.lev
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A05.lev
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A06.lev
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A07.lev
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A08.lev
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A09.lev
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\A10.lev
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C01.lev
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C02.lev
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C03.lev
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C04.lev
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C05.lev
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C06.lev
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C07.lev
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C08.lev
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C09.lev
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\C10.lev
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Levels\TestPlay.lev
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Pages\Complete.Pag
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Pages\CPaused.Pag
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Pages\Ins.Pag
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Pages\MoreInfo.Pag
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Pages\TIP_K1.Pag
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Pages\Tip_L1C.Pag
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Pages\Tip_L1D.Pag
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Pages\Tip_L1E.Pag
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Pages\Tip_L5A.Pag
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\arcade.lua
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\chooseplayer.lua
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\complete.lua
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\continue.lua
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\credits.lua
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\entername.lua
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\game.lua
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\hiscore.lua
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\hiscoreinfo.lua
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\hiscoresubmit.lua
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\instructions.lua
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\loading.lua
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\mainloop.lua
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\mainmenu.lua
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\moreinfo.lua
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\ok.lua
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\options.lua
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\pause.lua
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\pieye.lua
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\style.lua
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Scripts\yesno.lua
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Splash\PiEyeGames_logo.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Splash\playfirst_aol_logo.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\Splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\strings.xml
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\assets\xsellstyle.lua
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\EULA.txt
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\readme.htm
c:\windows\Downloaded Program Files\Sweetopia.1.0.0.20\Sweetopia.exe
c:\windows\system32\LogFiles\HTTPERR\httperr1.log
c:\windows\wiaserviv.log
D:\Autorun.inf
c:\windows\system32\LogFiles . . . . Failed to delete
c:\windows\system32\LogFiles\WUDF\WUDFTrace.etl . . . . Failed to delete
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_6to4
.
.
((((((((((((((((((((((((( Files Created from 2011-02-07 to 2011-03-07 )))))))))))))))))))))))))))))))
.
.
2011-03-07 22:44 . 2011-03-07 22:44 -------- d-----w- C:\32788R22FWJFW
2011-03-07 22:14 . 2011-03-07 22:14 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-03-05 17:50 . 2011-03-05 17:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-03-03 23:38 . 2011-03-03 23:38 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-03-02 02:23 . 2011-03-02 02:23 -------- d-----w- c:\documents and settings\Jackie\Local Settings\Application Data\PackageAware
2011-03-01 04:30 . 2011-03-02 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\eLcJjHp06504
2011-02-25 22:00 . 2011-02-26 22:04 -------- d-----w- c:\documents and settings\Jackie\Application Data\skypePM
2011-02-25 21:58 . 2011-02-25 21:58 -------- d-----w- c:\program files\Common Files\Skype
2011-02-25 21:58 . 2011-02-25 21:58 -------- d-----r- c:\program files\Skype
2011-02-25 21:58 . 2011-03-05 01:24 -------- d-----w- c:\documents and settings\Jackie\Application Data\Skype
2011-02-21 23:32 . 2011-02-21 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\EmailNotifier
2011-02-21 23:32 . 2011-02-21 23:32 -------- d-----w- c:\program files\Yontoo Layers Client
2011-02-21 23:32 . 2011-02-21 23:32 -------- d-----w- c:\program files\Surf Canyon
2011-02-21 23:32 . 2011-02-21 23:35 -------- d-----w- c:\documents and settings\Jackie\Application Data\simppulltoolbar
2011-02-21 23:32 . 2011-02-21 23:32 -------- d-----w- c:\program files\simppulltoolbar
2011-02-21 23:31 . 2011-02-21 23:31 -------- d-----w- c:\documents and settings\Jackie\Application Data\FCSB000062035
2011-02-21 23:31 . 2011-02-21 23:31 -------- d-----w- c:\program files\Shop to Win 2
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 22:07 . 2011-03-07 22:07 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2011-03-07 22:07 . 2011-03-07 22:07 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2011-02-03 03:40 . 2010-08-31 21:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 01:19 . 2007-05-19 12:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-21 14:44 . 2004-08-04 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-16 18:00 . 2011-01-16 18:00 53248 ----a-r- c:\documents and settings\Jackie\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-01-07 14:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-04 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-21 00:09 . 2009-03-09 02:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 00:08 . 2008-05-28 02:48 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 23:59 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2004-08-04 11:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-15 00:51 . 2009-03-17 21:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-12-15 00:51 . 2007-11-21 02:27 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-12-09 15:15 . 2004-08-04 18:00 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2004-08-04 12:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-04 18:00 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2006-06-03 17:12 . 2006-06-03 17:13 774144 -c--a-w- c:\program files\RngInterstitial.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA}]
2011-02-21 23:31 677376 ----a-w- c:\program files\Shop to Win 2\ShoppingBHO.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{627af46b-2076-42ae-a2fd-8428734d3e74}]
2010-02-10 16:36 86016 ----a-w- c:\program files\simppulltoolbar\simppulldx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4B8BAB4-1667-11DF-A242-BA9455D89593}]
2009-10-20 15:50 258008 ----a-w- c:\program files\simppulltoolbar\auxi\simppulltoolbAu.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{627af46b-2076-42ae-a2fd-8428734d3e74}"= "c:\program files\simppulltoolbar\simppulldx.dll" [2010-02-10 86016]
.
[HKEY_CLASSES_ROOT\clsid\{627af46b-2076-42ae-a2fd-8428734d3e74}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"ooVoo.exe"="c:\program files\ooVoo\oovoo.exe" [2011-01-25 22504120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-10-07 1461080]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-08 165208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Event Reminder.lnk - c:\program files\Broderbund\Broderbund Party and Crafts Creator\pmremind.exe [2007-1-13 331776]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-5 258048]
Microsoft Office.lnk - c:\microsoft office\Office10\OSA.EXE [2001-2-13 83360]
Program Neighborhood Agent.lnk - c:\program files\Citrix\ICA Client\pnagent.exe [2007-3-3 233744]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2005-4-22 45056]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:ooVoo TCP port 443
"443:UDP"= 443:UDP:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:ooVoo UDP port 37675
.
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [10/7/2009 9:16 AM 472280]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/30/2009 4:44 AM 24652]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [1/21/2010 3:24 PM 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 7:58 AM 20480]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [3/16/2008 10:04 AM 18560]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [6/27/2010 11:20 AM 11520]
.
Contents of the 'Scheduled Tasks' folder
.
2011-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-03-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-03 02:12]
.
2011-03-03 c:\windows\Tasks\User_Feed_Synchronization-{6245849D-0570-458F-9474-69DEEAFC0D38}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
Trusted Zone: cinemanow.com
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: RaptisoftGameLoader - hxxp://real.gamehouse.com/games/raptisoft/raptisoftgameloader.cab
DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://games.bigfishgames.com/en_chocolatier/online/ChocolatierWeb.1.0.0.13.cab
DPF: {74EF5274-F439-2168-B543-14745B625C72} - hxxp://games.bigfishgames.com/en_wedding-dash-2-rings-around-world-game/online/WeddingDash2Web.1.0.0.11.cab
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{E4E6BF2A-1667-11DF-A01F-1F9655D89593} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-RegistryCleanFixMFC - c:\program files\RegistryCleaner\registrycleaner2008.exe
HKLM-Run-CinemaNowMediaManagerApp - (no file)
AddRemove-Audacity 1.3 Beta_is1 - g:\audacity 1.3 beta\unins000.exe
AddRemove-Plants vs. Zombies - c:\program files\PopCap Games\Plants vs. Zombies\PopUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-07 17:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2152147794-787951911-432138052-1010\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:46,33,d3,b4,1b,68,e4,06,3f,06,99,38,4b,94,a0,a9,86,a7,f0,36,f1,d7,da,
b0,55,47,7b,27,8b,ec,46,ef,ea,31,3f,a3,31,1f,d0,3f,b3,19,21,be,e4,d9,89,4a,\
"??"=hex:d3,60,59,c0,01,8e,e6,12,63,a6,28,f2,12,eb,a1,ea
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2480)
c:\windows\system32\WININET.dll
c:\windows\system32\logishrd\LVPrcInj01.dll
c:\docume~1\Jackie\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\System32\snmp.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-03-07 17:22:19 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-07 23:21
.
Pre-Run: 58,717,913,088 bytes free
Post-Run: 59,245,563,904 bytes free
.
- - End Of File - - 3DE2F5D65E7AD7AF00629BBE92DF2EF7

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:13 AM

Posted 08 March 2011 - 04:00 PM

Good evening. :)

The "corrupt download" could have been caused by the intervention of the nasty that CF appears to have sorted. I'd like a second opinion on the system and then we'll look at tidying-up and shipping out.

Download Malwarebytes' Anti-Malware from here and save it to your Desktop - unless you already have it, in which case skip to the "updating" bit below.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • Ensure a checkmark is placed next to both Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware and then click Finish.
  • If an update is found, it will download and install the latest version - you'll need to clear it with your firewall.
  • Once the program has loaded, select Perform full scan and then Scan.
  • When the scan has finished, click OK and then Show Results to view the results - no surprise there!
  • If MBAM finds anything, check the box(es) and click Remove Selected.
  • Please note - Leave unchecked any boxes that have \System Volume Information\ in the filepath. These pose no immediate risk to your PC unless you use System Restore and will be dealt with later.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Let me have the MBAM log, a fresh DDS log AND a description of how your PC is behaving.

So long, and thanks for all the fish.

 

 


#5 tjack

tjack
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 08 March 2011 - 11:47 PM

Thanks agaiin for your help. I ran the scans. The computer is running normal.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5993

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/8/2011 6:45:29 PM
mbam-log-2011-03-08 (18-45-29).txt

Scan type: Full scan (C:\|)
Objects scanned: 360755
Time elapsed: 3 hour(s), 8 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
.


DDS (Ver_11-03-05.01) - NTFSx86
Run by Jackie at 22:40:29.18 on Tue 03/08/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.284 [GMT -6:00]
.
AV: ESET Smart Security 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Logitech\Vid HD\Vid.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\ooVoo\oovoo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jackie\Desktop\dad's\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Shop to Win 2: {20fec4e7-f7b7-438b-8191-33d2efc5ebea} - c:\program files\shop to win 2\ShoppingBHO.dll
BHO: Surf Canyon Search Engine Assistant: {5ab7104a-b71f-49ad-9154-f7f8806ae848} - c:\program files\surf canyon\surfcanyon.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Simppull Toolbar: {627af46b-2076-42ae-a2fd-8428734d3e74} - c:\program files\simppulltoolbar\simppulldx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Updater For Simppull Toolbar: {c4b8bab4-1667-11df-a242-ba9455d89593} - c:\program files\simppulltoolbar\auxi\simppulltoolbAu.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Simppull Toolbar: {627af46b-2076-42ae-a2fd-8428734d3e74} - c:\program files\simppulltoolbar\simppulldx.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_0
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
uRun: [ooVoo.exe] c:\program files\oovoo\oovoo.exe /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\broderbund\broderbund party and crafts creator\pmremind.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\progra~1.lnk - c:\program files\citrix\ica client\pnagent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\309731\program\Updates from HP.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
IE: Add To HP Organize... - c:\progra~1\hewlet~1\hporga~1\bin/module.main/favorites\ie_add_to.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: cinemanow.com
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: RaptisoftGameLoader - hxxp://real.gamehouse.com/games/raptisoft/raptisoftgameloader.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} - hxxp://games.bigfishgames.com/en_cooking-dash/online/CookingDashWeb.1.0.0.9.cab
DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://games.bigfishgames.com/en_chocolatier/online/ChocolatierWeb.1.0.0.13.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {38A5F6F0-0B64-421B-A553-3D49A76ECDCD} - hxxp://games.bigfishgames.com/en_mythic-marbles/online/MythicMarbles.1.0.0.2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195764695140
DPF: {74EF5274-F439-2168-B543-14745B625C72} - hxxp://games.bigfishgames.com/en_wedding-dash-2-rings-around-world-game/online/WeddingDash2Web.1.0.0.11.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://real.gamehouse.com/games/luxor/mjolauncher.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} - hxxp://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} - hxxp://games.bigfishgames.com/en_sweetopia/online/Sweetopia.1.0.0.20.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R2 ekrn;Eset Service;c:\program files\eset\eset smart security\ekrn.exe [2009-10-7 472280]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-30 24652]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-1-21 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-6-27 11520]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-3-16 18560]
.
=============== Created Last 30 ================
.
2011-03-07 22:45:02 98816 ----a-w- c:\windows\sed.exe
2011-03-07 22:45:02 89088 ----a-w- c:\windows\MBR.exe
2011-03-07 22:45:02 256512 ----a-w- c:\windows\PEV.exe
2011-03-07 22:45:02 161792 ----a-w- c:\windows\SWREG.exe
2011-03-07 22:43:00 -------- d-----w- C:\32788R22FWJFW.0.tmp
2011-03-02 02:23:20 -------- d-----w- c:\docume~1\jackie\locals~1\applic~1\PackageAware
2011-03-01 04:30:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\eLcJjHp06504
2011-02-25 21:58:08 -------- d-----r- c:\program files\Skype
2011-02-21 23:32:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\EmailNotifier
2011-02-21 23:32:15 -------- d-----w- c:\program files\Yontoo Layers Client
2011-02-21 23:32:14 -------- d-----w- c:\program files\Surf Canyon
2011-02-21 23:32:02 -------- d-----w- c:\docume~1\jackie\applic~1\simppulltoolbar
2011-02-21 23:32:01 -------- d-----w- c:\program files\simppulltoolbar
2011-02-21 23:31:50 -------- d-----w- c:\docume~1\jackie\applic~1\FCSB000062035
2011-02-21 23:31:28 -------- d-----w- c:\program files\Shop to Win 2
.
==================== Find3M ====================
.
2011-03-07 22:07:29 45056 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\uninstallui\eHelpSetup.exe
2011-03-07 22:07:29 44032 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\scripts\devcon.exe
2011-02-03 03:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 01:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-15 00:51:20 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38:47 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:05 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2006-06-03 17:12:58 774144 -c--a-w- c:\program files\RngInterstitial.dll
.
============= FINISH: 22:41:26.90 ===============

Attached Files



#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:13 AM

Posted 09 March 2011 - 02:32 PM

Good evening. :)

Given that all seems to be well your end, we'll call this one done.

Your system has traces of a previous version of Sun Java that need removing:

Download JavaRa from here and save it to your Desktop.
You will need to extract the file(s):

Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish


***Please close any instances of Internet Explorer before continuing!***

  • Double-click JavaRa.exe to begin.
  • Pick your preferred language from the drop-down menu and click Select.
  • Click on Remove Older Versions to remove older version of Java - obvious really, isn't it!
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location, just in case you have any problems with Java afterwards.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The following steps will serve as a spring clean for your PC. Not all of them will be of benefit to your PC as this is a general post, but the overall effect should be positive.

1) Go to Start > Control Panel > Add/Remove Programs and remove any programs that you no longer use and then reboot your PC.

2) Download TFC by OldTimer from here and save it to your Desktop.
  • You will need to close all open programs and save any work as TFC will require a reboot.
  • Double-click TFC.exe to run it. (Note: If you are using Vista, right-click the file and select Run As Administrator from the menu that appears).
  • Click the Start button to begin. Depending on how often you clean temp files, execution time could be anywhere from a few seconds to a minute or two - just sit back and enjoy the view.
  • Once it has finished it should reboot your PC all by itself. If it does not, please manually reboot.
  • Once rebooted your PC will run like a Cray supercomputer, or at least have less junk on the hard drive - OT's not a miracle worker you know!
  • Please note that this tool will empty the Recycle Bin as part of it's actions. If you have anything in there that you haven't finished with, move it first.

3) Double click My Computer.
Right click the disc drive you wish to check.
Click Properties.
In the Properties dialog box, click the Tools Tab.
Under Error-checking, click the Check Now button.
In the "Check Disc Local Disk (C:)" dialog box, check both Automatically fix file system errors and Scan for and attempt recovery of bad sectors, and then click Start.

This will look for and attempt to repair any errors that your hard drive has.

4) Defragment your hard drive. A tutorial for disc defragmentation is available here.

I happen to prefer a third-party defrag tool to the one that Windows offers. You can read about it, and find a linky, here - it's free too!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I want you to run your PC as normal for a few days and when you are happy that everything is fine, do the following:

Go to Start > Run, enter the following into the textbox and click OK: ComboFix /Uninstall
This will uninstall Combofix and do a little housework besides.

Create a new Restore Point with a memorable name - this will give a clean one should you need it in the future. If you use a Restore Point from before this point you may reinstall any infection that was present at the time, so only do so if using this latest one doesn't solve any issues.
A tutorial for System Restore is available here.

Some bedtime reading: This is a very good tutorial about keeping your computer safe and secure on the internet. It's a little old, but still contains some good ideas.

So long, and thanks for all the fish.

 

 


#7 tjack

tjack
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 09 March 2011 - 07:47 PM

Ok will do and thanks agian.

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:13 AM

Posted 12 March 2011 - 02:53 PM

As this issue appears to have been resolved, this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users