Solved Help with malware

[Marcus CS]

I did not post the files infected for the Malwarebytes because there was just too many, but if you really need them I will. Thank you ahead of time.

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5350

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12/18/2010 2:46:07 PM
mbam-log-2010-12-18 (14-46-07).txt

Scan type: Quick scan
Objects scanned: 200808
Time elapsed: 8 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 67
Files Infected: 2620

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-18 15:36:31
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 Maxtor_6B200M0 rev.BANC1B10
Running: 1lq0zxh5.exe; Driver: C:\DOCUME~1\HP_OWN~3.SEV\LOCALS~1\Temp\uwldypog.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA93FFB0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

DDS (Ver_10-12-12.02) - NTFSx86
Run by HP_Owner at 15:49:39.53 on Sat 12/18/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2551.1932 [GMT -4:00]

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================================================

I did not post the files infected for the Malwarebytes because there was just too many, but if you really need them I will

Yes, we need a whole log.

DDS.txt log is incomplete and Attach.txt log is missing.

 

[Marcus CS]

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5350

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12/18/2010 2:46:07 PM
mbam-log-2010-12-18 (14-46-07).txt

Scan type: Quick scan
Objects scanned: 200808
Time elapsed: 8 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 67
Files Infected: 2620

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\hp_owner.sevillahome\application data\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\funwebproducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\funwebproducts\Data\HP_Owner (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Owner\application data\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Owner\application data\funwebproducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Owner\application data\funwebproducts\Data\HP_Owner (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Owner\application data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\Logs (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420 (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-19 12-16-080 (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\Results (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Owner\application data\shoppingreport (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Owner\application data\shoppingreport\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\Sukoku (PUP.Zwangi) -> Not selected for removal.
c:\documents and settings\HP_Owner\application data\Twain (Trojan.Matcash) -> Quarantined and deleted successfully.
c:\program files\common files\winantispyware 2007 free (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
c:\program files\AV9 (Rogue.AntiVirus2009) -> Quarantined and deleted successfully.
c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\PopSwatr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\PopSwatr\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.7.1.4630 (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.7.1.4630\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.7.1.4630\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.7.1.4630\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.7.1.4630\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.7.1.4630\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.6.0.940 (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.6.0.940\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.6.0.940\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.6.0.940\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.6.0.940\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.6.0.940\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\Mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
c:\program files\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\SrchAstt\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\SrchAstt\6.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\p2pmax (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\ppcbooster (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\Sukoku (PUP.Zwangi) -> Not selected for removal.
c:\program files\system search dispatcher (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\system search dispatcher\1.4.1.1010 (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\system search dispatcher\1.4.1.1010\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\video ax object (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\program files\videoaccesscodec (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\VnrBlock (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\winbudget (Adware.Admedia) -> Quarantined and deleted successfully.
c:\program files\winbudget\bin (Adware.Admedia) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\DoubleD\gamingharbor toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630 (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\media access startup (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\media access startup\1.6.0.940 (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\WINDOWS\tmpie (Backdoor.Bot) -> Quarantined and deleted successfully.

 

[Marcus CS]

Files Infected:
c:\documents and settings\HP_Owner\start menu\Programs\Startup\ppcb_32.lnk (Rogue.Link) -> Quarantined and deleted successfully.
c:\WINDOWS\rs.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\regtool scan.job (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\funwebproducts\Data\HP_Owner\avatar.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\funwebproducts\Data\HP_Owner\zbucks.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Owner\application data\funwebproducts\Data\HP_Owner\avatar.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Owner\application data\funwebproducts\Data\HP_Owner\register.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\HP_Owner\application data\funwebproducts\Data\HP_Owner\wffavs.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\Logs\2009-04-17 23-15-530.log (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\Logs\2009-04-17 23-39-250.log (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\Logs\2009-04-18 19-09-130.log (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\Logs\2009-04-19 12-07-150.log (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-0.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-1.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-10.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-100.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-101.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-102.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-103.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-104.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-105.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-106.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-107.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-108.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-109.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-11.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-110.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-111.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-112.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-113.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-26.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-27.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-28.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-29.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-3.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-30.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-31.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-32.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-33.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-34.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-35.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-36.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-37.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-38.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-39.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-4.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-40.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-41.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-42.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-44.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-45.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-46.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-47.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-48.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-49.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-5.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-50.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-51.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-52.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-53.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-54.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-55.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-56.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-57.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-58.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-59.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-6.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-60.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-62.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-63.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-64.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-65.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-66.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-67.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-68.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-69.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-7.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-70.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-71.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-72.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-73.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-74.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-75.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-76.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-77.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-78.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-79.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-80.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-81.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-82.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-83.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-84.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-85.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-86.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-87.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-88.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-89.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-9.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-90.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-91.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-92.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-93.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-94.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-95.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-96.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-97.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-98.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-99.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-114.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-132.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-150.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-169.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-187.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-204.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-222.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-25.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-43.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-61.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-8.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-115.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-116.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-117.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-118.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-119.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-12.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-120.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-121.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-122.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-123.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-124.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-125.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-126.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-127.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-128.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-129.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-13.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-130.db (Rogue.RegTool) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\application data\RegTool\quarantinew\2009-04-17 23-27-420\regb-131.db (Rogue.RegTool) -> Quarantined and deleted successfully.

 

[Marcus CS]

I putting The log in attachments because it is too long

 

[Marcus CS]

c:\program files\media access startup\1.6.0.940\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.6.0.940\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.6.0.940\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.6.0.940\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.6.0.940\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.6.0.940\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.6.0.940\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.6.0.940\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.6.0.940\FF\components\hpffaddon.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.6.0.940\FF\components\hpffhelpercomponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\setting2.htm.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\settings.dat.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\SrchAstt\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\p2pmax\p2pmaxu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\ppcbooster\ppcbu_32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\Sukoku\uninstall.exe (PUP.Zwangi) -> Not selected for removal.
c:\program files\system search dispatcher\1.4.1.1010\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\system search dispatcher\1.4.1.1010\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\system search dispatcher\1.4.1.1010\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\system search dispatcher\1.4.1.1010\Data\urldynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\system search dispatcher\1.4.1.1010\Data\urlstatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\video ax object\uninst.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\program files\videoaccesscodec\install.ico (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\VnrBlock\xtarga.gz (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\ipdata.md (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090905-141308.296.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090905-143222.250.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090905-145120.453.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090905-152134.968.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090905-161159.109.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090905-162031.796.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090905-180057.843.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090905-183013.765.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090905-195858.250.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090907-111346.046.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090907-113037.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090907-113133.312.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090907-113204.015.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090907-114609.281.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090908-100155.750.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090908-100724.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090908-112251.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090908-115108.000.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090908-181923.565.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090908-182138.455.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090908-183057.377.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090908-190007.299.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090909-114319.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090909-115334.734.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090909-122758.343.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090909-134927.625.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090909-142049.140.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090909-210723.796.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090909-214234.437.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090909-222320.875.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090909-222412.578.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090909-223129.984.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090909-231235.140.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090909-232749.953.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090909-233804.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090909-235002.625.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090910-113859.218.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090910-113926.281.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090911-201313.968.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090911-212142.593.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090911-212206.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090912-193736.468.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090915-100815.468.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090915-101952.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090915-103638.546.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090915-104350.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090915-114048.281.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090915-170804.687.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090915-170841.546.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090915-171039.968.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090915-175526.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090915-180545.625.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090916-090057.070.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090916-090304.476.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090916-194548.171.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090916-194607.421.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090917-095432.796.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090917-095513.125.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090917-154841.953.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090918-090538.656.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090918-093331.968.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090918-095027.171.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090918-095228.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090918-095918.171.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090918-194050.250.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090918-194117.734.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090918-195647.406.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090918-200448.750.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090918-201624.640.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090918-202341.984.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090919-131851.890.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090919-133707.234.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090919-133818.921.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090919-134111.671.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090919-134222.906.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090919-134246.187.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090919-140117.781.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090919-140733.656.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090919-140745.921.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090919-140910.796.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090919-143637.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090919-144516.828.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090919-144629.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090919-144738.750.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090919-153648.921.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090919-154027.687.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090921-112432.265.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090921-113003.500.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090921-214716.656.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090921-222640.859.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090921-222907.781.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090922-091836.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090922-091941.125.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090922-142449.781.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090922-142805.687.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090922-142843.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090922-142849.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090922-162449.250.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090923-081631.890.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090923-082519.953.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090923-084922.734.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090923-093327.453.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090923-093448.968.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090923-100624.953.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090923-113001.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090923-113529.921.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090923-114147.640.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090923-114241.500.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090923-160010.109.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090923-160104.953.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090923-201652.105.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090923-202704.105.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090923-202721.839.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090923-204529.245.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090923-205311.527.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090923-213213.421.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090925-191122.234.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090925-191841.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090925-193802.296.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090926-110821.921.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090926-111155.234.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090926-111212.875.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090926-111854.781.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090926-112113.671.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090926-112217.500.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090926-112752.500.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090928-085903.062.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090928-085922.921.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090928-093020.687.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090928-203729.281.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090928-210831.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090928-211440.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090928-214342.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090928-214347.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090929-092623.625.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090929-092647.828.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20090929-140953.343.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20091001-101153.371.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20091001-104300.875.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20091001-184039.218.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20091002-122005.687.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20091002-122620.359.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20091002-134356.484.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20091002-134436.140.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20091002-135146.734.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20091002-135146.765.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20091002-135321.687.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20091002-210916.093.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20091002-211040.515.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20091002-211056.906.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20091002-211129.062.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20091002-211147.343.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20091002-212742.187.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20091002-213134.171.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20091003-112248.625.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20091003-112722.187.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\hp_owner.sevillahome\local settings\application data\internet saving optimizer\3.7.1.4630\np_20091003-131723.640.log (Adware.DoubleD) -> Quarantined and deleted successfully.

 

[Marcus CS]

Look Towards the bottom for attachments

 

[Marcus CS]

Sorry if I spamed the wall ahead of time. I'm going to put it as an attachment or something like that

 

[Marcus CS]

I'm not sure if that worked, but if you can give me an easier way to post a big *** file I'll do it

View attachment Malware 1.txt

View attachment Malware 2.txt

View attachment Malware 3.txt

 

[Broni]

You did fine
No attachments, please.

 

[Broni]

Upload MBAM file(s) here: http://www.filedropper.com/
Post download link (copy URL: link):

 

[Marcus CS]

This is MBAM and DDS I forgot before. Also should I upload or post the attach.txt log
MBAM http://www.filedropper.com/mbam

DDS (Ver_10-12-12.02) - NTFSx86
Run by HP_Owner at 15:49:39.53 on Sat 12/18/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2551.1932 [GMT -4:00]

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\HP_Owner.SEVILLA\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/?ilc=1
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll
BHO: Shop to Win 9: {0095c290-a428-4bdd-b98c-e0a116f1c702} - c:\program files\shop to win 9\ShoppingBHO.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: PriceGongBHO Class: {1631550f-191d-4826-b069-d9439253d926} - c:\program files\pricegong\2.1.0\PriceGongIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
StartupFolder: c:\docume~1\hp_own~3.sev\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0a\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autode~1.lnk - c:\program files\iconcepts music express\MEAutoDetect.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\spysub~1.lnk - c:\program files\intermute\spysubtract\sslaunch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\309731\program\Updates from HP.exe
IE: Add To HP Organize... - c:\progra~1\hewlet~1\hporga~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {0ECC7E3F-0561-49F6-91DD-645E548FFE70} = 167.206.245.130,167.206.245.129
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxsrvc.dll
SEH: {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_own~3.sev\applic~1\mozilla\firefox\profiles\7jew4l4q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\hp_owner.sevilla\application data\mozilla\firefox\profiles\7jew4l4q.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\hp_owner.sevilla\application data\mozilla\firefox\profiles\7jew4l4q.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\hp_owner.sevilla\application data\mozilla\firefox\profiles\7jew4l4q.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\hp_owner.sevilla\application data\mozilla\firefox\profiles\7jew4l4q.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCore.dll
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - %profile%\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
FF - Ext: ZoneAlarm Security Engine: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\checkpoint\zaforcefield\TrustChecker

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-5 165584]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-12-5 532224]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-5 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-5 40384]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2010-9-2 26872]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2010-9-2 493048]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-5 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-5 40384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-3 136176]

=============== Created Last 30 ================

2010-12-18 18:35:19 -------- d-----w- c:\docume~1\hp_own~3.sev\applic~1\Malwarebytes
2010-12-18 18:35:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-18 18:35:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-18 18:35:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-18 18:35:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-10 06:11:07 398744 ----a-r- c:\windows\system32\cpnprt2.cid
2010-12-07 13:02:57 278016 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
2010-12-07 13:02:55 118272 ----a-w- c:\windows\system32\hpz3l5mu.dll
2010-12-07 12:33:23 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-12-07 12:33:22 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2010-12-07 12:33:18 271704 ----a-w- c:\windows\system32\hpzids01.dll
2010-12-07 12:33:12 729088 ----a-w- c:\windows\system32\hpwwiax4.dll
2010-12-07 12:33:12 593920 ----a-w- c:\windows\system32\hpwtscl3.dll
2010-12-07 12:33:12 364544 ----a-w- c:\windows\system32\hppldcoi.dll
2010-12-07 12:33:12 309760 ----a-w- c:\windows\system32\difxapi.dll
2010-12-07 12:33:12 294912 ----a-w- c:\windows\system32\hpovst11.dll
2010-12-05 17:18:16 38848 ----a-w- c:\windows\avastSS.scr
2010-12-05 16:55:30 -------- d-----w- c:\docume~1\hp_own~3.sev\applic~1\CheckPoint
2010-12-05 16:33:49 -------- d-----w- c:\docume~1\hp_own~3.sev\applic~1\BitTorrent
2010-12-04 00:07:59 -------- d-----w- c:\docume~1\hp_own~3.sev\locals~1\applic~1\Google
2010-12-04 00:07:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-12-02 02:02:15 -------- d-----w- c:\docume~1\hp_own~3.sev\locals~1\applic~1\HP
2010-11-28 03:56:38 -------- d-----w- c:\windows\system32\LogFiles
2010-11-25 18:31:47 -------- d-----w- c:\docume~1\hp_own~3.sev\locals~1\applic~1\Temp
2010-11-23 15:20:46 215920 ----a-w- c:\windows\system32\muweb.dll
2010-11-23 15:20:46 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-11-23 15:20:45 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-11-22 16:26:19 -------- d-----w- c:\docume~1\hp_own~3.sev\locals~1\applic~1\Adobe
2010-11-22 15:49:59 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-11-22 15:49:59 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2010-11-22 03:39:02 -------- d-----w- c:\program files\WorksBkup
2010-11-22 03:24:21 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-11-22 03:24:21 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2010-11-22 03:23:42 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-11-22 03:23:42 31616 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-11-22 01:58:12 -------- d-----w- c:\docume~1\hp_own~3.sev\applic~1\OpenOffice.org
2010-11-22 01:54:57 -------- d-----w- c:\program files\JRE
2010-11-22 01:54:05 -------- d-----w- c:\program files\OpenOffice.org 3
2010-11-22 01:25:48 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-11-22 01:05:50 -------- d-----w- c:\docume~1\hp_own~3.sev\applic~1\FCSB000063123
2010-11-22 01:05:37 -------- d-----w- c:\program files\Shop to Win 9
2010-11-22 01:04:42 -------- d-----w- c:\program files\PriceGong
2010-11-22 01:04:42 -------- d-----w- c:\docume~1\hp_own~3.sev\applic~1\PriceGong
2010-11-22 00:03:17 -------- d-----w- c:\program files\Search Toolbar
2010-11-21 23:06:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-11-21 23:04:00 -------- d-----w- c:\docume~1\hp_own~3.sev\locals~1\applic~1\Apple
2010-11-21 22:50:26 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-11-21 22:48:24 454016 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-11-21 22:47:37 2137088 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-11-21 22:47:36 2181376 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-11-21 22:47:35 2058368 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-11-21 22:47:35 2016768 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-11-21 22:38:03 -------- d-s---w- c:\documents and settings\hp_owner.sevilla\UserData
2010-11-21 22:37:14 -------- d-sh--r- C:\cmdcons
2010-11-21 22:36:55 -------- d-----w- c:\windows\setupupd
2010-11-21 08:47:34 -------- d-----w- c:\windows\system32\PreInstall
2010-11-21 08:47:33 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-11-21 08:36:18 -------- d-----w- c:\docume~1\hp_own~3.sev\locals~1\applic~1\Mozilla
2010-11-21 08:35:37 8704 ------w- c:\windows\system32\dllcache\tsbyuv.dll
2010-11-21 08:35:37 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2010-11-21 08:35:30 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-11-21 08:35:30 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-11-21 08:34:30 -------- d-----w- c:\docume~1\hp_own~3.sev\locals~1\applic~1\LightScribe
2010-11-21 08:34:26 -------- d-----w- c:\windows\system32\Lang
2010-11-21 08:34:19 163840 ----a-w- c:\windows\system32\igfxres.dll
2010-11-21 08:33:46 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-11-21 08:30:02 -------- d-----w- c:\windows\system32\RTCOM
2010-11-21 08:28:36 -------- d-----w- c:\windows\system32\SoftwareDistribution
2010-11-21 05:09:35 -------- d-sh--r- c:\windows\system32\dllcache

==================== Find3M ====================

2010-11-29 02:35:30 3645 ----a-w- c:\windows\viassary-hp.reg
2010-10-07 16:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 16:23:02 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 16:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 16:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-09-30 19:35:38 73728 ----a-w- c:\windows\ALCFDRTM.VER
2006-12-05 01:30:54 774144 ----a-w- c:\program files\RngInterstitial.dll

============= FINISH: 15:52:59.92 ===============

 

[Broni]

Good. That WAS a lot

I still need Attach.txt part of DDS.

 

[Marcus CS]

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 11/21/2010 4:31:03 AM
System Uptime: 12/18/2010 2:47:43 PM (1 hours ago)

Motherboard: ASUSTeK Computer INC. | | Goldfish3
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | CPU 1 | 3000/200mhz
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | CPU 1 | 3000/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 179 GiB total, 104.402 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 0.636 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 11/21/2010 4:45:39 AM - Software Distribution Service 3.0
RP2: 11/21/2010 7:06:17 PM - Installed iTunes
RP3: 11/21/2010 8:22:10 PM - Software Distribution Service 3.0
RP4: 11/21/2010 8:03:43 PM - Installed Microsoft Office Word Viewer 2003
RP5: 11/21/2010 8:28:08 PM - Installed Windows XP KB914882.
RP6: 11/21/2010 9:25:47 PM - Software Distribution Service 3.0
RP7: 11/22/2010 10:14:43 AM - Installed Microsoft Office XP Media Content
RP8: 11/22/2010 10:21:14 AM - Removed Norton Security Center
RP9: 11/22/2010 10:32:59 AM - Printer Driver Microsoft Office Document Image Writer Installed
RP10: 11/22/2010 10:38:56 AM - Installed Microsoft Office XP Standard for Students and Teachers
RP11: 11/22/2010 10:58:28 AM - Removed Microsoft Office Word Viewer 2003
RP12: 11/22/2010 10:59:15 AM - Removed Microsoft Office Standard Edition 2003
RP13: 11/22/2010 11:49:59 AM - Unsigned driver install
RP14: 11/23/2010 11:45:53 AM - Software Distribution Service 3.0
RP15: 11/23/2010 2:36:11 PM - Software Distribution Service 3.0
RP16: 11/23/2010 3:02:20 PM - Removed Adobe Reader 6.0.1
RP17: 11/23/2010 3:03:11 PM - Removed Adobe Acrobat - Reader 6.0.2 Update
RP18: 11/23/2010 3:03:36 PM - Installed Adobe Reader X.
RP19: 11/23/2010 3:28:39 PM - Unsigned driver install
RP20: 11/24/2010 3:00:20 AM - Software Distribution Service 3.0
RP21: 11/24/2010 7:32:28 AM - Software Distribution Service 3.0
RP22: 11/24/2010 2:48:39 PM - Unsigned driver install
RP23: 11/24/2010 2:51:51 PM - Software Distribution Service 3.0
RP24: 11/24/2010 5:15:14 PM - Software Distribution Service 3.0
RP25: 11/25/2010 1:04:14 AM - Software Distribution Service 3.0
RP26: 11/26/2010 3:00:32 AM - Software Distribution Service 3.0
RP27: 11/26/2010 4:47:18 AM - Software Distribution Service 3.0
RP28: 11/26/2010 11:48:38 PM - Software Distribution Service 3.0
RP29: 11/27/2010 1:16:13 AM - Software Distribution Service 3.0
RP30: 11/27/2010 8:07:55 PM - Software Distribution Service 3.0
RP31: 11/27/2010 11:43:26 PM - Software Distribution Service 3.0
RP32: 11/28/2010 10:44:44 PM - Software Distribution Service 3.0
RP33: 11/28/2010 11:12:33 PM - Software Distribution Service 3.0
RP34: 11/29/2010 6:28:06 PM - Software Distribution Service 3.0
RP35: 11/29/2010 11:48:54 PM - Software Distribution Service 3.0
RP36: 11/30/2010 12:29:06 AM - Software Distribution Service 3.0
RP37: 11/30/2010 12:15:21 PM - Software Distribution Service 3.0
RP38: 11/30/2010 1:51:42 PM - Software Distribution Service 3.0
RP39: 11/30/2010 7:11:22 PM - Software Distribution Service 3.0
RP40: 12/1/2010 2:24:34 PM - Software Distribution Service 3.0
RP41: 12/1/2010 3:10:06 PM - Software Distribution Service 3.0
RP42: 12/2/2010 12:24:06 AM - Software Distribution Service 3.0
RP43: 12/2/2010 5:10:12 AM - Software Distribution Service 3.0
RP44: 12/2/2010 6:17:06 AM - Software Distribution Service 3.0
RP45: 12/2/2010 1:19:52 PM - Software Distribution Service 3.0
RP46: 12/2/2010 2:43:26 PM - Software Distribution Service 3.0
RP47: 12/2/2010 10:50:36 PM - Software Distribution Service 3.0
RP48: 12/3/2010 12:57:49 AM - Software Distribution Service 3.0
RP49: 12/3/2010 2:07:04 PM - Software Distribution Service 3.0
RP50: 12/3/2010 3:40:04 PM - Software Distribution Service 3.0
RP51: 12/3/2010 4:03:02 PM - Software Distribution Service 3.0
RP52: 12/3/2010 8:07:17 PM - avast! Free Antivirus Setup
RP53: 12/3/2010 8:13:19 PM - Software Distribution Service 3.0
RP54: 12/3/2010 9:41:23 PM - avast! Free Antivirus Setup
RP55: 12/3/2010 10:14:10 PM - Software Distribution Service 3.0
RP56: 12/4/2010 4:30:43 PM - Software Distribution Service 3.0
RP57: 12/4/2010 10:46:20 PM - Software Distribution Service 3.0
RP58: 12/5/2010 2:00:57 AM - Software Distribution Service 3.0
RP59: 12/5/2010 12:40:45 PM - Software Distribution Service 3.0
RP60: 12/5/2010 12:45:40 PM - Installed Windows XP KB943232.
RP61: 12/5/2010 1:18:09 PM - avast! Free Antivirus Setup
RP62: 12/5/2010 1:29:01 PM - Software Distribution Service 3.0
RP63: 12/5/2010 7:47:36 PM - Software Distribution Service 3.0
RP64: 12/7/2010 2:09:25 AM - System Checkpoint
RP65: 12/7/2010 7:27:01 AM - Software Distribution Service 3.0
RP66: 12/7/2010 8:34:35 AM - Removed Scan
RP67: 12/7/2010 8:37:19 AM - Removed WebReg
RP68: 12/7/2010 8:37:52 AM - Removed Fax
RP69: 12/7/2010 8:42:07 AM - Removed Destinations
RP70: 12/7/2010 8:45:23 AM - Removed TrayApp
RP71: 12/7/2010 8:48:01 AM - Removed BufferChm
RP72: 12/7/2010 8:49:10 AM - Removed HP Diagnostic Assistant
RP73: 12/7/2010 8:51:54 AM - Removed Director
RP74: 12/7/2010 8:54:54 AM - Removed HP Software Update
RP75: 12/7/2010 8:57:34 AM - Removed DocProc
RP76: 12/7/2010 9:08:31 AM - Printer Driver HP Officejet J4500 Series fax Installed
RP77: 12/7/2010 9:21:11 AM - Software Distribution Service 3.0
RP78: 12/7/2010 7:14:32 PM - Software Distribution Service 3.0
RP79: 12/8/2010 1:12:29 PM - Software Distribution Service 3.0
RP80: 12/9/2010 11:18:24 AM - Software Distribution Service 3.0
RP81: 12/10/2010 10:56:05 AM - Software Distribution Service 3.0
RP82: 12/11/2010 4:27:49 AM - Software Distribution Service 3.0
RP83: 12/12/2010 12:15:09 AM - Software Distribution Service 3.0
RP84: 12/12/2010 1:35:52 AM - Software Distribution Service 3.0
RP85: 12/12/2010 2:01:07 AM - Software Distribution Service 3.0
RP86: 12/12/2010 1:35:38 PM - Software Distribution Service 3.0
RP87: 12/13/2010 12:14:07 AM - Software Distribution Service 3.0
RP88: 12/13/2010 2:44:32 AM - Software Distribution Service 3.0
RP89: 12/15/2010 2:55:13 AM - System Checkpoint
RP90: 12/14/2010 8:50:15 PM - System Checkpoint
RP91: 12/15/2010 9:35:42 PM - Software Distribution Service 3.0
RP92: 12/16/2010 5:19:14 PM - Software Distribution Service 3.0
RP93: 12/17/2010 5:47:57 PM - System Checkpoint

==== Installed Programs ======================

32 Bit HP CIO Components Installer
4500_Help
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X
Agere Systems PCI Soft Modem
AiO_Scan
AiOSoftware
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Blackhawk Striker 2 from Hewlett-Packard Desktops (remove only)
Blasterball 2 from Hewlett-Packard Desktops (remove only)
Blasterball 2 Remix from Hewlett-Packard Desktops (remove only)
Bonjour
Bounce Symphony from Hewlett-Packard Desktops (remove only)
BPD_HPSU
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
CameraDrivers
Copy
CP_AtenaShokunin1Config
cp_dwSharkTaleAlbums1
cp_dwSharkTaleCards1
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CP_PLSBusinessFlyers
CreativeProjects
CreativeProjectsTemplates
Crystal Maze from Hewlett-Packard Desktops (remove only)
CueTour
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX Web Player
DocMgr
DocProc
DocProcQFolder
DocumentViewer
Easy Internet Sign-up
eSupportQFolder
Fax
Google Chrome
Google Update Helper
GPBaseService
Help and Support Additions
High Definition Audio Driver Package - KB835221
Hotfix for Windows XP (KB943232)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 10.0
HP Deskjet Preloaded Printer Drivers
HP Document Manager 1.0
HP Image Zone 4.5.3
HP Image Zone Plus 4.5.3
HP Imaging Device Functions 10.0
HP Officejet J4500 Series
HP Organize
HP Photosmart Cameras 4.0
HP Photosmart Essential 2.5
HP PSC & OfficeJet 4.0
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPIZplus450
HPProductAssistant
HpSdpAppCoreApp
HPSSupply
InstantShare
Intel(R) Graphics Media Accelerator Driver
IntelliMover Data Transfer Demo
InterVideo DiscLabel
InterVideo WinDVD Creator
InterVideo WinDVD Player
iTunes
J4500
Java 2 Runtime Environment, SE v1.4.2_03
KBD
LS_HSI
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Office XP Media Content
Microsoft Office XP Standard for Students and Teachers
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
muvee autoProducer 3.5 magicMoments - HPD
OCR Software by I.R.I.S. 10.0
OpenOffice.org 3.1
Orbital from Hewlett-Packard Desktops (remove only)
Overball from Hewlett-Packard Desktops (remove only)
PanoStandAlone
PC-Doctor for Windows
PhotoGallery
Photosmart 320,370,7400,8100,8400 Series
Polar Bowler from Hewlett-Packard Desktops (remove only)
Polar Golfer from Hewlett-Packard Desktops (remove only)
PriceGong 2.1.0
PrintScreen
ProductContext
PS2
PSPrinters06
PSSWCORE
Python 2.2 pywin32 extensions (build 203)
QFolder
QuickProjects
QuickTime
Readme
RealPlayer
Road Ready Streetwise from Hewlett-Packard Desktops (remove only)
Scan
Search Toolbar
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Shop for HP Supplies
Shop to Win 9
SkinsHP1
SmartWebPrintingOC
SolutionCenter
Sonic Express Labeler
Sonic RecordNow!
SpySubtract
Status
Toolbox
Tradewinds from Hewlett-Packard Desktops (remove only)
TrayApp
Unload
Update for Windows XP (KB898461)
Update for Windows XP (KB914882)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Updates from HP
VC80CRTRedist - 8.0.50727.762
VideoToolkit01
VLC media player 1.1.5
WebFldrs XP
WebReg
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB890175
ZoneAlarm
ZoneAlarm Toolbar

==== Event Viewer Messages From Past Week ========

12/18/2010 3:15:40 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
12/18/2010 1:48:15 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
12/18/2010 1:48:14 PM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
12/18/2010 1:48:14 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
12/18/2010 1:48:14 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/15/2010 7:32:13 AM, error: Service Control Manager [7000] - The ASCTRM service failed to start due to the following error: The system cannot find the file specified.
12/14/2010 8:33:19 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
12/13/2010 2:48:01 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.
12/13/2010 12:51:12 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.
12/13/2010 12:15:07 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024002d: Office XP Service Pack 3.

==== End Of File ===========================

 

[Broni]

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[Marcus CS]

Log
http://www.filedropper.com/combofix_2

 

[Broni]

Please, observe forum rules.
All logs have to be pasted into your reply.

Don't forget MBRCheck log.

 

[Marcus CS]

The combofix log was to big to put in a reply so I put it in that link. also I forgot to do the mbrcheck log, but I'll get it to you

 

[Broni]

If some log doesn't fit into one reply, split it between couple of replies.
This time, I'll do it for you....

ComboFix 10-12-19.03 - HP_Owner 12/20/2010 12:22:51.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2551.1970 [GMT -4:00]
Running from: c:\documents and settings\HP_Owner.SEVILLA\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_OWN~3.SEV\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\All Users\Favorites\Thumbs.db
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\1.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\a.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\b.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\c.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\d.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\e.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\f.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\g.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\h.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\i.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\J.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\k.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\l.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\m.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\n.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\o.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\p.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\q.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\r.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\s.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\t.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\u.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\v.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\w.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\x.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\y.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\z.xml
c:\documents and settings\HP_Owner.SEVILLA\Local Settings\Temp\IadHide5.dll
c:\documents and settings\HP_Owner.SEVILLA\Recent\certificate.pdf
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\BrowserSearch\BrowserSearch.xml
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Button_201\Button_201.xml
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Button_201\Button_201.xml.backup
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Button_6\Button_6.xml
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Button_6\Button_6.xml.backup
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Button_7\Button_7.xml
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Button_7\Button_7.xml.backup
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Button_9\Button_9.xml
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Button_9\Button_9.xml.backup
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\configurator\configurator.xml
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\contextMenu\contextMenu.xml
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\contextMenu\contextMenu.xml.backup
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\ErrorSearch\ErrorSearch.xml
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\postInstallLayout\postInstallLayout.xml
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\products\products.xml
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\products\products.xml.backup
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\BrowserSearch\images\favicon.ico
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Button_0\images\alot_logo_button.png
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Button_1\images\alot_search_button.png
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Button_2\images\default_1002_alot_videos_videosearch.bmp
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Button_2\images\default_1002_alot_videos_videosearch.png
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Button_201\images\default_1667_www.youtube.com_button.bmp
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Button_201\images\default_1667_www.youtube.com_button.png
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Button_202\images\default_2334_default_2301_hulu.bmp
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Button_202\images\default_2334_default_2301_hulu.png
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Button_203\images\default_1586_alot_widget_games.bmp
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Button_203\images\default_1586_alot_widget_games.png
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Button_3\images\default_2307_music_videos.bmp
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Button_3\images\default_2307_music_videos.png
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Button_4\images\default_1042_alot_video_vault.bmp
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Button_4\images\default_1042_alot_video_vault.png
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Button_5\images\default_1667_www.youtube.com_button.bmp
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Button_5\images\default_1667_www.youtube.com_button.png
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Button_6\images\default_1390_facebook.bmp
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Button_6\images\default_1390_facebook.png
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Button_7\images\1045_icon.bmp
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Button_7\images\1045_icon.png
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Button_7\images\default_1045_alot_rea_laughs.bmp
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Button_7\images\default_1045_alot_rea_laughs.png
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Button_8\images\default_1103_alot_lottery_dollar.bmp
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Button_8\images\default_1103_alot_lottery_dollar.png
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Button_9\images\default_1795_default_1795_alot_configure.bmp
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Button_9\images\default_1795_default_1795_alot_configure.png
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\contextMenu\images\alot_icon.png
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Shared\domains.dat
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Shared\images\alot_brand.png
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Shared\images\alot_splitter.png
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Shared\images\discover.png
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Shared\images\spinner.bmp
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Shared\images\widget_caption.bmp
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Tem485.tmp
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\toolbar.xml
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\toolbar.xml.backup
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml.backup
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Updater\Updater.xml
c:\documents and settings\HP_Owner.SEVILLAHOME\Application Data\alot\Updater\Updater.xml.backup
c:\documents and settings\HP_Owner.SEVILLAHOME\System
c:\documents and settings\HP_Owner.SEVILLAHOME\System\win_qs8.jqx
c:\documents and settings\HP_Owner\Application Data\alot
c:\documents and settings\HP_Owner\Application Data\alot\BrowserSearch\BrowserSearch.xml
c:\documents and settings\HP_Owner\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\HP_Owner\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\HP_Owner\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\HP_Owner\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\HP_Owner\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\HP_Owner\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\HP_Owner\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\HP_Owner\Application Data\alot\Button_3\Button_3.xml
c:\documents and settings\HP_Owner\Application Data\alot\Button_3\Button_3.xml.backup
c:\documents and settings\HP_Owner\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\HP_Owner\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\HP_Owner\Application Data\alot\Button_5\Button_5.xml
c:\documents and settings\HP_Owner\Application Data\alot\Button_5\Button_5.xml.backup
c:\documents and settings\HP_Owner\Application Data\alot\Button_6\Button_6.xml
c:\documents and settings\HP_Owner\Application Data\alot\Button_6\Button_6.xml.backup
c:\documents and settings\HP_Owner\Application Data\alot\Button_7\Button_7.xml
c:\documents and settings\HP_Owner\Application Data\alot\Button_7\Button_7.xml.backup
c:\documents and settings\HP_Owner\Application Data\alot\Button_8\Button_8.xml
c:\documents and settings\HP_Owner\Application Data\alot\Button_8\Button_8.xml.backup
c:\documents and settings\HP_Owner\Application Data\alot\configurator\configurator.xml
c:\documents and settings\HP_Owner\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\HP_Owner\Application Data\alot\contextMenu\contextMenu.xml
c:\documents and settings\HP_Owner\Application Data\alot\contextMenu\contextMenu.xml.backup
c:\documents and settings\HP_Owner\Application Data\alot\ErrorSearch\ErrorSearch.xml
c:\documents and settings\HP_Owner\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup
c:\documents and settings\HP_Owner\Application Data\alot\postInstallLayout\postInstallLayout.xml
c:\documents and settings\HP_Owner\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
c:\documents and settings\HP_Owner\Application Data\alot\products\products.xml
c:\documents and settings\HP_Owner\Application Data\alot\products\products.xml.backup
c:\documents and settings\HP_Owner\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html
c:\documents and settings\HP_Owner\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp
c:\documents and settings\HP_Owner\Application Data\alot\Resources\Button_0\images\alot_logo_button.png
c:\documents and settings\HP_Owner\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp
c:\documents and settings\HP_Owner\Application Data\alot\Resources\Button_1\images\alot_search_button.png
c:\documents and settings\HP_Owner\Application Data\alot\Resources\Button_2\images\default_1001_alot_rec_recipesearch.bmp
c:\documents and settings\HP_Owner\Application Data\alot\Resources\Button_2\images\default_1001_alot_rec_recipesearch.png
c:\documents and settings\HP_Owner\Application Data\alot\Resources\Button_3\images\default_1384_alot_mrkt_recipeebook.bmp
c:\documents and settings\HP_Owner\Application Data\alot\Resources\Button_3\images\default_1384_alot_mrkt_recipeebook.png
c:\documents and settings\HP_Owner\Application Data\alot\Resources\Button_4\images\default_1028_alot_rss.bmp
c:\documents and settings\HP_Owner\Application Data\alot\Resources\Button_4\images\default_1028_alot_rss.png
c:\documents and settings\HP_Owner\Application Data\alot\Resources\Button_5\images\default_1104_alot_recipe_cupboard.bmp
c:\documents and settings\HP_Owner\Application Data\alot\Resources\Button_5\images\default_1104_alot_recipe_cupboard.png
c:\documents and settings\HP_Owner\Application Data\alot\Resources\Button_6\images\default_1105_alot_recipe_videos.bmp
c:\documents and settings\HP_Owner\Application Data\alot\Resources\Button_6\images\default_1105_alot_recipe_videos.png
c:\documents and settings\HP_Owner\Application Data\alot\Resources\Button_7\images\default_1545_alot_lot_results.bmp
c:\documents and settings\HP_Owner\Application Data\alot\Resources\Button_7\images\default_1545_alot_lot_results.png
c:\documents and settings\HP_Owner\Application Data\alot\Resources\Button_8\images\default_1530_alot_mrkt_simplyhired.bmp
c:\documents and settings\HP_Owner\Application Data\alot\Resources\Button_8\images\default_1530_alot_mrkt_simplyhired.png
c:\documents and settings\HP_Owner\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp
c:\documents and settings\HP_Owner\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png
c:\documents and settings\HP_Owner\Application Data\alot\Resources\Shared\images\alot_brand.png
c:\documents and settings\HP_Owner\Application Data\alot\Resources\Shared\images\alot_splitter.png
c:\documents and settings\HP_Owner\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\HP_Owner\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\documents and settings\HP_Owner\Application Data\alot\toolbar.xml
c:\documents and settings\HP_Owner\Application Data\alot\toolbar.xml.backup
c:\documents and settings\HP_Owner\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\documents and settings\HP_Owner\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup
c:\documents and settings\HP_Owner\Application Data\alot\Updater\Updater.xml
c:\documents and settings\HP_Owner\Application Data\alot\Updater\Updater.xml.backup
c:\documents and settings\HP_Owner\Application Data\DriveCleaner Free
c:\documents and settings\HP_Owner\Application Data\DriveCleaner Free\Logs\update.log
c:\documents and settings\HP_Owner\Application Data\Install.dat
c:\documents and settings\HP_Owner\err.log
c:\documents and settings\TomTom HOME 2\Uninstall TomTom HOME.exe
C:\Install.exe
c:\program files\Common Files\companion wizard
c:\program files\INSTALL.LOG
c:\program files\Search Guard Plus
c:\program files\Search Guard Plus\fbsProtection.xml
c:\program files\Search Guard Plus\fbsSearchProvider.xml
c:\program files\Search Guard Plus\FbsSearchProviderIE8.exe
c:\program files\Search Guard Plus\SearchGuardPlus.exe
c:\program files\Search Guard Plus\SearchGuardPlus.ico
c:\program files\Search Guard Plus\uninstalSGP.exe
c:\program files\Search Guard PlusU
c:\program files\Search Guard PlusU\SGPU.ico
c:\program files\Search Guard PlusU\sgpUpdater.exe
c:\program files\Search Guard PlusU\sgpUpdater.xml
c:\program files\Search Guard PlusU\sgpUpdaters.exe
c:\program files\Search Guard PlusU\uninstalSGPU.exe
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\DIV55
c:\temp\DIV55\xDb.log
c:\temp\tn3
c:\windows\dat.txt
c:\windows\Downloaded Program Files\CpnMgr.dll
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\dirty_dishes.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\foodtray.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\heart1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\heart2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\heart3.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\menu_down.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\menu_up.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\mop_prop.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\ticket.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a1.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a2.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a3.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a4.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\baby_cry.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\chef_cook1.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\closing_time.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\customer_ditch.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\dialog_down.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\dialog_up.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\drink_table.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\expert.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\highchair_deliver.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\highchair_pickup.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\keystroke2.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\level_lose.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\level_win.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\menu_click.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\menu_rollover.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\mop_pickup.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\mop_spill.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_bring_check_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_dropoff_drinks_1.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_food_ready_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_gain_heart_1.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_menu_down.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_pencil_write_2.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_seat_people_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\spill.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\table_drink.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\tip_2.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\flo_lose.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\flo_win.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\fullscreendialog.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\high_score_menu_bg.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\levelintro.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\levelintro.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\levelover.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\longdialog.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\longdialog.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\mainmenu.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\mainmenu_logo.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\popup.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\popup.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\textfield.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\upgrade_lines.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowdown_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowdown_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowdown_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowup_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowup_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowup_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_rotated_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_rotated_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\decor_highlight.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\decor_normal.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\decor_selected.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_3.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_3.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a3.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\left_arrow_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\left_arrow_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\left_arrow_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_mask.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_mask.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\map_button_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\map_button_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\map_button_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\right_arrow_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\right_arrow_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\right_arrow_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\upgrade_down.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\upgrade_over.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\upgrade_up.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\welcome_player.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\actionpoints.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\career.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\customer.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\endless.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\global.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\powerups.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cook\stove.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\arrow.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\click.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\click2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\grab.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\open.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\anim.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\anim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\blue_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\legs.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\red_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\anim.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\anim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\blue_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\legs.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\red_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\anim.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\anim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\baby.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\baby.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\blue_baby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\blue_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\legs.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\red_baby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\red_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\anim.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\anim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\blue_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\legs.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\red_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\idle.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\idle.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\lower.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\lower.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\upper.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\upper.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\fonts\mercurius.mvec
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\bench.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\bench.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\blue_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\chair.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\chair.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dirt2top.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dirt4top.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dishcart.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dishcart.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\green_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchair_prop_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchair_prop_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchairbaby.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchairbaby.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\luxury_bench.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\luxury_bench.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\mop_station_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\mop_station_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\mop_station_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\podium.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\podium_heart.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\podium_heart.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\purple_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\radio.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\red_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\spill.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\spill.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\stereo.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\ticketstation.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\ticketstation.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\yellow_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\family.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help_dividerline.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_colormatch1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_colormatch2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_noise.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_score.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_cleardishes.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_givecheck.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_pickupfood.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_servefood.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_takeorder.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\hiscore\local-hs-bb.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\hiscore\p1icon.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_1.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_2.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_3.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_4.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_5.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_6.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_a.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_b.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_c.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\playfirstlogo.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\background.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\green.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\green.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\grey.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\cup1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\food.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\food.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\frames\2_0.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\frames\2_1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\people\cook.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\people\cook.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\props\cup_prop1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\2top.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\2top.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\4top.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\4top.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrades.xml
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\tableshadow.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\careerupgrade.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\choosedifficulty.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\closeconfirm.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\entername.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\game.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\getmoregames.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\help1.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\help2.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\hiscore.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\hiscoreinfo.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\hiscoresubmit.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\levelintro.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\levelover.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\loading.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\mainloop.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\mainmenu.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\ok.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\pause.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\style.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\upgrade.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\upsell.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\yesno.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\splash\aol_logo.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\strings.xml
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\angersmoke.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\angersmoke.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\bubbles\request_bubble.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\bubbles\request_mop.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\bubbles\request_rejectmeal.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\chairflags.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\chairflags.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\check.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\checkmark.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\closed.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\coinflip.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\coinflip.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\decor_lines.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\dollar.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\expert.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\foodpoof.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\foodpoof.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\heartgrow.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\heartgrow.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\jar.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\jar.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\lives_icon.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\noisering.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_d.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_e.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_f.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tablenumber_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tablenumber_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\traynumber.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tutorialarrow.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tutorialbox.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_base.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_hand.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_timer_off.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_timer_on.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgradeanim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_c.png

 

[Broni]

c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd1.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd2.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd3.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd4.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\dinerdash2.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.3.inf
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\music\Big Band 1.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\music\cannon_in_d.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\aunt_sobs.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\bees.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\bonus_points.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\bridezilla.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\deliver_food.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\dialog_click.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\dialog_roll.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\end_of_level.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\fire.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\game_click.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\lost_points.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\pickup_food.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\pickup_guest.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\planning_right_choice.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\planning_win.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\planning_wrong_choice.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\quinn_fixing_problem.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\quinn_problem.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\ready_to_be_seated.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\audio\sfx\seat_guest.ogg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\backgrounds\helppage.jpg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\backgrounds\hintbg.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\backgrounds\levelinfo_bg.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\backgrounds\longdialog.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\backgrounds\talldialog.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\backgrounds\textfield.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\backgrounds\Thumbs.db
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\bitmaps\ui\backgrounds\menu_main.jpg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\arrowdown_down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\arrowdown_over.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\arrowdown_up.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\arrowleft_down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\arrowleft_over.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\arrowleft_up.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\arrowright_down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\arrowright_over.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\arrowright_up.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\arrowup_down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\arrowup_over.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\arrowup_up.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\back_button.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\back_button_highlight.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\bluearrowleft_down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\bluearrowleft_over.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\bluearrowleft_up.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\bluearrowright_down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\bluearrowright_over.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\bluearrowright_up.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\btn_down_long.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\btn_down_med.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\btn_down_short.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\btn_hl_long.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\btn_hl_med.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\btn_hl_short.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\btn_idle_long.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\btn_idle_med.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\btn_idle_short.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\BTNgold_Down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\BTNgold_HL.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\BTNgold_Idle.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\buttondown.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\buttonrollover.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\buttonup.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\checkdown.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\checkup.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\cp_buttondown.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\cp_buttonrollover.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\cp_buttonup.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\highscores_btn_purp_down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\highscores_btn_purp_hl.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\highscores_btn_purp_idle.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\planner_btn_down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\planner_btn_hl.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\planner_btn_idle.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\telephone_btn_down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\telephone_btn_hl.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\buttons\telephone_btn_idle.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\cursor\cursor.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fonts\arial.mvec
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\bee.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\bubble.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\confetti.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\flame2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\flash.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_bees.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_bridezilla.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_chef_table_fire.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_end_of_level_1.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_end_of_level_1_fullscreen.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_expert_goal_reached.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_goal_reached.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_guest_ready_to_dance.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_kiss.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_large_point_explosion.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_last_guest.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_last_guest_foreground.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_lost_points.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_medium_point_explosion.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_normal_point_explosion.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_planningreward.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_quinn_boost_meter.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_small_point_explosion.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_steam.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_ui_sparkle.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\fx_upgrade.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\heart.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\heart2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_balloon.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_balloon2.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_bees.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_bubbles.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_confetti_large.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_confetti_medium.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_confetti_small.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_explosion_large.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_explosion_medium.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_explosion_small.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_flames_down.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_flames_up.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_flash_medium.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_flash_small.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_flower1.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_flower2.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_flower3.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_heartfall.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_heartsparkle.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_kisses.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_negative.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_negative2.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_reseating.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_rings.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_rings2.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_smoke.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_sparkle.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_sparkle_medium.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_sparkle_menu.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_stars_large.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_stars_medium.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_stars_small.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_steam_left.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_steam_right.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_steam_up.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_streamer_large.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_streamer_medium.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\pfx_streamer_small.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\smoke.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\sparkle2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\sparkle4.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\star.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\fx\streamer.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\hiscore\global-hs-bb_large.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\hiscore\global-hs-bb_small.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\hiscore\hiscores_BG.jpg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\hiscore\local-hs-bb.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\hiscore\p1icon.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\hiscore\Thumbs.db
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\bg_backyard.jpg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\cake_table.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\cake_table.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\bg_genericdance.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\bg_genericdance.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_b1_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_b1_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_b1_happy.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_b1_happy.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_b1_mad.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_b1_mad.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_b1_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_b1_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_b2_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_b2_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_b2_happy.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_b2_happy.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_b2_mad.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_b2_mad.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_b2_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_b2_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_g1_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_g1_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_g1_happy.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_g1_happy.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_g1_mad.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_g1_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_g1_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_g2_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_g2_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_g2_happy.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_g2_happy.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_g2_mad.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_g2_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Brides and Grooms\gen_g2_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_cry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_cry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_dance.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_dance.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_eat.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_eat.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_happy.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_happy.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_headicon.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_headicon.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_highlight.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_highlight_sit.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_stand_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_stand_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_stand_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\aunt_stand_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\FG1_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\fg1_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\FG1_dance.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\fg1_dance.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\FG1_eat.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\fg1_eat.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\FG1_happy.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\fg1_happy.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\FG1_headicon.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\fg1_headicon.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\FG1_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\fg1_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\FG1_stand_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\fg1_stand_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\fg1_stand_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\fg1_stand_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\FG4_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\fg4_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\FG4_dance.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\fg4_dance.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\FG4_eat.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\fg4_eat.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\FG4_happy.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\fg4_happy.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\FG4_headicon.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\fg4_headicon.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\FG4_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\fg4_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\FG4_stand_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\fg4_stand_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\fg4_stand_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\fg4_stand_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\MG1_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\mg1_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\MG1_dance.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\mg1_dance.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\MG1_eat.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\mg1_eat.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\MG1_happy.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\mg1_happy.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\MG1_headicon.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\mg1_headicon.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\MG1_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\mg1_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\MG1_stand_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\mg1_stand_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\mg1_stand_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\mg1_stand_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\MG4_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\mg4_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\MG4_dance.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\mg4_dance.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\MG4_eat.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\mg4_eat.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\MG4_happy.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\mg4_happy.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\MG4_headicon.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\mg4_headicon.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\MG4_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\mg4_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\MG4_stand_angry.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\mg4_stand_angry.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\mg4_stand_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\CHAR\mg4_stand_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Chef_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\chef_normal.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\chef_normal_work.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\chef_normal_work.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\chef_spin.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\chef_spin.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\DJ.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\dj.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Quinn\Quinn_amb1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Quinn\quinn_amb1.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Quinn\quinn_east.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Quinn\quinn_east.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Quinn\Quinn_fix.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Quinn\quinn_fix.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Quinn\quinn_happy.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Quinn\quinn_happy.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Quinn\quinn_idle.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Quinn\quinn_idle.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Quinn\quinn_north.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Quinn\quinn_north.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Quinn\quinn_south.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Quinn\quinn_south.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Quinn\quinn_west.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Quinn\quinn_west.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_1amb1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_1amb1.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_2amb1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_2amb1.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_amb1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_amb1.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_east0.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_east0.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_east1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_east1.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_east2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_east2.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_idle.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_idle.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_idle1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_idle1.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_idle2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_idle2.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_north0.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_north0.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_north1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_north1.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_north2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_north2.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_south0.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_south0.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_south1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_south1.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_south2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_south2.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_west0.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_west0.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_west1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_west1.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_west2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\character\Red\waitress_red_west2.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\checkmark.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\checkmark.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\cross.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\expertbadge.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\App1Empty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\app1full.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\App2Empty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\app2full.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\App3Empty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\app3full.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\App4Empty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\app4full.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\AppEmpty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\AppFull.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\Cake1Empty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\Cake1Full.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\Cake2Empty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\Cake2Full.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\Cake3Empty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\Cake3Full.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\CakeEmpty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\CakeFull.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\Dinner1Empty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\Dinner1Full.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\Dinner2Empty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\Dinner2Full.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\Dinner3Empty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\Dinner3Full.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\DinnerEmpty.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\DinnerFull.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\item_app1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\item_app2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\item_app3.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\item_app4.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\item_appetizer.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\item_cake.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\item_dinner.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\item_dinner1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\item_dinner2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\item_dinner3.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\item_gift.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\item_mark1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\item_mark2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\item_mark3.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\menu.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\food\Shrimp_small.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Guest_ThoughtBalloon.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\guestbubble_alert0003.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\guestbubble_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\guestbubble_warning.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\helpscreen\headerbg.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\helpscreen\help_1_image01.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\helpscreen\help_1_image02.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\helpscreen\help_1_image03.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\helpscreen\help_1_image04.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\helpscreen\help_2_image01.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\helpscreen\help_2_image02.jpg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\helpscreen\help_2_image03.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Intro\intro_bg.jpg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Intro\introballoon.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\lastguest.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\loading\loading.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\loading\loading.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\pointleft.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\quinn_alert_balloon.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\quinn_alert_balloon_highlight.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\quinn_alert_balloon_highlight_selected.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Quinn_expert.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Quinn_normal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Quinn_poor.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Quinn_ThoughtBalloon.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\quinnbubble.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Speaker_Idle.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\speaker_idle.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\star.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\table\chair.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\table\chair06.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\table\dishbin.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\table\headtable1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\table\musicTable.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\table\QuinnsTable.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\table\redtable.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\table\redtable_2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\table\redtable_6.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\table\servingtable_large.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_BG.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\UI_Flute_00.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\ui_flute_00.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\UI_Flute_01.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\ui_flute_01.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\UI_Flute_02.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\ui_flute_02.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\UI_Flute_03.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\ui_flute_03.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\UI_Flute_04.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\ui_flute_04.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\UI_Flute_05.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\ui_flute_05.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\UI_Flute_06.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\ui_flute_06.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\UI_Flute_07.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\ui_flute_07.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\UI_Flute_08.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\ui_flute_08.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\UI_Flute_09.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\ui_flute_09.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\UI_Flute_10.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\ui_flute_10.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\UI_Flute_11.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\ui_flute_11.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\UI_Flute_12.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\ui_flute_12.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\UI_Flute_13.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\UI\UI_Flute\ui_flute_13.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\upgrades\upapp.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\upgrades\upband.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\upgrades\upcake4.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\upgrades\upchair.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\upgrades\upchef.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\upgrades\upchefstable.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\upgrades\upcheftable.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\upgrades\updance.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\upgrades\updrink.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\upgrades\upfast.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\upgrades\upgrade_down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\upgrades\upgrade_rollover.png

 

[Broni]

c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\upgrades\upmeal.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\upgrades\upwaitress.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\audrey.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\audrey.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\cake4.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\cake4.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\cake6.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\cake6.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\ira.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\ira.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\planner_bg.jpg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\planning_end_note.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\points_heart.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\small_PLANNER_Flowers01.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\small_PLANNER_Flowers02.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\small_PLANNER_Flowers03.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\small_PLANNER_Flowers07.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\upaudrey.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\upcake4.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\upcake6.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\upflowers1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\upflowers2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\upflowers3.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\upflowers7.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\uphoneymoon1.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\uphoneymoon2.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\uphoneymoon3.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\uphoneymoon4.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\upira.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\upquiche.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\upWD_Planner_Asparagus.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\upWD_Planner_Chicken.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\upWD_Planner_CrackersAndCheese.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\upWD_Planner_Fish.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\upWD_Planner_Shrimp.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\upWD_Planner_Steakl.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\wp_down.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\images\Wedding Panning\wp_over.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\resources.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\arcade1.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\basicSetting.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\closeconfirm.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\game1.1.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\game1.2.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\game1.3.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\game1.4.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\game1.5.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\gametrust_connectdialog.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\helpmenu1.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\helpmenu2.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\hiscore.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\hiscoreinfo.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\hiscoresubmit.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\LevelDefines.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\LevelDialogGenerator.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\LevelManager.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\luaDebug.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\mainloop.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\ok.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\pause.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\pausemenu.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\planning_tutorial.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\privacy.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\quitdialog.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\selection scripts\selection1.1.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\selection scripts\selection1.2.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\selection scripts\selection1.3.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\selection scripts\selection1.4.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\selection scripts\selection1.5.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\selection scripts\SelectionDefines.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\selection scripts\SelectionDialogGenerator.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\selection scripts\SelectionManager.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\style.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\upgrade1.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\upgrades.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\upsell.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\upsellfinal.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\userdata.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\scripts\yesno.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\settings.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\splash\aol_web_logo.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\splash\IE_fullcolor.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\splash\Thumbs.db
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\strings.xml
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\ui_scripts\common\coordinates.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\ui_scripts\common\style.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\ui_scripts\screens\main_menu_scrn.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\upsell\logo.png
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\upsell\upsell_img_1.jpg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\upsell\upsell_img_2.jpg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\upsell\upsell_img_3.jpg
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\assets\xsellstyle.lua
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\bin\bin2c
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\bin\luac
c:\windows\Downloaded Program Files\WeddingDash.1.0.0.50\weddingdashlongnamenospace.exe
c:\windows\system32\kill.exe
c:\windows\tempf.txt
c:\windows\viassary-hp.reg
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-11-20 to 2010-12-20 )))))))))))))))))))))))))))))))
.

2010-12-18 18:35 . 2010-11-29 21:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-18 18:35 . 2010-12-18 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-18 18:35 . 2010-12-18 18:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-18 18:35 . 2010-11-29 21:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-10 06:11 . 2010-12-10 06:11 398744 ----a-r- c:\windows\system32\cpnprt2.cid
2010-12-07 13:02 . 2007-11-05 23:06 278016 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5mu.dll
2010-12-07 13:02 . 2007-11-05 23:07 118272 ----a-w- c:\windows\system32\hpz3l5mu.dll
2010-12-07 12:33 . 2007-01-17 08:37 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-12-07 12:33 . 2007-01-17 08:37 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2010-12-07 12:33 . 2007-11-06 18:10 271704 ----a-w- c:\windows\system32\hpzids01.dll
2010-12-07 12:33 . 2007-10-31 02:35 729088 ----a-w- c:\windows\system32\hpwwiax4.dll
2010-12-07 12:33 . 2007-10-31 02:35 593920 ----a-w- c:\windows\system32\hpwtscl3.dll
2010-12-07 12:33 . 2007-01-17 08:37 364544 ----a-w- c:\windows\system32\hppldcoi.dll
2010-12-07 12:33 . 2007-01-17 08:37 309760 ----a-w- c:\windows\system32\difxapi.dll
2010-12-07 12:33 . 2007-01-17 08:31 294912 ----a-w- c:\windows\system32\hpovst11.dll
2010-12-05 17:18 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-05 17:18 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-05 17:18 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-05 17:18 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-05 17:18 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-12-05 17:18 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-12-05 17:18 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-12-05 17:18 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-05 17:18 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-05 16:54 . 2010-12-05 16:54 -------- d-----w- c:\program files\Conduit
2010-12-05 16:54 . 2010-12-05 16:54 -------- d-----w- c:\program files\ZoneAlarm_Security
2010-12-05 16:54 . 2010-12-05 16:54 -------- d-----w- c:\program files\CheckPoint
2010-12-05 16:54 . 2010-09-02 13:20 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-12-05 16:54 . 2010-09-02 13:20 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-12-05 16:54 . 2010-09-02 13:20 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-12-05 16:54 . 2010-12-05 16:55 -------- d-----w- c:\windows\system32\ZoneLabs
2010-12-04 00:07 . 2010-12-04 00:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-11-28 03:56 . 2010-11-28 03:56 -------- d-----w- c:\windows\system32\LogFiles
2010-11-23 15:20 . 2009-08-06 23:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-11-23 15:20 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-11-22 15:49 . 2004-08-04 02:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-11-22 03:39 . 2010-11-22 03:39 -------- d-----w- c:\program files\WorksBkup
2010-11-22 03:24 . 2004-08-04 03:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-11-22 03:23 . 2004-08-04 03:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-11-22 01:54 . 2010-11-22 01:54 -------- d-----w- c:\program files\JRE
2010-11-22 01:54 . 2010-11-22 01:54 -------- d-----w- c:\program files\OpenOffice.org 3
2010-11-22 01:25 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-11-22 01:05 . 2010-11-22 01:05 -------- d-----w- c:\program files\Shop to Win 9
2010-11-22 01:04 . 2010-11-22 01:04 -------- d-----w- c:\program files\PriceGong
2010-11-21 23:06 . 2010-11-21 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-11-21 23:03 . 2010-12-07 12:33 -------- dc----w- c:\windows\system32\DRVSTORE
2010-11-21 22:50 . 2010-11-23 15:44 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-11-21 08:47 . 2008-07-09 07:38 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-11-21 08:35 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-11-21 08:34 . 2010-11-21 08:34 -------- d-----w- c:\windows\system32\Lang
2010-11-21 08:34 . 2004-11-02 15:58 163840 ----a-w- c:\windows\system32\igfxres.dll
2010-11-21 08:33 . 2004-08-04 11:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-11-21 08:32 . 2010-12-20 16:56 -------- d-----w- c:\documents and settings\HP_Owner.SEVILLA
2010-11-21 08:31 . 2002-01-04 15:15 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2010-11-21 08:30 . 2010-11-21 08:30 -------- d-----w- c:\windows\system32\RTCOM
2010-11-21 05:09 . 2010-12-05 16:45 -------- d-sh--r- c:\windows\system32\dllcache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-07 16:23 . 2010-10-07 16:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 16:23 . 2010-10-07 16:23 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 16:23 . 2010-10-07 16:23 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 16:23 . 2010-10-07 16:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-09-30 19:35 . 2005-11-03 23:12 73728 ----a-w- c:\windows\ALCFDRTM.VER
2006-12-05 01:30 . 2006-12-05 01:31 774144 ----a-w- c:\program files\RngInterstitial.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2002-01-04 15:09 . 2004-10-14 21:54 253952 c:\hp\drivers\hplsbwatcher\bak\lsburnwatcher.exe
2002-01-04 15:09 . 2004-10-14 21:54 253952 c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

2003-05-08 16:00 . 2003-05-08 16:00 49152 c:\program files\bak\OpwareSE2.exe

2005-11-03 03:01 . 2005-11-03 03:01 50792 c:\program files\Common Files\AOL\1147752597\ee\bak\AOLSoftware.exe

2005-11-30 15:40 . 2005-11-30 15:40 136808 c:\program files\Common Files\AOL\1147752597\ee\services\sscFirewallPlugin\ver1_10_3_1\bak\SSCRun.exe

2002-01-04 15:07 . 2002-01-04 15:07 180269 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
2002-01-04 15:07 . 2002-01-04 15:07 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

2004-06-07 18:53 . 2004-06-07 18:53 49152 c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\bak\hphupd06.exe
2004-06-07 18:53 . 2004-06-07 18:53 49152 c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

2006-06-14 20:24 . 2006-06-14 20:24 278528 c:\program files\iTunes\bak\iTunesHelper.exe
2010-11-18 00:59 . 2010-11-18 00:59 421160 c:\program files\iTunes\iTunesHelper.exe

2002-01-04 14:45 . 2002-01-04 14:45 32881 c:\program files\Java\j2re1.4.2_03\bin\bak\jusched.exe
2002-01-04 14:45 . 2002-01-04 14:45 32881 c:\program files\Java\j2re1.4.2_03\bin\jusched.exe

2006-05-23 20:32 . 2005-11-04 21:49 988712 c:\program files\mcafee.com\personal firewall\bak\MPfTray.exe

2002-01-04 15:15 . 2006-05-17 22:04 282624 c:\program files\QuickTime\bak\qttask.exe
2010-09-08 15:17 . 2010-09-08 15:17 421888 c:\program files\QuickTime\QTTask.exe

2006-05-28 02:27 . 2004-11-11 04:15 111816 c:\program files\Viewpoint\Viewpoint Manager\bak\ViewMgr.exe

2004-04-14 20:43 . 2004-04-14 20:43 233472 c:\windows\SMINST\bak\RECGUARD.EXE
2004-04-14 20:43 . 2004-04-14 20:43 233472 c:\windows\SMINST\Recguard.exe

2002-01-04 14:48 . 1998-05-07 16:04 52736 c:\windows\system\bak\hpsysdrv.exe
2002-01-04 14:48 . 1998-05-07 16:04 52736 c:\windows\system\hpsysdrv.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0095C290-A428-4BDD-B98C-E0A116F1C702}]
2010-11-22 01:05 647168 ----a-w- c:\program files\Shop to Win 9\ShoppingBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]
2010-03-28 19:47 353656 ----a-w- c:\program files\PriceGong\2.1.0\PriceGongIE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2010-12-01 15:27 2735200 ----a-w- c:\program files\ZoneAlarm_Security\tbZone.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2002-01-04 32881]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 61952]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2002-01-04 180269]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"SoundMan"="SOUNDMAN.EXE" [2004-10-13 77824]
"AlcWzrd"="ALCWZRD.EXE" [2004-10-13 2742272]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-09-02 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-09-02 738808]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]

c:\documents and settings\Aracely\Start Menu\Programs\Startup\
HP Organize.lnk - c:\program files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2002-1-4 36864]

c:\documents and settings\HP_Owner.SEVILLA\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0a\aoltray.exe [2009-4-17 156784]
Auto Detect.lnk - c:\program files\iConcepts Music Express\MEAutoDetect.exe [2008-9-21 374104]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
SpySubtract.lnk - c:\program files\InterMute\SpySubtract\sslaunch.exe [2002-1-4 73728]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2002-1-4 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/5/2010 1:18 PM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/5/2010 1:18 PM 17744]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [9/2/2010 8:26 AM 26872]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [9/2/2010 8:26 AM 493048]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/3/2010 8:08 PM 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-11-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-11-21 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2004-08-13 16:50]

2010-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-04 00:07]

2010-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-04 00:07]

2010-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3336513925-2205304878-719255350-1009Core1cac6718a1f0bd8.job
- c:\documents and settings\HP_Owner.SEVILLAHOME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-01 22:48]

2010-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3336513925-2205304878-719255350-1009UA.job
- c:\documents and settings\HP_Owner.SEVILLAHOME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-01 22:48]

2010-12-20 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-03-26 10:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
TCP: {0ECC7E3F-0561-49F6-91DD-645E548FFE70} = 167.206.245.130,167.206.245.129
FF - ProfilePath - c:\documents and settings\HP_Owner.SEVILLA\Application Data\Mozilla\Firefox\Profiles\7jew4l4q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - %profile%\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
FF - Ext: ZoneAlarm Security Engine: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\CheckPoint\ZAForceField\TrustChecker
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{FA010552-4A27-4cb1-A1BB-3E2D697F1639} - (no file)
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-20 13:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(600)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(656)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'explorer.exe'(1884)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\AGRSMMSG.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ALCWZRD.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wdfmgr.exe
c:\program files\InterMute\SpySubtract\SpySub.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2010-12-20 13:37:20 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-20 17:36

Pre-Run: 111,425,753,088 bytes free
Post-Run: 111,628,419,072 bytes free

- - End Of File - - 59E239A176E7975F143BA1AAB27DC077

 

[Broni]

I'll wait for MBRCheck log....

 

[Marcus CS]

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x000003fd

Kernel Drivers (total 120):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E2000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA5AC000 intelide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F31000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9F11000 fltMgr.sys
0xB9EFF000 sr.sys
0xBA338000 PxHelp20.sys
0xB9EE8000 KSecDD.sys
0xB9E5B000 Ntfs.sys
0xB9E2E000 NDIS.sys
0xBA0F8000 ohci1394.sys
0xBA108000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9E13000 Mup.sys
0xBA158000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9858000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xB9844000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9820000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA410000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB97FD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA418000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\R8139n51.SYS
0xB96C7000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xBA420000 \SystemRoot\System32\Drivers\Modem.SYS
0xB96B3000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA308000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA554000 \SystemRoot\system32\DRIVERS\PS2.sys
0xBA428000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA430000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA318000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA558000 \SystemRoot\system32\drivers\pfc.sys
0xBA438000 \SystemRoot\system32\drivers\iviaspi.sys
0xBA168000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB99A5000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9690000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA440000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
0xBA69E000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB9995000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA564000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9679000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB9985000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB9975000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA448000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9640000 \SystemRoot\system32\DRIVERS\psched.sys
0xB9965000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA450000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA458000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB9955000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5BC000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB960C000 \SystemRoot\system32\DRIVERS\update.sys
0xBA570000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB9915000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA931D000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA92FC000 \SystemRoot\system32\drivers\portcls.sys
0xBA188000 \SystemRoot\system32\drivers\drmk.sys
0xBA198000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5C2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA5C4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7FE000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5C6000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA470000 \SystemRoot\System32\drivers\vga.sys
0xBA5C8000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5CA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA478000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA480000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9DEB000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA92A1000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA9249000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA1C8000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xA9228000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA9200000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA90B7000 \SystemRoot\System32\vsdatant.sys
0xA9095000 \SystemRoot\System32\drivers\afd.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA906A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA8FFB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA208000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA488000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xA8FD4000 \SystemRoot\System32\Drivers\aswSP.SYS
0xBA4A0000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xBA540000 \SystemRoot\system32\DRIVERS\sfloppy.sys
0xA8FB1000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA8F99000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5EE000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB9651000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA380000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6E6000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF03F000 \SystemRoot\System32\ialmdev5.DLL
0xBF068000 \SystemRoot\System32\ialmdd5.DLL
0xBA588000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xA8E69000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBA3F8000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
0xA8B9A000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA8905000 \SystemRoot\system32\drivers\wdmaud.sys
0xA91C8000 \SystemRoot\system32\drivers\sysaudio.sys
0xA87C3000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA867C000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA3B8000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xA81DC000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA80EB000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 56):
0 System Idle Process
4 System
496 C:\WINDOWS\system32\smss.exe
576 csrss.exe
600 C:\WINDOWS\system32\winlogon.exe
644 C:\WINDOWS\system32\services.exe
656 C:\WINDOWS\system32\lsass.exe
804 C:\WINDOWS\system32\svchost.exe
868 svchost.exe
932 C:\WINDOWS\system32\svchost.exe
1016 svchost.exe
1052 svchost.exe
1112 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
1332 C:\WINDOWS\explorer.exe
1616 C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
1660 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
164 C:\WINDOWS\system32\spoolsv.exe
524 svchost.exe
548 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
620 C:\Program Files\Bonjour\mDNSResponder.exe
964 C:\WINDOWS\system32\svchost.exe
1176 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1564 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1832 C:\WINDOWS\system32\svchost.exe
1844 C:\WINDOWS\system32\svchost.exe
2084 C:\WINDOWS\system32\svchost.exe
2132 wdfmgr.exe
2980 alg.exe
3416 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
3528 C:\WINDOWS\system\hpsysdrv.exe
3588 C:\WINDOWS\system32\hkcmd.exe
3600 C:\WINDOWS\AGRSMMSG.exe
3624 C:\WINDOWS\system32\hphmon06.exe
3632 C:\hp\KBD\kbd.exe
3644 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
3696 C:\WINDOWS\system32\wuauclt.exe
3712 C:\WINDOWS\SOUNDMAN.EXE
3792 C:\WINDOWS\ALCWZRD.EXE
3824 C:\Program Files\QuickTime\QTTask.exe
3844 C:\Program Files\iTunes\iTunesHelper.exe
3972 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
4012 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
4048 C:\WINDOWS\system32\ctfmon.exe
324 C:\Program Files\America Online 9.0a\aoltray.exe
340 C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
392 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
1252 C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
2196 C:\Program Files\OpenOffice.org 3\program\soffice.exe
2268 C:\Program Files\iPod\bin\iPodService.exe
2228 C:\Program Files\OpenOffice.org 3\program\soffice.bin
436 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
2552 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
3092 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
3224 C:\Program Files\InterMute\SpySubtract\SpySub.exe
1192 C:\Program Files\Mozilla Firefox\firefox.exe
3692 C:\Documents and Settings\HP_Owner.SEVILLA\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`bea90000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: Maxtor6B200M0, Rev: BANC1B10

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Legit MBR code detected
SHA1: F75A10171F7488C11BA9A98CEC3D186D7A8D3972


Done!

 

[Broni]

MBRCheck log looks good

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Folder::
c:\program files\PriceGong

AWF::
c:\program files\iTunes\bak\iTunesHelper.exe
c:\program files\QuickTime\bak\qttask.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=-

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[Marcus CS]

ComboFix 10-12-24.01 - HP_Owner 12/24/2010 18:50:49.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2551.1934 [GMT -4:00]
Running from: c:\documents and settings\HP_Owner.SEVILLA\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Owner.SEVILLA\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_OWN~3.SEV\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\1.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\a.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\b.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\c.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\d.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\e.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\f.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\g.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\h.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\i.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\J.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\k.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\l.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\m.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\n.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\o.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\p.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\q.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\r.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\s.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\t.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\u.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\v.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\w.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\x.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\y.xml
c:\documents and settings\HP_Owner.SEVILLA\Application Data\PriceGong\Data\z.xml
c:\documents and settings\HP_Owner.SEVILLA\Local Settings\Temp\IadHide5.dll
c:\program files\PriceGong
c:\program files\PriceGong\2.1.0\FF\chrome.manifest
c:\program files\PriceGong\2.1.0\FF\components\PriceGong.xpt
c:\program files\PriceGong\2.1.0\FF\components\PriceGongFF.dll
c:\program files\PriceGong\2.1.0\FF\content\options.js
c:\program files\PriceGong\2.1.0\FF\content\options.xul
c:\program files\PriceGong\2.1.0\FF\content\PriceGong.png
c:\program files\PriceGong\2.1.0\FF\install.rdf
c:\program files\PriceGong\2.1.0\PriceGongIE.dll
c:\program files\PriceGong\uninst.exe
c:\windows\system32\Oeminfo.ini
c:\windows\system32\ps2.bat

.
((((((((((((((((((((((((( Files Created from 2010-11-24 to 2010-12-24 )))))))))))))))))))))))))))))))
.

2010-12-22 22:05 . 2010-12-22 22:09 -------- d-----w- c:\program files\WebfettiIE
2010-12-22 22:05 . 2010-12-22 22:05 -------- d-----w- c:\program files\WebfettiEI
2010-12-19 04:36 . 2010-12-19 04:36 -------- d-----w- c:\documents and settings\HP_Owner.SEVILLA\Local Settings\Application Data\Help
2010-12-18 18:35 . 2010-12-18 18:35 -------- d-----w- c:\documents and settings\HP_Owner.SEVILLA\Application Data\Malwarebytes
2010-12-18 18:35 . 2010-11-29 21:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-18 18:35 . 2010-12-18 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-18 18:35 . 2010-12-18 18:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-18 18:35 . 2010-11-29 21:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-10 06:11 . 2010-12-10 06:11 398744 ----a-r- c:\windows\system32\cpnprt2.cid
2010-12-07 13:16 . 2010-12-07 13:16 -------- d-----w- c:\documents and settings\HP_Owner.SEVILLA\Application Data\HP
2010-12-07 13:02 . 2007-11-05 23:06 278016 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5mu.dll
2010-12-07 13:02 . 2007-11-05 23:07 118272 ----a-w- c:\windows\system32\hpz3l5mu.dll
2010-12-07 12:33 . 2007-01-17 08:37 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-12-07 12:33 . 2007-01-17 08:37 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2010-12-07 12:33 . 2007-11-06 18:10 271704 ----a-w- c:\windows\system32\hpzids01.dll
2010-12-07 12:33 . 2007-10-31 02:35 729088 ----a-w- c:\windows\system32\hpwwiax4.dll
2010-12-07 12:33 . 2007-10-31 02:35 593920 ----a-w- c:\windows\system32\hpwtscl3.dll
2010-12-07 12:33 . 2007-01-17 08:37 364544 ----a-w- c:\windows\system32\hppldcoi.dll
2010-12-07 12:33 . 2007-01-17 08:37 309760 ----a-w- c:\windows\system32\difxapi.dll
2010-12-07 12:33 . 2007-01-17 08:31 294912 ----a-w- c:\windows\system32\hpovst11.dll
2010-12-05 17:18 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-05 17:18 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-05 17:18 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-05 17:18 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-05 17:18 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-12-05 17:18 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-12-05 17:18 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-12-05 17:18 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-05 17:18 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-05 16:33 . 2010-12-05 16:34 -------- d-----w- c:\documents and settings\HP_Owner.SEVILLA\Application Data\BitTorrent
2010-12-04 00:07 . 2010-12-04 01:41 -------- d-----w- c:\documents and settings\HP_Owner.SEVILLA\Local Settings\Application Data\Google
2010-12-04 00:07 . 2010-12-04 00:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-12-02 02:02 . 2010-12-02 02:02 -------- d-----w- c:\documents and settings\HP_Owner.SEVILLA\Local Settings\Application Data\HP
2010-11-28 03:56 . 2010-11-28 03:56 -------- d-----w- c:\windows\system32\LogFiles
2010-11-25 18:31 . 2010-12-16 01:18 -------- d-----w- c:\documents and settings\HP_Owner.SEVILLA\Local Settings\Application Data\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 20:51 . 2010-11-22 01:25 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 16:23 . 2010-10-07 16:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 16:23 . 2010-10-07 16:23 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 16:23 . 2010-10-07 16:23 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 16:23 . 2010-10-07 16:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-09-30 19:35 . 2005-11-03 23:12 73728 ----a-w- c:\windows\ALCFDRTM.VER
2006-12-05 01:30 . 2006-12-05 01:31 774144 ----a-w- c:\program files\RngInterstitial.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2002-01-04 15:09 . 2004-10-14 21:54 253952 c:\hp\drivers\hplsbwatcher\bak\lsburnwatcher.exe
2002-01-04 15:09 . 2004-10-14 21:54 253952 c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

2003-05-08 16:00 . 2003-05-08 16:00 49152 c:\program files\bak\OpwareSE2.exe

2005-11-03 03:01 . 2005-11-03 03:01 50792 c:\program files\Common Files\AOL\1147752597\ee\bak\AOLSoftware.exe

2005-11-30 15:40 . 2005-11-30 15:40 136808 c:\program files\Common Files\AOL\1147752597\ee\services\sscFirewallPlugin\ver1_10_3_1\bak\SSCRun.exe

2002-01-04 15:07 . 2002-01-04 15:07 180269 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
2002-01-04 15:07 . 2002-01-04 15:07 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

2004-06-07 18:53 . 2004-06-07 18:53 49152 c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\bak\hphupd06.exe
2004-06-07 18:53 . 2004-06-07 18:53 49152 c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

2002-01-04 14:45 . 2002-01-04 14:45 32881 c:\program files\Java\j2re1.4.2_03\bin\bak\jusched.exe
2002-01-04 14:45 . 2002-01-04 14:45 32881 c:\program files\Java\j2re1.4.2_03\bin\jusched.exe

2006-05-23 20:32 . 2005-11-04 21:49 988712 c:\program files\mcafee.com\personal firewall\bak\MPfTray.exe

2006-05-28 02:27 . 2004-11-11 04:15 111816 c:\program files\Viewpoint\Viewpoint Manager\bak\ViewMgr.exe

2004-04-14 20:43 . 2004-04-14 20:43 233472 c:\windows\SMINST\bak\RECGUARD.EXE
2004-04-14 20:43 . 2004-04-14 20:43 233472 c:\windows\SMINST\Recguard.exe

2002-01-04 14:48 . 1998-05-07 16:04 52736 c:\windows\system\bak\hpsysdrv.exe
2002-01-04 14:48 . 1998-05-07 16:04 52736 c:\windows\system\hpsysdrv.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
"{d664042c-ca70-48b6-afc9-24a4212d5e43}"= "c:\program files\WebfettiIE\bar\1.bin\ybSrcAs.dll" [2010-12-22 53248]

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

[HKEY_CLASSES_ROOT\clsid\{d664042c-ca70-48b6-afc9-24a4212d5e43}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0095C290-A428-4BDD-B98C-E0A116F1C702}]
2010-11-22 01:05 647168 ----a-w- c:\program files\Shop to Win 9\ShoppingBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2010-12-01 15:27 2735200 ----a-w- c:\program files\ZoneAlarm_Security\tbZone.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a504d73b-32d5-4b53-9dfc-0891be7653f0}]
2010-12-22 22:05 53248 ----a-w- c:\program files\WebfettiIE\bar\1.bin\ybSrcAs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d826715f-a629-4613-a641-5ca18e8b2f7a}]
2010-12-22 22:05 675840 ----a-w- c:\progra~1\WEBFET~2\bar\1.bin\ybbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
"{94fc3fb2-3e5c-4b8f-aaee-17090ce800bc}"= "c:\program files\WebfettiIE\bar\1.bin\ybbar.dll" [2010-12-22 675840]

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

[HKEY_CLASSES_ROOT\clsid\{94fc3fb2-3e5c-4b8f-aaee-17090ce800bc}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
"{94FC3FB2-3E5C-4B8F-AAEE-17090CE800BC}"= "c:\program files\WebfettiIE\bar\1.bin\ybbar.dll" [2010-12-22 675840]

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

[HKEY_CLASSES_ROOT\clsid\{94fc3fb2-3e5c-4b8f-aaee-17090ce800bc}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2002-01-04 32881]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 61952]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2002-01-04 180269]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"SoundMan"="SOUNDMAN.EXE" [2004-10-13 77824]
"AlcWzrd"="ALCWZRD.EXE" [2004-10-13 2742272]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-17 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-06-14 278528]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-09-02 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-09-02 738808]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Webfetti"="c:\progra~1\WEBFET~2\bar\1.bin\ybbar.dll" [2010-12-22 675840]
"WebfettiIE Browser Plugin Loader"="c:\progra~1\WEBFET~2\bar\1.bin\ybbrmon.exe" [2010-12-22 20480]

c:\documents and settings\Aracely\Start Menu\Programs\Startup\
HP Organize.lnk - c:\program files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2002-1-4 36864]

c:\documents and settings\HP_Owner.SEVILLA\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0a\aoltray.exe [2009-4-17 156784]
Auto Detect.lnk - c:\program files\iConcepts Music Express\MEAutoDetect.exe [2008-9-21 374104]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
SpySubtract.lnk - c:\program files\InterMute\SpySubtract\sslaunch.exe [2002-1-4 73728]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2002-1-4 45056]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/5/2010 1:18 PM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/5/2010 1:18 PM 17744]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [9/2/2010 8:26 AM 26872]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [9/2/2010 8:26 AM 493048]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/3/2010 8:08 PM 136176]
S2 WebfettiIEService;Webfetti Service;c:\progra~1\WEBFET~2\bar\1.bin\ybbarsvc.exe [12/22/2010 6:05 PM 28766]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-11-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-12-21 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2004-08-13 16:50]

2010-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-04 00:07]

2010-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-04 00:07]

2010-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3336513925-2205304878-719255350-1009Core1cac6718a1f0bd8.job
- c:\documents and settings\HP_Owner.SEVILLAHOME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-01 22:48]

2010-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3336513925-2205304878-719255350-1009UA.job
- c:\documents and settings\HP_Owner.SEVILLAHOME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-01 22:48]

2010-12-24 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-03-26 10:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZKxdm568YYus&ptb=A13D36CA-DC04-4386-8E88-0C69BED3B858
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
TCP: {0ECC7E3F-0561-49F6-91DD-645E548FFE70} = 167.206.245.130,167.206.245.129
FF - ProfilePath - c:\documents and settings\HP_Owner.SEVILLA\Application Data\Mozilla\Firefox\Profiles\7jew4l4q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - %profile%\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
FF - Ext: ZoneAlarm Security Engine: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\CheckPoint\ZAForceField\TrustChecker
.
- - - - ORPHANS REMOVED - - - -

AddRemove-PriceGong - c:\program files\PriceGong\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-24 19:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(584)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(640)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'explorer.exe'(3648)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\docume~1\HP_OWN~3.SEV\LOCALS~1\Temp\IadHide5.dll
c:\progra~1\WEBFET~2\bar\1.bin\ybbrstub.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\AGRSMMSG.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ALCWZRD.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wdfmgr.exe
c:\program files\InterMute\SpySubtract\SpySub.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2010-12-24 19:23:50 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-24 23:23
ComboFix2.txt 2010-12-20 17:37

Pre-Run: 111,315,169,280 bytes free
Post-Run: 111,531,700,224 bytes free

- - End Of File - - 6F665A59320C2893C942D89BDA5DAB79