Browser redirect that won't go away

Inactive
By Daniellececile
Mar 1, 2012
Topic Status:
Not open for further replies.
  1. Hi,
    The other day my mom asked me to take a look at her computer because spy-bot had detected a virus of some sort and google had been redirecting her to ad sites. I did a scan with AVG and it found several 'untrusted certificate issued by Generic 726" and Trojan horse Generic27.ABPZ. Using AVG I moved them to the virus vault and successfully deleted them. I then ran Malwarebytes Anti-Malware and everything seemed okay.

    Today when I got home from school there were more problems.
    My mom had run CWShredder and it found and removed svchost32, but everytime she ran Shredder it would find svchost32 again.
    AVG's Resident Shield was up and had detected "Trojan horse Proxy.ASZP" and a file signed but an untrusted certificate issued by Generic.726. When I clicked remove all unhealed infections these came up as inaccessible.
    I ran Shredder and removed svchost32, and also ran AVG full computer scan and Malwarebytes.
    AVG is still running, but Malwarebytes came up with Adware.180Solutions. I removed this, saved the log and closed Malwarebytes.
    Other than this, I checked my internet options to ensure nothing was changed there, and everything seems normal. I reset my IE8 add-on's just in case.
    Nothing else appears to be wrong at the moment, but seeing as the viruses keep showing up I want to be sure. I will attact the HJT log
    Any help would be greatly appreciated seeing as this is my first time removing a major security issue!

    Thanks, Danielle

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Welcome to TechSpot, Danielle. I'll help with the malware.

    We do not use HijackThis to screen for malware and all files must be pasted, not attached.

    Please follow these steps: Preliminary Virus and Malware Removal.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    =================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.

    If I haven't replied back to you within 48 hours, you can send a PM with your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
    Threads are closed after 5 days if there is no reply.
  3. Daniellececile

    Daniellececile Newcomer, in training Topic Starter Posts: 27

    Preliminary Virus Removal - Logs

    Alright, I followed all 5 steps. Here are the logs.



    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.01.07

    Windows XP Service Pack 3 x86 NTFS (Safe Mode)
    Internet Explorer 8.0.6001.18702
    Administrator :: FAMILY [administrator]

    3/2/2012 4:17:04 PM
    mbam-log-2012-03-02 (16-17-04).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 295017
    Time elapsed: 1 hour(s), 22 minute(s), 50 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)





    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-03-03 18:14:54
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3120814A rev.2AAA
    Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pwtdypod.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----




    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Administrator at 18:18:13 on 2012-03-03
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.305 [GMT -5:00]
    .
    AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    svchost.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    svchost.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdnserv.exe
    C:\WINDOWS\system32\lxdncoms.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\Lexmark 2600 Series\ezprint.exe
    C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\AVG\AVG9\avgcmgr.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper
    BHO: {074C1DC5-9320-4A9A-947D-C042949C6216} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
    BHO: {B939CF93-F2CB-443d-956C-DC523D85C9DB} - No File
    BHO: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No File
    BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
    BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - No File
    TB: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No File
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [Sony Ericsson PC Companion] "c:\program files\sony ericsson\sony ericsson pc companion\PCCompanion.exe" /Background
    uRun: [DW7] "c:\program files\the weather channel\the weather channel app\TWCApp.exe"
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
    mRun: [EzPrint] "c:\program files\lexmark 2600 series\ezprint.exe"
    mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
    mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\documents and settings\administrator\start menu\programs\startup\PowerReg Scheduler.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\usb f5d7050\wireless utility\Belkinwcui.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
    DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} - hxxp://games.bigfishgames.com/en_dinerdash2restaura/online/DinerDash2.1.0.0.48.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266073804875
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266073791421
    DPF: {74EF5274-F439-2168-B543-14745B625C72} - hxxp://games.bigfishgames.com/en_wedding-dash-2-rings-around-world-game/online/WeddingDash2Web.1.0.0.11.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://games.bigfishgames.com/en_dinerdash/online/DinerDash.1.0.0.58.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{5827A4FF-0E54-4048-84C5-79DF9A021BCC} : DhcpNameServer = 192.168.2.1
    Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - c:\program files\turbotax 2010\ic2010pp.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, AhjohquSxuwx.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    Hosts: 87.229.126.50 www.google.com
    Hosts: 87.229.126.51 www.bing.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-14 216400]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-14 29712]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-14 243152]
    R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\adobe\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-6 169408]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-17 921952]
    R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-17 308136]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-12-18 189736]
    R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
    R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2010-2-17 98984]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-23 135664]
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
    S3 APL531;Film and Photo Scanner;c:\windows\system32\drivers\OVTX16.sys [2010-5-17 110080]
    S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-2-26 18560]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-12-8 13224]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-23 135664]
    S3 rt2870;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\Drt2870.sys [2011-12-25 829152]
    S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-5-17 155344]
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
    2011-12-30 18:31:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-12-25 13:09:45 48640 ----a-w- c:\windows\system32\ANPD64.SYS
    2011-12-25 13:09:45 34008 ----a-w- c:\windows\system32\ANPD.VXD
    2011-12-25 13:09:45 315392 ----a-w- c:\windows\system32\ANPDApi.dll
    2011-12-25 13:09:45 29411 ----a-w- c:\windows\system32\ANPD.SYS
    2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
    2011-12-08 21:39:22 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
    2011-12-08 21:39:22 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
    2011-12-08 21:39:22 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
    2011-12-05 20:15:30 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-12-05 20:15:30 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-12-05 04:41:24 1409 ----a-w- c:\windows\QTFont.for
    .
    ============= FINISH: 18:20:31.29 ===============






    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/13/2010 9:49:13 AM
    System Uptime: 3/2/2012 7:02:22 PM (23 hours ago)
    .
    Motherboard: Dell Computer Corp. | | 0FG022
    Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | Microprocessor | 2393/800mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 112 GiB total, 57.73 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Asset Services CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Community Help
    Adobe Contribute CS4
    Adobe Creative Suite 4 Web Standard
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Dreamweaver CS4
    Adobe Drive CS4
    Adobe Dynamiclink Support
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Fireworks CS4
    Adobe Flash CS4
    Adobe Flash CS4 Extension - Flash Lite STI en
    Adobe Flash CS4 STI-en
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Fonts All
    Adobe Linguistics CS4
    Adobe Media Encoder CS4
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop Elements 9
    Adobe Reader 9.5.0
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe Version Cue CS4 Server
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Ahead Nero Burning ROM
    AIDA32 v3.40
    AOpen FM56-PX Controllerless PCI Modem
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG Free 9.0
    Belkin Wireless USB Utility
    Big Fish Games: Game Manager
    Bonjour
    Carbonite Online Backup Setup
    CCleaner (remove only)
    Coby Media Manager
    Compatibility Pack for the 2007 Office system
    Connect
    CopyTrans Suite Remove Only
    Elements 9 Organizer
    Elements STI Installer
    Feeding Frenzy
    File Type Assistant
    Final Media Player 2011
    GameHouse Sudoku
    Google Update Helper
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    ImageScanTool x86
    Intel(R) Extreme Graphics 2 Driver
    Intel(R) PRO Network Connections Drivers
    IrfanView (remove only)
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 29
    JumpStart Animal Adventures
    Junk Mail filter update
    jv16 PowerTools 1.3
    kuler
    LAME v3.98.3 for Audacity
    LeapFrog Connect
    LeapFrog Tag Plugin
    Lexmark 2600 Series
    Mah-Jongg 5.1
    Malwarebytes Anti-Malware version 1.60.1.1000
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Office Live Add-in 1.4
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works 6-9 Converter
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_CRT_x86
    MobileMe Control Panel
    MSVCRT
    MSXML 4.0 SP2 (KB973688)
    PDF Settings CS4
    Phonics 2-3
    Photoshop Camera Raw
    Pixel Bender Toolkit
    PowerDVD
    QuickTime
    Reader Rabbit's 2nd Grade
    SCRABBLE
    Seagate Manager Installer
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    Sony Ericsson PC Companion 2.02.002
    Sony Ericsson Update Engine
    Spybot - Search & Destroy
    Suite Shared Configuration CS4
    The Weather Channel App
    TurboTax 2010
    Uninstall Film and Photo Scanner
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB978506)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB978207)
    Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
    WebFldrs XP
    Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/3/2012 6:13:52 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    3/2/2012 4:17:26 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    3/2/2012 4:15:23 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
    3/2/2012 4:15:23 PM, error: Application Popup [877] - There was error [DATABASE OPEN FAILED] processing the driver database.
    3/1/2012 6:27:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    3/1/2012 6:25:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
    3/1/2012 6:25:00 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    3/1/2012 6:25:00 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/1/2012 6:25:00 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/1/2012 6:25:00 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    3/1/2012 6:25:00 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/1/2012 6:25:00 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/1/2012 6:24:49 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    3/1/2012 6:24:16 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/27/2012 3:02:28 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2518864).
    2/27/2012 3:01:58 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.
    2/27/2012 3:01:47 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 3.5 SP1 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 x86 (KB2416473).
    2/27/2012 3:01:39 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Update for Windows Server 2003 and Windows XP x86 (KB982524).
    2/27/2012 3:01:29 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2418241).
    2/27/2012 3:01:20 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 SP1 Update for Windows Server 2003 and Windows XP x86 (KB982168).
    2/27/2012 3:01:09 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2416447).
    2/27/2012 3:00:55 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Security Update for Windows 2000, Windows Server 2003, and Windows XP x86 (KB979909).
    2/26/2012 3:02:06 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2539631).
    .
    ==== End Of File ===========================


    Thanks for the help in advance!
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Hopefully, we can get the system clean before you leave on vacation 3/8.

    I did get a chuckle though> when "mom" put the Limewire Toolbar on the system, not only did 'mom' install a file sharing program, guaranteed to 'share' malware, but 'mom' also let the pre-checked Ask Toolbar install with it!

    Please go to Add/Remove Programs and uninstall any Limewire and Ask entries. Then use Windows Explorer to access Computer> Local Drive(C)> Programs> find the program folder for each of the uninstalled programs and do a right click> Delete.

    You can include HijackThis in the uninstall as it isn't set up correctly. I will have you redo it later.

    I will include any left over entries for removal later.
    ==========================
    I'd like you to run Combofix- but it won't run with AVG. You will need to temporarily uninstall AVG as follows:

    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.

    Temporary AV: Use one:
    Microsoft Security Essentials

    Avast Free Version
    =============================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Before you run the Combofix scan, please disable any security software you have running.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    =================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    =============================
    Please include logs from Combofix and the Eset scan in your next reply.
    =============================
    Edit to add: Main cause of redirection is because your searches are being redirected to a site in Brussels, Belgium. The site IP 87.229.126.50 is known for "misbehaving (engaging in SPAM, brute-force, DOS attack, phishing, or other fraud" We will replace the Hosts files
  5. Daniellececile

    Daniellececile Newcomer, in training Topic Starter Posts: 27

    ComboFix Log - Part 1

    ComboFix 12-03-06.01 - Administrator 03/06/2012 17:58:05.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.460 [GMT -5:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\System
    c:\documents and settings\Administrator\System\win_qs8.jqx
    c:\documents and settings\Administrator\WINDOWS
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\SPL301.tmp
    c:\documents and settings\All Users\SPL3AB.tmp
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\cup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\customer_cup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\heart.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\menu_down.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\menu_up.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\plates.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\ticket.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\tray.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\music\mainmenumusic.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_bring_check_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_diner.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_food_ready_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_gain_heart_1.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_pencil_write_2.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_rollover_1.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_seat_people_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\choosedifficulty.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\credits.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\flo_lose.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\flo_win.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\help1.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\help2.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\highscores.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\levelintro.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\levelintro_mask.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\levelover.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\levelover_mask.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\mainmenu.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\popup.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\popup_mask.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\upgradegrid.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\upgradetitle.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\upsell.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\arrowleft_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\arrowleft_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\arrowright_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\arrowright_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\back_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\back_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\backchalk.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\backchalkup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\backtomenu_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\backtomenu_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\cancel.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\cancelup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\career.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\career_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\close.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\closeup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\continue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\continueover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\credits_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\credits_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\download_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\download_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\easy.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\easy_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\endlessshift.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\endlessshift_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\hard.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\hard_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\help.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\help_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\highscores.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\highscores_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\instructions_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\instructions_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\letsplay.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\letsplayover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\medium.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\medium_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\moreinfo.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\moreinfoup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\off.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\off_on.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\on.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\on_on.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\pause.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\pauseover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\quit.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\quitgame.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\quitgameover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\quitover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\resumegame.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\resumegameover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\submit.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\submitup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\tryagain.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\tryagainover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\upgrade_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\upgrade_up.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewglobal.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewglobalup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewhighscore.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewhighscoreon.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewlocal.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewlocalup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\comics\webcomic.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\career.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\customer.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\endless.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\global.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\powerups.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\cook\cook.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\cook\cook.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\cook\stove.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\arrow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\click.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\click2.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\grab.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\open.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\blue\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\blue\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\blue\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\green\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\green\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\green\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\purple\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\purple\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\purple\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\red\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\red\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\red\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\yellow\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\yellow\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\yellow\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\blue\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\blue\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\blue\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\green\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\green\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\green\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\purple\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\purple\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\purple\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\red\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\red\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\red\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\yellow\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\yellow\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\yellow\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\idle.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\idle.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\lower.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\lower.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\upper.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\upper.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\fonts\arial.mvec
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\fonts\komikaaxis.mvec
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\chair.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\chair.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\dirt2top.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\dirt4top.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\dishcart.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\dishcart.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\drinkstation_off.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\drinkstation_on1.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\drinkstation_on2.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\ticketstation.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\ticketstation.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowdown.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowdownon.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowleft.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowlefton.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowright.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowrighton.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowupon.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\p1icon.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\textedit.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\title.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_1.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_1_a.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_1_b.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_1_c.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2_a.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2_b.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2_c.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2_d.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3_a.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3_b.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3_c.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3_d.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\fifth_level_diner.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\first_level_diner.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\fourth_level_diner.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\second_level_diner.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\playfirst_logo.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\background.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food1.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food1.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food2.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food2.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food3.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food3.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\frames\upgrade_0001.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\tables\2top.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\tables\2top.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\tables\4top.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\tables\4top.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\upgrades.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\tableshadow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\choosedifficulty.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\chooseplayer.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\chooserestaurant.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\credits.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\game.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\gothighscore.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\help.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\help2.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\hiscore.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\hiscoreinfo.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\hiscoresubmit.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\levelintro.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\levelover.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\loading.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\mainloop.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\mainmenu.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\ok.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\pause.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\style.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\tutorialintro.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\upgrade.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\upsell.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\webcomic.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\yesno.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\splash\gamelabsplash.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\splash\playfirst_logo.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\strings.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\angersmoke.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\angersmoke.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\chairflags.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\chairflags.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\check.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\checkmark.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\clock.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\closed.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\closingtime.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\coinflip.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\coinflip.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\dollar.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\doodles\coffee.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\doodles\tables.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\doodles\wallpaper.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\expert.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\expertscore.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\foodpoof.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\foodpoof.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\fork_timer.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\goalcompleted.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\heartgrow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\heartgrow.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\jar.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\jar.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\level.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\level_career.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\score.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\sound.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\staroff.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\staron.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tablenumber.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tablenumberup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\traynumber.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tutorial_character.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tutorialarrow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tutorialbox.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgradeanim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgradeanim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\drinks.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\maitred.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\oven.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\select.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\shoes.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\stereo.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\table.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\dinerdash.exe
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\dirty_dishes.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\foodtray.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\heart1.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\heart2.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\heart3.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\menu_down.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\menu_up.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\mop_prop.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\ticket.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a1.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a2.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a3.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a4.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\mainmenumusic.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\baby_cry.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\chef_cook1.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\closing_time.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\customer_ditch.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\dialog_down.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\dialog_up.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\drink_table.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\expert.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\highchair_deliver.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\highchair_pickup.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\keystroke2.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\level_lose.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\level_win.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\menu_click.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\menu_rollover.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\mop_pickup.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\mop_spill.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_bring_check_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_dropoff_drinks_1.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_food_ready_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_gain_heart_1.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_menu_down.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_pencil_write_2.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_seat_people_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\spill.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\table_drink.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\tip_2.ogg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\flo_lose.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\flo_win.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\fullscreendialog.jpg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\high_score_menu_bg.jpg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\levelintro.jpg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\levelintro.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\levelover.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\longdialog.jpg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\longdialog.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\mainmenu.jpg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\mainmenu_logo.png

    (continued in next reply)
  6. Daniellececile

    Daniellececile Newcomer, in training Topic Starter Posts: 27

    ComboFix Log - Part 2

    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\popup.jpg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\popup.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\textfield.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\upgrade_lines.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowdown_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowdown_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowdown_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowup_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowup_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowup_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_rotated_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_rotated_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\decor_highlight.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\decor_normal.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\decor_selected.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_1.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_2.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_3.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_1.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_2.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_3.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a1.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a2.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a3.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\left_arrow_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\left_arrow_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\left_arrow_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_mask.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_mask.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\map_button_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\map_button_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\map_button_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\right_arrow_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\right_arrow_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\right_arrow_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\upgrade_down.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\upgrade_over.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\upgrade_up.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\welcome_player.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\actionpoints.bin
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\career.bin
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\customer.bin
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\endless.bin
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\global.bin
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\powerups.bin
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cook\stove.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\arrow.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\click.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\click2.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\grab.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\open.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\anim.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\anim.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\blue.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\blue_legs.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\legs.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\red.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\red_legs.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\anim.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\anim.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\blue.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\blue_legs.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\legs.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\red.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\red_legs.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\anim.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\anim.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\baby.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\baby.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\blue.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\blue_baby.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\blue_legs.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\legs.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\red.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\red_baby.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\red_legs.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\anim.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\anim.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\blue.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\blue_legs.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\legs.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\red.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\red_legs.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\idle.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\idle.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\lower.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\lower.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\upper.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\upper.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\fonts\mercurius.mvec
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\bench.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\bench.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\blue_highchairbaby.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\chair.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\chair.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dirt2top.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dirt4top.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dishcart.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dishcart.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\green_highchairbaby.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchair_prop_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchair_prop_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchairbaby.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchairbaby.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\luxury_bench.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\luxury_bench.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\mop_station_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\mop_station_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\mop_station_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\podium.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\podium_heart.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\podium_heart.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\purple_highchairbaby.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\radio.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\red_highchairbaby.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\spill.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\spill.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\stereo.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\ticketstation.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\ticketstation.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\yellow_highchairbaby.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\family.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help_dividerline.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_colormatch1.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_colormatch2.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_noise.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_score.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_cleardishes.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_givecheck.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_pickupfood.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_servefood.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_takeorder.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\hiscore\local-hs-bb.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\hiscore\p1icon.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_1.bin
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_2.bin
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_3.bin
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_4.bin
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_5.bin
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_6.bin
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1.bin
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_a.bin
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_b.bin
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_c.bin
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\playfirstlogo.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\background.jpg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\blue.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\green.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\green.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\grey.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\red.pal
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\cup1.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\food.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\food.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\frames\2_0.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\frames\2_1.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\people\cook.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\people\cook.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\props\cup_prop1.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\2top.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\2top.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\4top.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\4top.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrades.xml
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\tableshadow.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\careerupgrade.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\choosedifficulty.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\closeconfirm.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\entername.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\game.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\getmoregames.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\help1.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\help2.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\hiscore.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\hiscoreinfo.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\hiscoresubmit.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\levelintro.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\levelover.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\loading.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\mainloop.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\mainmenu.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\ok.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\pause.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\style.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\upgrade.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\upsell.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\yesno.lua
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\splash\aol_logo.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\splash\playfirst_logo.jpg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\strings.xml
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\angersmoke.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\angersmoke.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\bubbles\request_bubble.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\bubbles\request_mop.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\bubbles\request_rejectmeal.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\chairflags.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\chairflags.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\check.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\checkmark.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\closed.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\coinflip.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\coinflip.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\decor_lines.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\dollar.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\expert.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\foodpoof.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\foodpoof.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\heartgrow.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\heartgrow.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\jar.anm
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\jar.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\lives_icon.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\noisering.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_d.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_e.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_f.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tablenumber_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tablenumber_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\traynumber.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tutorialarrow.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tutorialbox.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_base.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_hand.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_timer_off.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_timer_on.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgradeanim.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_a.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_b.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_c.png
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd1.jpg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd2.jpg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd3.jpg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd4.jpg
    c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\dinerdash2.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-06 to 2012-03-06 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-01 23:49 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-28 04:08 . 2012-02-28 04:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Fenomen Games
    2012-02-28 02:06 . 2012-02-28 05:05 -------- d-----w- c:\program files\Lost Souls - Enchanted Paintings Collector's Edition
    2012-02-25 04:11 . 2012-02-25 04:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Boomzap
    2012-02-23 01:05 . 2012-02-23 01:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Alawar Entertainment
    2012-02-19 00:02 . 2012-02-19 00:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\tabagames
    2012-02-18 14:59 . 2012-02-18 15:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\Bigfish 3 Days Zoo Mystery
    2012-02-15 17:37 . 2012-02-15 17:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Vast Studios
    2012-02-15 04:20 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
    2012-02-15 04:20 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
    2012-02-12 18:55 . 2012-02-12 18:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Peace Craft
    2012-02-12 15:01 . 2012-02-12 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Maximize Games
    2012-02-12 15:01 . 2012-02-12 15:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Maximize Games
    2012-02-12 05:25 . 2012-02-12 05:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\Realore_Whiterra Roads Of Rome 3
    2012-02-11 23:44 . 2012-02-11 23:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\PeaceCraft3
    2012-02-11 22:06 . 2012-02-11 22:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\Islands2
    2012-02-11 04:27 . 2012-02-11 04:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Islands3
    2012-02-09 04:14 . 2012-02-09 04:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Amaranth Games
    2012-02-08 13:08 . 2012-02-08 13:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\EleFun Games
    2012-02-05 23:39 . 2012-02-05 23:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Big Fish Games
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-12 16:53 . 2009-04-14 23:26 1859968 ----a-w- c:\windows\system32\win32k.sys
    2011-12-30 18:31 . 2011-12-30 18:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-12-25 13:31 . 2011-12-25 13:31 0 ---ha-w- c:\documents and settings\Administrator\Local Settings\Application Data\BITA.tmp
    2011-12-25 13:09 . 2011-12-25 13:09 48640 ----a-w- c:\windows\system32\ANPD64.SYS
    2011-12-25 13:09 . 2011-12-25 13:09 34008 ----a-w- c:\windows\system32\ANPD.VXD
    2011-12-25 13:09 . 2011-12-25 13:09 315392 ----a-w- c:\windows\system32\ANPDApi.dll
    2011-12-25 13:09 . 2011-12-25 13:09 29411 ----a-w- c:\windows\system32\ANPD.SYS
    2011-12-17 19:46 . 2009-04-14 23:27 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-12-17 19:46 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-12-17 19:46 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-12-16 12:22 . 2009-04-14 23:27 385024 ----a-w- c:\windows\system32\html.iec
    2011-12-08 21:39 . 2011-12-08 21:39 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
    2011-12-08 21:39 . 2011-12-08 21:39 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
    2011-12-08 21:39 . 2011-12-08 21:39 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-10-21 433872]
    "DW7"="c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe" [2011-12-12 10448384]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2008-03-27 660136]
    "EzPrint"="c:\program files\Lexmark 2600 Series\ezprint.exe" [2008-03-27 107176]
    "CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
    "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-12-18 197928]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
    "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
    .
    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    PowerReg Scheduler.exe [2011-4-24 256000]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 1404928]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, AhjohquSxuwx.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-02 15:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2012-01-04 03:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2006-04-01 12:30 77824 ----a-r- c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    2006-04-01 12:30 77824 ----a-r- c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    2006-04-01 12:30 114688 ----a-r- c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    2006-04-01 12:30 94208 ----a-r- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    2001-07-09 07:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2006-04-01 12:30 114688 ----a-r- c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    2006-04-01 12:30 1404928 -c--a-r- c:\program files\Analog Devices\Core\smax4pnp.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
    "51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
    "51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
    .
    R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [9/6/2010 2:19 AM 169408]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [12/18/2009 10:25 AM 189736]
    R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
    R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2/17/2010 6:25 PM 98984]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/23/2010 8:23 AM 135664]
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016]
    S3 APL531;Film and Photo Scanner;c:\windows\system32\drivers\OVTX16.sys [5/17/2010 4:26 PM 110080]
    S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2/26/2008 7:33 PM 18560]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [12/8/2011 4:39 PM 13224]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/23/2010 8:23 AM 135664]
    S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [5/17/2011 4:55 PM 155344]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-06 c:\windows\Tasks\AdobeAAMUpdater-1.0-CHANGEME-Administrator.job
    - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-29 06:25]
    .
    2012-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
    .
    2012-03-06 c:\windows\Tasks\Final Media Player Update Checker.job
    - c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-09-04 19:24]
    .
    2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 13:23]
    .
    2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 13:23]
    .
    2012-03-06 c:\windows\Tasks\User_Feed_Synchronization-{34E372F3-1BB6-4F73-886E-7EDCF05386F1}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.kwic.com/
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.2.1
    DPF: {74EF5274-F439-2168-B543-14745B625C72}
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6}
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - (no file)
    BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
    Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
    Toolbar-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - (no file)
    Toolbar-10 - (no file)
    Toolbar-Locked - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
    Notify-avgrsstarter - (no file)
    AddRemove-Film and Photo Scanner - c:\windows\omniuns.exe USB\VID_05A9&PID_35E3 Film and Photo Scanner
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-03-06 18:05
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1614895754-602162358-527237240-500\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (Administrator)
    "{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}"=hex:51,66,7a,6c,4c,1d,3b,1b,e7,50,c2,
    da,8b,51,05,0a,92,c7,ac,7b,09,cc,42,11
    "{B939CF93-F2CB-443D-956C-DC523D85C9DB}"=hex:51,66,7a,6c,4c,1d,3b,1b,83,d0,2d,
    a1,f8,a9,5b,0c,8e,62,9a,12,3b,c6,8e,c6
    .
    [HKEY_USERS\S-1-5-21-1614895754-602162358-527237240-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1e,a4,69,93,4c,e7,fa,45,8b,76,ab,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ba,92,de,67,ca,4c,0a,4e,98,95,c2,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1e,a4,69,93,4c,e7,fa,45,8b,76,ab,\
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1e,a4,69,93,4c,e7,fa,45,8b,76,ab,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1e,a4,69,93,4c,e7,fa,45,8b,76,ab,\
    .
    Completion time: 2012-03-06 18:07:39
    ComboFix-quarantined-files.txt 2012-03-06 23:07
    .
    Pre-Run: 62,202,130,432 bytes free
    Post-Run: 62,357,004,288 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [Boot Loader]
    Timeout=2
    Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [Operating Systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="XXCLONE: (Cloned Volume) [d:0,p:1] \WINDOWS" /fastdetect /NoExecute=OptIn
    .
    - - End Of File - - 0E16785CAF5AB4E82791D34FBFD871DC
  7. Daniellececile

    Daniellececile Newcomer, in training Topic Starter Posts: 27

    Other

    I suppose it isn't just my mom's computer, it's the family computer. I don't use it anymore because I bought myself a laptop, but there are 5 people who use it.

    The ESETOnline Scan didn't find anything.

    Thanks, Danielle
  8. Daniellececile

    Daniellececile Newcomer, in training Topic Starter Posts: 27

    I'm leaving for vacation in about half an hour, so I guess this computer will have to wait until I get back. I'll be back in about two weeks, will you be able to help me finish then? Thanks for your help so far :)

    - Danielle
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Have a nice vacation!

    I'll close the thread for now. When you get back, send me a PM with the URL of the thread and I'll reopen it. There are still some things to do.
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Thread opened per member.

    Please give me an update or how the system is doing.

    With 5 people using this system, we need current logs. Let's start with this:

    Update and rescan with Malwarebytes: Note: On the Scanner tab, make sure the the Perform Full Scan option is selected and then click on the Scan button.
    When scan has finished, you will see this image:
    [​IMG]
    • Click on OK to close box and continue.
    • Click on the Show Results button.
    • Click on the Remove Selected button to remove all the listed malware.
    • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.

    If Mbam won't let you update and do the Full Scan, please uninstall it, then reinstall and run the full scan,
    =================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ===================================
    First, set up a Directory for HijackThis as follows:
    Right click Taskbar> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
    Exit Explorer
    You now have a folder C:\HijackThis
    -----------------------------------------
    Download HijackThis and save to your desktop.
    • Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
    • Extract it to the directory on your hard drive you created C:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
  11. Daniellececile

    Daniellececile Newcomer, in training Topic Starter Posts: 27

    Malwarebyte scan is running.

    One quick question, the windows update icon keeps coming up in the system tray (over the past few weeks) and informing me that there are 9 updates to install, but the installation always fails. Any ideas?
     
  12. Daniellececile

    Daniellececile Newcomer, in training Topic Starter Posts: 27

    Spybot, Malwarebytes and AVG both come up with clean scans and I just tried using AVG secure search (powered by google) and it worked fine. Before when my mom tried using google everything went downhill again. The system seems to be running well and I can't see any obvious problems.

    Here is the Malwarebytes log, others to come.
    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.27.06

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Administrator :: FAMILY [administrator]

    3/27/2012 5:02:37 PM
    mbam-log-2012-03-27 (17-02-37).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 303808
    Time elapsed: 1 hour(s), 21 minute(s), 22 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  13. Daniellececile

    Daniellececile Newcomer, in training Topic Starter Posts: 27

    The ESET Online Scan didn't come up with anything.

    Here is the HJT log

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:35:29 PM, on 3/27/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Lexmark 2600 Series\ezprint.exe
    C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdnserv.exe
    C:\WINDOWS\system32\lxdncoms.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kwic.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {074C1DC5-9320-4A9A-947D-C042949C6216} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
    O2 - BHO: (no name) - {B939CF93-F2CB-443d-956C-DC523D85C9DB} - (no file)
    O2 - BHO: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - (no file)
    O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
    O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - (no file)
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2600 Series\ezprint.exe"
    O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
    O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
    O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Sony Ericsson PC Companion] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
    O4 - HKCU\..\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
    O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) -
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266073804875
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266073791421
    O16 - DPF: {74EF5274-F439-2168-B543-14745B625C72} (CPlayFirstWeddingDasControl Object) -
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} (Java Plug-in 1.6.0_21) -
    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) -
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
    O18 - Protocol: intu-qt2009 - {03947252-2355-4E9B-B446-8CCC75C43370} - (no file)
    O18 - Protocol: intu-tt2010 - {97A0575E-2309-4E75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
    O20 - Winlogon Notify: avgrsstarter - Invalid registry found
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
    O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
    O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe
    O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
    O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe

    --
    End of file - 11946 bytes
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Okay, there are several Adobe processes related to Creative Suite starting on boot and Services set to Automatic. Please make note of the Adobe processes below preceded by 04 and Adobe Services preceded by 023 for change following HJT:

    Please reopen HijackThis to 'do system scan only'. Check each of the following if present:

    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {074C1DC5-9320-4A9A-947D-C042949C6216} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
    O2 - BHO: (no name) - {B939CF93-F2CB-443d-956C-DC523D85C9DB} - (no file)
    O2 - BHO: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - (no file)
    O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
    O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    O3 - Toolbar: (no name) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - (no file)
    O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} (Java Plug-in 1.6.0_21) -
    O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
    O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe


    Close all Windows except HijackThis and click on "Fix All."
    ====================================
    Go to Start> Run> type in services.msc> Enter> Double click on each of the following Services> Set Startup Type to Manual> Stop the Service:(023 in HJT)
    (Adobe) Version Cue CS4
    Adobe Active File Monitor V9
    --------
    Go to Start> Run> type in msconfig> enter> Selective Startup> Startup tab> uncheck the Adobe processes above preceeded by 04.>
    1. Startup Item (XP): UpdaterStartupUtility
      [o] Command: "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    2. Startup Item (XP): Reader_sl
      [o] Command: "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    3. Startup Item (XP): AdobeARM
      [o] Command: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    4. Startup Item (XP): CS4ServiceManager
      [o] Command: "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    5. Startup item: XP: VERSIO~2.EXE
    When finished> Click on Apply> OK
    Courtesy pacs-portal

    Reboot the computer: Note: the first time you reboot after changes using msconfig, you will get a nag message that can ifnjored and closed after checking 'don't show this message again. Stay in Selective Startup. Programs can be accessed when needed through All Programs.

    Just a comment: the Start page is set to http://www.kwic.com/. This appears to be the page for the ISP, Kwic Internet.If the family members want to change their Startpage, they can go to any page> then cick on Tools> Internet Options for IE/Options for Firefox> On General tab> Homepage section> click on Use Current> Apply> OK
    ========================================
    Please update the following:
    Note: Check each download screen for any pre-checked Toolbars or BHOs. Uncheck them before the download.
    Adobe Reader > Current is vX(10.xx)> Adobe Reader Update
    Java(TM) 6 > Current is v6u30> Java Updates .
    Uninstall any earlier versions in of both as they are vulnerabilities for the system.
  15. Daniellececile

    Daniellececile Newcomer, in training Topic Starter Posts: 27

    Alright, I'm done that now. Also, we put www.kwic.com as the homepage temporarily since search engines were causing problems. I'll switch it once everything's fixed up here

    Thanks
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    The 'Kwic' comment was just meant as an FYI for the 5 users. There are many users who don't realize the Start page can be changed.

    Last scan: please update Eset and run one more scan- since there are multiple users, we need to repeat that. If it is clean and there are no new problems, we'll finish up and I'll have you remove the cleaning tools
  17. Daniellececile

    Daniellececile Newcomer, in training Topic Starter Posts: 27

    That scan didn't find anything.
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Okay, good. the system is clean.

    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    -----
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    ------------------------------------------
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin
     
  19. Daniellececile

    Daniellececile Newcomer, in training Topic Starter Posts: 27

    Alright, that went fine. When I removed the combofix it came up in AVG as a trojan/backdoor which was a little concerning.. but AVG moved it to the vault and I did a scan and nothing was found. Other than that, everything was fine.
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    So when you uninstalled Combofix, AVG called it a Trojan? It wasn't- Don't worry about it- it was NOT a Trojan! AVG misleads occasionally.

    So we're all set now?
  21. Daniellececile

    Daniellececile Newcomer, in training Topic Starter Posts: 27

    Alright, just making sure =P

    And yup, looks like everything's good.

    Thank you so much!! =)
  22. Daniellececile

    Daniellececile Newcomer, in training Topic Starter Posts: 27

    Looks like it! Thank you so much for all your help! =)
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Danielle, if you're still around.......................I went over the Combofix log that you ran early on. A large number of game-related processes were removed and there are suggestions I'd like to make.

    If possible, I'd like to have you download and run Combofix again. And then run SuperAntispyware. Unless they get some more protection on the system, with the same games, they are going to fill up with bad entries again.>>>>>

    1. Run Combofix. I'll check the new log and writer some script to remove some entries if still there.
    2. Run SuperAntispyware. Be sure to check for the removal of everything found.
    [​IMG]
    SuperAntiSpyware Home Edition Free Version
    • Please download SuperAntiSpyware from HERE
    • Launch SuperAntiSpyware and click on 'Check for updates'.
    • Wait for the updates to be installed
    • On the main screen click on 'Scan your computer'.
    • Check: 'Perform Complete Scan then Click 'Next' to start the scan.
    • Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
    • Make sure everything found has a checkmark next to it,then press 'Next'.
    • Click on 'Finish' when you've done.
    It's possible that the program will ask you to reboot in order to delete some files.

    Obtain the SuperAntiSpyware log as follows:
    • Click on 'Preferences'.
    • Click on the 'Statistics/Logs' tab.
    • Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
    It will then open in your default text editor,such as Notepad. Paste the notepad file here on your reply
    ====================================
    There will most likely be a gazillion Tracking Cookie. I can have them rest the Cookies to give protection from the tracking.
    ===================================
    I'll check the 2 logs for recurrence of adware. There was also a browser hijack to a site in Budpest, Hungary.
    ==================================
    3. I would also suggest they remove the AVG Stie Advisor and put World of Trust (WOT) on instead. AVG is not doing a good job.
    (A good site advisor wouldn't even have loaded the Fenomen Games home site)
    WOT:Site Advisor for home sites of Fenomen Games:
    Caution for Vendor Reliability and Truthfulness
    Red for Privacy and Child Safety

    4. Strongly recommend the following:
    Uninstall DinnerDash, BigFish, PlayFirst, Fenomen Games:

    After uninstall, use Windows explorer to access Computer> Local Drive(C)> Programs> find program folder for each of the uninstalled programs> do a right click> Delete on each.
  24. Daniellececile

    Daniellececile Newcomer, in training Topic Starter Posts: 27

    Combofix Log

    ComboFix 12-04-10.02 - Administrator 04/10/2012 19:34:20.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.608 [GMT -4:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\windows\system32\Cache
    c:\windows\system32\Cache\272512937d9e61a4.fb
    c:\windows\system32\Cache\287204568329e189.fb
    c:\windows\system32\Cache\28bc8f716fd76a47.fb
    c:\windows\system32\Cache\2c53092c95605355.fb
    c:\windows\system32\Cache\3917078cb68ec657.fb
    c:\windows\system32\Cache\590ba23ce359fd0c.fb
    c:\windows\system32\Cache\610289e025a3ee9a.fb
    c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
    c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
    c:\windows\system32\Cache\82e7950953ff861b.fb
    c:\windows\system32\Cache\a8556537add6dfc5.fb
    c:\windows\system32\Cache\ad10a52aff5e038d.fb
    c:\windows\system32\Cache\c4d28dca2e7648be.fb
    c:\windows\system32\Cache\d201ef9910cd39de.fb
    c:\windows\system32\Cache\d2e94710a5708128.fb
    c:\windows\system32\Cache\d79b9dfe81484ec4.fb
    c:\windows\system32\Cache\e0de16f883bea794.fb
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-10 to 2012-04-10 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-09 17:27 . 2012-04-09 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG
    2012-04-09 17:23 . 2012-04-09 17:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG
    2012-04-02 18:18 . 2012-04-02 19:19 -------- d-----w- c:\program files\TurboTax 2011
    2012-03-31 15:39 . 2012-03-31 15:39 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2012-03-29 23:36 . 2012-03-29 23:36 -------- d-----w- c:\program files\iPod
    2012-03-29 23:36 . 2012-03-29 23:38 -------- d-----w- c:\program files\iTunes
    2012-03-28 21:32 . 2012-03-28 21:32 -------- d-----w- c:\program files\Common Files\Java
    2012-03-28 21:31 . 2012-03-28 21:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-03-28 01:25 . 2012-03-28 20:37 -------- d-----w- C:\HijackThis
    2012-03-27 20:56 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-28 21:31 . 2010-08-27 17:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-02-15 15:01 . 2011-12-25 18:57 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
    2012-02-15 15:01 . 2011-12-25 18:57 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2012-02-03 09:22 . 2009-04-14 23:26 1860096 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-03-31 15:39 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-31 1869152]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2008-03-27 660136]
    "EzPrint"="c:\program files\Lexmark 2600 Series\ezprint.exe" [2008-03-27 107176]
    "CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
    "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
    "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-31 982880]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    .
    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    PowerReg Scheduler.exe [2011-4-24 256000]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, AhjohquSxuwx.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2006-04-01 12:30 77824 ----a-r- c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    2006-04-01 12:30 77824 ----a-r- c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    2006-04-01 12:30 114688 ----a-r- c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    2006-04-01 12:30 94208 ----a-r- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    2001-07-09 07:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2006-04-01 12:30 114688 ----a-r- c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    2006-04-01 12:30 1404928 -c--a-r- c:\program files\Analog Devices\Core\smax4pnp.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
    "51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
    "51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
    .
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [12/18/2009 11:25 AM 189736]
    R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
    R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2/17/2010 7:25 PM 98984]
    R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [3/31/2012 11:39 AM 918880]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 6:46 AM 284016]
    S3 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [9/6/2010 3:19 AM 169408]
    S3 APL531;Film and Photo Scanner;c:\windows\system32\drivers\OVTX16.sys [5/17/2010 5:26 PM 110080]
    S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2/26/2008 8:33 PM 18560]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [12/8/2011 5:39 PM 13224]
    S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [5/17/2011 5:55 PM 155344]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-10 c:\windows\Tasks\AdobeAAMUpdater-1.0-CHANGEME-Administrator.job
    - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-29 06:25]
    .
    2012-04-10 c:\windows\Tasks\AdobeAAMUpdater-1.0-FAMILY-Administrator.job
    - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-29 06:25]
    .
    2012-04-05 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
    .
    2012-04-10 c:\windows\Tasks\Final Media Player Update Checker.job
    - c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-09-04 19:24]
    .
    2012-04-10 c:\windows\Tasks\User_Feed_Synchronization-{34E372F3-1BB6-4F73-886E-7EDCF05386F1}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.kwic.com/
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.2.1
    Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files\TurboTax 2011\ic2011pp.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
    DPF: {74EF5274-F439-2168-B543-14745B625C72}
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6}
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - (no file)
    BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    Notify-avgrsstarter - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-04-10 19:41
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1614895754-602162358-527237240-500\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (Administrator)
    "{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}"=hex:51,66,7a,6c,4c,1d,3b,1b,e7,50,c2,
    da,8b,51,05,0a,92,c7,ac,7b,09,cc,42,11
    "{B939CF93-F2CB-443D-956C-DC523D85C9DB}"=hex:51,66,7a,6c,4c,1d,3b,1b,83,d0,2d,
    a1,f8,a9,5b,0c,8e,62,9a,12,3b,c6,8e,c6
    .
    [HKEY_USERS\S-1-5-21-1614895754-602162358-527237240-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1e,a4,69,93,4c,e7,fa,45,8b,76,ab,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1e,a4,69,93,4c,e7,fa,45,8b,76,ab,\
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1e,a4,69,93,4c,e7,fa,45,8b,76,ab,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1e,a4,69,93,4c,e7,fa,45,8b,76,ab,\
    .
    Completion time: 2012-04-10 19:43:22
    ComboFix-quarantined-files.txt 2012-04-10 23:43
    .
    Pre-Run: 53,823,324,160 bytes free
    Post-Run: 53,834,420,224 bytes free
    .
    - - End Of File - - BFD70B795152066EA34E94CF3B9B57C6
  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Still not clean. Are you going to run SuperantiSpyware?
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.