1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Inactive] Redirect and System Check Malware

Discussion in 'Spyware, Adware, Viruses and Malware Removal' started by Idabobaho, Feb 21, 2012.

Thread Status:
Not open for further replies.
  1. Idabobaho

    Idabobaho Techie7 New Member

    Messages:
    15
    Operating System:
    Windows XP
    I'm trying to get rid of two malware infections on my computer. First is the redirect malware that redirects all my search results to random pages. Second is System Check. This thing got ahold of my computer and really messed things up. I was finally able to download and run Malwarebytes and have restored most functions on my computer. But I still have many folder and files that I can’t access, and there are still some shortcuts and favorites that have not restored.
    Thanks for the help

    Malwarebytes Anti-Malware 1.60.1.1000
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download
    Database version: v2012.02.17.02
    Windows XP Service Pack 3 x86 FAT32
    Internet Explorer 8.0.6001.18702
    Jan :: DELL [administrator]
    2/17/2012 9:22:43 AM
    mbam-log-2012-02-17 (09-22-43).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 354818
    Time elapsed: 1 hour(s), 10 minute(s), 6 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)

    GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
    Rootkit scan 2012-02-21 08:32:28
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HDS728080PLAT20 rev.PF2OA27A
    Running: v9n994os.exe; Driver: C:\DOCUME~1\Jan\LOCALS~1\Temp\pxtdapob.sys


    ---- System - GMER 1.0.15 ----

    SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF764787E]
    SSDT spgu.sys ZwEnumerateKey [0xF74FCDA4]
    SSDT spgu.sys ZwEnumerateValueKey [0xF74FD132]
    SSDT spgu.sys ZwOpenKey [0xF74E40C0]
    SSDT spgu.sys ZwQueryKey [0xF74FD20A]
    SSDT spgu.sys ZwQueryValueKey [0xF74FD08A]
    SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7647BFE]

    INT 0x62 ? 8A811BF8
    INT 0x63 ? 8A637BF8
    INT 0x73 ? 8A637BF8
    INT 0x73 ? 8A637BF8
    INT 0x82 ? 8A811BF8
    INT 0xB4 ? 8A637BF8

    ---- Kernel code sections - GMER 1.0.15 ----

    ? spgu.sys The system cannot find the file specified. !
    .text USBPORT.SYS!DllUnload B98D88AC 5 Bytes JMP 8A6371D8
    init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB97D0F80]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\Explorer.EXE[1840] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\WINDOWS\Explorer.EXE[1840] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\Program Files\LifePics\LifeSync\LifeSync.exe[1904] shell32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\Program Files\LifePics\LifeSync\LifeSync.exe[1904] shell32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[2816] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[2816] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe[2936] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe[2936] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\Program Files\Brother\ControlCenter2\brctrcen.exe[3128] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\Program Files\Brother\ControlCenter2\brctrcen.exe[3128] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[3204] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[3204] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\Documents and Settings\Jan\Desktop\v9n994os.exe[3280] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\Documents and Settings\Jan\Desktop\v9n994os.exe[3280] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\Program Files\DellSupport\DSAgnt.exe[3676] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text C:\Program Files\DellSupport\DSAgnt.exe[3676] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text c:\program files\common files\installshield\updateservice\isuspm.exe[3752] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 3000141E C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)
    .text c:\program files\common files\installshield\updateservice\isuspm.exe[3752] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001430 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corporation)

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A8132D8
    IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F750FDDC] spgu.sys
    IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F750FE30] spgu.sys
    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74E5042] spgu.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74E513E] spgu.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74E50C0] spgu.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74E5800] spgu.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74E56D6] spgu.sys
    IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A6372D8

    ---- Devices - GMER 1.0.15 ----

    Device 8A8101F8
    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device 8A0BA1F8
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\usbuhci \Device\USBPDO-0 8A4B81F8
    Device \Driver\usbuhci \Device\USBPDO-1 8A4B81F8
    Device \Driver\usbuhci \Device\USBPDO-2 8A4B81F8
    Device \Driver\usbehci \Device\USBPDO-3 8A6281F8

    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\USBSTOR \Device\00000062 8A1961F8
    Device \Driver\USBSTOR \Device\00000063 8A1961F8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 8A7A61F8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 8A7A61F8
    Device \Driver\Cdrom \Device\CdRom0 8A61F1F8
    Device \Driver\Cdrom \Device\CdRom1 8A61F1F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort0 [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\Ftdisk \Device\HarddiskVolume3 8A7A61F8
    Device \Driver\Ftdisk \Device\HarddiskVolume4 8A7A61F8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{1446A377-3821-403F-9A8F-4FAB79DC2928} 8A1F2500
    Device \Driver\NetBT \Device\NetBt_Wins_Export 8A1F2500
    Device \Driver\NetBT \Device\NetbiosSmb 8A1F2500

    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\usbuhci \Device\USBFDO-0 8A4B81F8
    Device \Driver\usbuhci \Device\USBFDO-1 8A4B81F8
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A1B11F8
    Device \Driver\usbuhci \Device\USBFDO-2 8A4B81F8
    Device 8A1B11F8
    Device \Driver\usbehci \Device\USBFDO-3 8A6281F8
    Device \Driver\Ftdisk \Device\FtControl 8A7A61F8

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Cdfs \Cdfs 8A06E500

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Classes\CLSID\{32C0D695-970E-464D-5B5C-F043F042CA9A}\InprocServer32@ C:\WINDOWS\system32\COMCTL32.OCX
    Reg HKLM\SOFTWARE\Classes\CLSID\{9F24EC95-B232-FBF6-D67B-4CF36A1144A7}\InprocServer32@ C:\Program Files\Musicmatch\Musicmatch Jukebox\MMRadioEngine.dll
    Reg HKLM\SOFTWARE\Classes\CLSID\{9F24EC95-B232-FBF6-D67B-4CF36A1144A7}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{9F24EC95-B232-FBF6-D67B-4CF36A1144A7}\ProgID@ MMRadioEngine.RadioEngineObj.1
    Reg HKLM\SOFTWARE\Classes\CLSID\{9F24EC95-B232-FBF6-D67B-4CF36A1144A7}\TypeLib@ {0C5D39A3-460B-11D4-ADE1-0050DACD3DB9}
    Reg HKLM\SOFTWARE\Classes\CLSID\{9F24EC95-B232-FBF6-D67B-4CF36A1144A7}\VersionIndependentProgID@ MMRadioEngine.RadioEngineObj
    Reg HKLM\SOFTWARE\Classes\CLSID\{D699BD77-1D24-645F-2FBC-5C3D1DB6FED7}\InProcServer32@ C:\WINDOWS\ime\sptip.dll
    Reg HKLM\SOFTWARE\Classes\CLSID\{D699BD77-1D24-645F-2FBC-5C3D1DB6FED7}\InProcServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{E4379E50-68C5-D33E-7FBA-56058C6AAC72}\InprocServer32@ C:\Program Files\Musicmatch\Musicmatch Jukebox\MusicNet\mninet20.dll
    Reg HKLM\SOFTWARE\Classes\CLSID\{E4379E50-68C5-D33E-7FBA-56058C6AAC72}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{E4379E50-68C5-D33E-7FBA-56058C6AAC72}\ProgID@ MNInetYahooMM.MNBrowseArtists.1
    Reg HKLM\SOFTWARE\Classes\CLSID\{E4379E50-68C5-D33E-7FBA-56058C6AAC72}\TypeLib@ {67D3F5B4-CF95-7E65-12A1-F45849F139A4}
    Reg HKLM\SOFTWARE\Classes\CLSID\{E4379E50-68C5-D33E-7FBA-56058C6AAC72}\VersionIndependentProgID@ MNInetYahooMM.MNBrowseArtists

    ---- EOF - GMER 1.0.15 ----
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
    Run by Jan at 8:54:08 on 2012-02-21
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.922 [GMT -7:00]
    .
    AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\rundll32.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\LifePics\LifeSync\LifeSync.exe
    C:\WINDOWS\system32\Brmfrmps.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Iomega\AutoDisk\ADService.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    c:\program files\common files\installshield\updateservice\isuspm.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\WINDOWS\system32\imapi.exe
    C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = <local>
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
    uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
    uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.shockwave.com/contentPlay/shockwave.jsp?id=dinerdash&refCode=&brand=ag"
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [SetDefPrt] c:\program files\brother\brmfl04b\BrStDvPt.exe
    mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
    mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
    mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
    mRun: [Iomega Drive Icons] c:\program files\iomega\driveicons\ImgIcon.exe
    mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [Deskup] c:\program files\iomega\driveicons\deskup.exe /IMGSTART
    mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
    mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
    mRun: [ADUserMon] c:\program files\iomega\autodisk\ADUserMon.exe
    mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [MsgCenterExe] "c:\program files\common files\real\update_ob\RealOneMessageCenter.exe" -osboot
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [LifeSync] c:\program files\lifepics\lifesync\LifeSync.exe caslevi224@yahoo.com
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [BEwayyOQwaSlI.exe] c:\documents and settings\all users\application data\BEwayyOQwaSlI.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    dRun: [wpoualqg] c:\documents and settings\networkservice\local settings\application data\jfbkafeha\vifwcnxtssd.exe
    dRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\riscor~1.lnk - c:\program files\risco readerkey2 client\rk2client.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    Trusted Zone: convergys.com\sharepoint
    Trusted Zone: google.com\www
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: myitlab.com
    Trusted Zone: pearsoncmg.com
    Trusted Zone: pearsoned.com
    Trusted Zone: musicmatch.com\online
    DPF: PUFLITE - hxxp://2levis.point2agent.com/Office/ColpaControls/Photo/Control/PUFLITE.CAB
    DPF: {00110000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://docimg.co.utah.ut.us/bmiweb/controls/ltocx11n.cab
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://uvapps.uvsc.edu/ScriptX/smsx.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB40} - hxxp://161.28.215.210/home/SonySncZ20View.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://161.28.166.230/activex/AxisCamControl.cab
    DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://pcpitstop.com/mhLbl.cab
    DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
    DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} - hxxp://161.28.163.226/activex/AMC.cab
    DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://maceys.lifepics.com/net/Uploader/LPUploader57.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CCA0B877-CB5E-4ADC-AD30-457C379512DD} - hxxp://uvscnet.com/cameras/xplugLiteAL.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://download-games.pogo.com/online2/pogo/diner_dash/DinerDash.1.0.0.80.cab
    DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://161.28.215.212/activex/AMC.cab
    DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://games.pogo.com/online2/pogo/zuma/popcaploader_v5.cab
    DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} - hxxp://qmedia.xlontech.net/100170/sdk/latest/qsp2ie06041001.cab
    DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} - hxxp://66.237.84.30/user/TSBnwCam.CAB
    TCP: DhcpNameServer = 160.7.240.20 160.7.240.4
    TCP: Interfaces\{1446A377-3821-403F-9A8F-4FAB79DC2928} : DhcpNameServer = 160.7.240.20 160.7.240.4
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: igfxcui - igfxdev.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\jan\application data\mozilla\firefox\profiles\3na5t7aa.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\documents and settings\jan\application data\move networks\plugins\npqmp071505000010.dll
    FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-7-15 64512]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-3 335240]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-3 27784]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-3 108552]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-5-3 908056]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-3 297752]
    R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-6-20 2152152]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-6-20 15232]
    S1 MpKsl2f7a35e9;MpKsl2f7a35e9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{49402ecb-c49d-4155-b0e7-02e27255437a}\mpksl2f7a35e9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{49402ecb-c49d-4155-b0e7-02e27255437a}\MpKsl2f7a35e9.sys [?]
    S1 MpKsl5a88931f;MpKsl5a88931f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0380a1c2-a655-41fe-982a-e48eefbf0812}\mpksl5a88931f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0380a1c2-a655-41fe-982a-e48eefbf0812}\MpKsl5a88931f.sys [?]
    S1 MpKsl647518f9;MpKsl647518f9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0265be02-992c-4f2e-92c4-0339edc21047}\mpksl647518f9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0265be02-992c-4f2e-92c4-0339edc21047}\MpKsl647518f9.sys [?]
    S1 MpKsl6a240e17;MpKsl6a240e17;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0d2e2eea-3f05-4ba2-a22f-84dd301cc77a}\mpksl6a240e17.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0d2e2eea-3f05-4ba2-a22f-84dd301cc77a}\MpKsl6a240e17.sys [?]
    S1 MpKslb87078dc;MpKslb87078dc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{889e0cf4-357f-41c7-b75c-eb5e198c76c5}\mpkslb87078dc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{889e0cf4-357f-41c7-b75c-eb5e198c76c5}\MpKslb87078dc.sys [?]
    S1 MpKslcca61cef;MpKslcca61cef;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fc542c36-d7b4-4364-ae27-9cba6cb76053}\mpkslcca61cef.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fc542c36-d7b4-4364-ae27-9cba6cb76053}\MpKslcca61cef.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1c988f24423eabc;Google Update Service (gupdate1c988f24423eabc);c:\program files\google\update\GoogleUpdate.exe [2009-2-7 133104]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-7 133104]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
    .
    =============== Created Last 30 ================
    .
    2012-02-14 13:58:59 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-01-22 16:23:59 -------- d--h--w- c:\documents and settings\jan\local settings\application data\Amazon
    2012-01-22 16:23:38 -------- d-----w- c:\program files\Amazon
    .
    ==================== Find3M ====================
    .
    2012-02-16 16:08:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-02-16 16:08:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-02-13 19:52:04 104 --sh--r- c:\windows\system32\11F256692C.sys
    2012-02-13 19:52:03 5018 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2011-12-10 22:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-06 17:08:21 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-25 21:57:19 293376 ---ha-w- c:\windows\system32\winsrv.dll
    2007-08-13 21:07:14 532480 -c-ha-w- c:\program files\CWShredder.exe
    2006-01-25 01:31:18 11817800 -c--a-w- c:\program files\GoogleEarth.exe
    .
    ============= FINISH: 9:04:12.46 ===============

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/25/2005 1:09:14 PM
    System Uptime: 2/20/2012 10:24:59 PM (11 hours ago)
    .
    Motherboard: Dell Computer Corp. | | 0CF458
    Processor: Intel(R) Celeron(R) CPU 2.53GHz | Microprocessor | 2527/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 71 GiB total, 8.039 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    H: is FIXED (FAT32) - 466 GiB total, 384.89 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP204: 1/20/2012 9:49:55 AM - Removed TurboTax 2008 WinPerUserEducation
    RP205: 1/20/2012 9:50:38 AM - Removed TurboTax 2008 WinPerProgramHelp
    RP206: 1/20/2012 9:51:35 AM - Removed TurboTax 2008 WinPerTaxSupport
    RP207: 1/20/2012 9:52:15 AM - Removed TurboTax 2008 WinPerFedFormset
    RP208: 1/20/2012 9:53:06 AM - Removed TurboTax 2008 WinPerReleaseEngine
    RP209: 1/20/2012 9:54:59 AM - Removed TurboTax 2008 wrapper
    RP210: 1/20/2012 10:02:05 AM - Removed Scrabble 2
    RP211: 1/20/2012 10:03:57 AM - Configured DIY Deck Designer 6.5.4 - The Home Depot
    RP212: 1/21/2012 12:10:06 PM - System Checkpoint
    RP213: 1/22/2012 12:36:23 PM - System Checkpoint
    RP214: 1/23/2012 1:36:11 PM - System Checkpoint
    RP215: 1/24/2012 2:36:11 PM - System Checkpoint
    RP216: 1/25/2012 3:52:10 PM - System Checkpoint
    RP217: 1/26/2012 9:40:13 AM - Avg8 Update
    RP218: 1/26/2012 9:41:58 AM - Avg8 Update
    RP219: 1/27/2012 10:25:51 AM - System Checkpoint
    RP220: 1/28/2012 10:36:13 AM - System Checkpoint
    RP221: 1/29/2012 10:37:22 AM - System Checkpoint
    RP222: 1/30/2012 11:36:23 AM - System Checkpoint
    RP223: 1/31/2012 12:29:54 PM - System Checkpoint
    RP224: 2/1/2012 1:41:38 PM - System Checkpoint
    RP225: 2/2/2012 2:30:03 PM - System Checkpoint
    RP226: 2/3/2012 3:30:03 PM - System Checkpoint
    RP227: 2/4/2012 3:48:37 PM - System Checkpoint
    RP228: 2/4/2012 5:20:12 PM - Installed TurboTax 2011 wrapper
    RP229: 2/5/2012 5:29:43 PM - System Checkpoint
    RP230: 2/6/2012 6:29:38 PM - System Checkpoint
    RP231: 2/7/2012 9:18:59 AM - Installed TurboTax 2011 wutiper
    RP232: 2/8/2012 9:42:14 AM - System Checkpoint
    RP233: 2/9/2012 10:05:22 AM - System Checkpoint
    RP234: 2/10/2012 10:29:34 AM - System Checkpoint
    RP235: 2/11/2012 10:34:49 AM - System Checkpoint
    RP236: 2/12/2012 11:30:40 AM - System Checkpoint
    RP237: 2/13/2012 2:21:26 PM - System Checkpoint
    RP238: 2/14/2012 2:45:23 PM - System Checkpoint
    RP239: 2/15/2012 3:45:15 PM - System Checkpoint
    RP240: 2/16/2012 9:07:42 AM - Removed Java(TM) 6 Update 10
    RP241: 2/16/2012 9:08:35 AM - Installed Java(TM) 6 Update 31
    RP242: 2/17/2012 10:07:56 AM - System Checkpoint
    RP243: 2/18/2012 10:46:36 AM - System Checkpoint
    RP244: 2/19/2012 11:01:07 AM - System Checkpoint
    RP245: 2/20/2012 11:51:55 AM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    .
    A Fresh Start Quick Pages-(LeeLou)
    Active Disk
    Ad-Aware
    Adobe AIR
    Adobe Community Help
    Adobe Download Assistant
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Photoshop CS5.1
    Adobe Premiere Pro CS5.5
    Adobe Reader 8.3.1
    Adobe Shockwave Player 11.5
    Adobe® Photoshop® Album Starter Edition 3.2
    All I Want for Christmas Pack
    Amazon Kindle
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Autumn Flair
    AVG Free 8.5
    AXIS Media Control Embedded
    Batty Backgrounds
    Big Fish Games: Game Manager
    Birthday Flair
    Bonjour
    Brother 1440
    Brother MFL-Pro Suite
    Brownie
    CCleaner (remove only)
    CCScore
    Celebrate Summer Extras
    Christel's Wedding Frame
    Christmas Snow
    Classmates
    ColorDot Papers
    Corel Photo Album 6
    Cottage Dreams Cluster Single
    Coupon Printer for Windows
    Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dell Digital Jukebox Driver
    Dell Driver Reset Tool
    Dell System Restore
    DellSupport
    Diner Dash
    Dirty Denim Monograms
    Empty Nest Quick Page
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESShelp
    ESSini
    ESSPCD
    ESSPDock
    ESSSONIC
    ESSTOOLS
    essvatgt
    essvcpt
    Family Feud
    Fleur de Lis
    Flower Doodles
    Flower Shoppe
    Google Earth
    Google Update Helper
    GroupWise
    Happy Go Lucky Papers
    HLPPDOCK
    Holiday Glow
    Honeycomb Solids-(StyRock)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format SDK (KB902344)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Hugs and Kisses Quick Page 2-(paperst)
    Intel(R) Extreme Graphics 2 Driver
    Intel(R) PRO Network Adapters and Drivers
    Intel(R) PROSet for Wired Connections
    InterActual Player
    Internet Explorer Default Page
    IomegaWare 4.0.3
    It Happened This Year Borders
    iTunes
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java 2 Runtime Environment, SE v1.4.2_03
    Java Auto Updater
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 31
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1
    Jingle Bells Extras-(MagsGfx)
    kgcbaby
    kgcbase
    kgchday
    kgchlwn
    kgcinvt
    kgckids
    kgcmove
    kgcvday
    Kitty and Tweet Quick Page
    Kodak EasyShare software
    KSU
    LDS Activities 7.2
    Learn2 Player (Uninstall Only)
    LifeSync
    Little Princess Quick Page
    Lovable Huggable You
    Loved Ones Extras
    Loving You 2
    Macromedia Flash Player
    Malwarebytes Anti-Malware version 1.60.1.1000
    Maple
    Marble Drop
    McAfee Security Scan Plus
    MCU
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft MSDN 2005 Express Edition - ENU
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 14
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual Basic 2005 Express Edition - ENU
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    Moment
    Move Media Player
    Mozilla Firefox 10.0.2 (x86 en-US)
    MS Access 97 SP2
    MSN
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB954459)
    Musicmatch® Jukebox
    My Memories Suite 2.0
    MyITLab ActiveX Installer 2, 9, 8, 65535
    Never Stop Smiling Quick Page
    Notifier
    OfotoXMI
    OTtBP
    OTtBPSDK
    PaperPort
    Passion Pink-(bryan73)
    PDF Settings CS5
    PowerDVD 5.5
    Pumpkin Flair-(StyRock)
    PxMergeModule
    QuickTime
    RealPlayer
    RealUpgrade 1.0
    Revo Uninstaller 1.89
    Roots and Branches Quick Page Sampler
    SA30xx Device Manager
    SA30xx Media Converter
    Scarecrow Wannabe Quick Page
    Scripture Heroes Word Art
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2416400)
    Security Update for Windows Internet Explorer 7 (KB2482017)
    Security Update for Windows Internet Explorer 7 (KB2497640)
    Security Update for Windows Internet Explorer 7 (KB2530548)
    Security Update for Windows Internet Explorer 7 (KB2544521)
    Security Update for Windows Internet Explorer 7 (KB2559049)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SFR
    SHASTA
    Sibelius Scorch (ActiveX Only)
    SimCity 3000 Unlimited
    SKIN0001
    SKINXSDK
    Snow in Love Quick Page
    Sonic DLA
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    Splendor Quick Page
    Spring It On Extras
    Stars & Stripes Monograms
    staticcr
    Theme Hospital
    This is My Day!
    Transverse
    TurboTax 2009
    TurboTax 2009 WinPerFedFormset
    TurboTax 2009 WinPerReleaseEngine
    TurboTax 2009 WinPerTaxSupport
    TurboTax 2009 wrapper
    TurboTax 2009 wutiper
    TurboTax 2011
    TurboTax 2011 WinPerFedFormset
    TurboTax 2011 WinPerReleaseEngine
    TurboTax 2011 WinPerTaxSupport
    TurboTax 2011 wrapper
    TurboTax 2011 wutiper
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
    Update for Microsoft Outlook Social Connector (KB2583935)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2616676-v2)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Vine Overlay
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VPRINTOL
    WD Diagnostics
    WebCyberCoach 3.2 Dell
    WebFldrs XP
    Windows Defender
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format Runtime
    Windows Media Player 10
    Windows Media Player 10 Hotfix - KB895316
    Windows NT Messaging
    Windows PowerShell(TM) 1.0
    Windows XP Service Pack 3
    WIRELESS
    WordPerfect Office 12
    Worn Paper Pack
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/21/2012 8:54:30 AM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
    2/20/2012 11:22:27 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    2/20/2012 11:09:42 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    2/20/2012 10:32:49 PM, error: System Error [1003] - Error code 1000007f, parameter1 0000000d, parameter2 00000000, parameter3 00000000, parameter4 00000000.
    2/17/2012 7:42:38 PM, error: Dhcp [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 001320AEE419 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    2/14/2012 7:43:47 AM, error: Service Control Manager [7022] - The Intuit Update Service v4 service hung on starting.
    2/14/2012 7:41:17 PM, error: Dhcp [1002] - The IP address lease 192.168.1.106 for the Network Card with network address 001320AEE419 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    2/14/2012 6:41:05 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
    .
    ==== End Of File ===========================
  2. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Messages:
    7,347
    Operating System:
    Windows 8
    Please, observe following rules:

    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.


    =============================================================

    You're running 3 AV programs, Lavasoft Ad-Watch Live! Anti-Virus, AVG and MSE.
    TWO of them have to go.
    If AVG is one of them use AVG Remover to uninstall it: AVG - Download tools and utilities

    I still need aswMBR log.
  3. Idabobaho

    Idabobaho Techie7 New Member

    Messages:
    15
    Operating System:
    Windows XP
    I'm removing AVG and Lavasoft. I haven't been able to run MSE (Microsoft Security Essentials) since the redirect malware got ahold of things. I uninstalled it and reinstalled it, but couldn't even find it to run it. Heres the aswMBR log.

    aswMBR version 0.9.9.1618 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-21 08:35:44
    -----------------------------
    08:35:44.656 OS Version: Windows 5.1.2600 Service Pack 3
    08:35:44.656 Number of processors: 1 586 0x401
    08:35:44.656 ComputerName: DELL UserName: Jan
    08:36:26.734 Initialize success
    08:44:00.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    08:44:00.968 Disk 0 Vendor: HDS728080PLAT20 PF2OA27A Size: 76293MB BusType: 3
    08:44:01.156 Disk 0 MBR read successfully
    08:44:01.156 Disk 0 MBR scan
    08:44:01.156 Disk 0 unknown MBR code
    08:44:01.171 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 31 MB offset 63
    08:44:01.187 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 73076 MB offset 64260
    08:44:01.234 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3176 MB offset 149725800
    08:44:01.328 Disk 0 scanning sectors +156232125
    08:44:01.703 Disk 0 scanning C:\WINDOWS\system32\drivers
    08:44:35.843 Service scanning
    08:47:23.484 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
    08:47:43.656 Modules scanning
    08:48:25.531 Disk 0 trace - called modules:
    08:48:26.078 ntoskrnl.exe CLASSPNP.SYS DISK.SYS iomdisk.sys hal.dll atapi.sys spgu.sys >>UNKNOWN [0x8a7c5938]<<
    08:48:26.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a760ab8]
    08:48:26.078 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> [0x8a737d78]
    08:48:26.093 5 iomdisk.sys[f7717bc3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a80fd98]
    08:48:26.093 Scan finished successfully
    08:52:58.296 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jan\Desktop\MBR.dat"
    08:52:58.296 The log file has been saved successfully to "C:\Documents and Settings\Jan\Desktop\aswMBR.txt"
  4. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Messages:
    7,347
    Operating System:
    Windows 8
    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.



    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.


    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"

    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  5. Idabobaho

    Idabobaho Techie7 New Member

    Messages:
    15
    Operating System:
    Windows XP
    Here is the Combofix log

    ComboFix 12-02-21.02 - Jan 02/21/2012 19:21:26.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1324 [GMT -7:00]
    Running from: c:\documents and settings\Jan\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\~FjjsPPOSZAHujl
    c:\documents and settings\All Users\Application Data\~FjjsPPOSZAHujlr
    c:\documents and settings\All Users\Application Data\Dell
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\AxInterop.SHDocVw.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\BackgroundCopyManager.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\da-DK\TransferAgent.resources.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\da\TransferAgent.resources.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\de-DE\TransferAgent.resources.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\de\TransferAgent.resources.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\en-US\TransferAgent.resources.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\en\TransferAgent.resources.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\es-ES\TransferAgent.resources.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\es\TransferAgent.resources.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\fi-FI\TransferAgent.resources.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\fi\TransferAgent.resources.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\fr-FR\TransferAgent.resources.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\fr\TransferAgent.resources.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\Interop.SHDocVw.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\it-IT\TransferAgent.resources.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\it\TransferAgent.resources.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\ja-JP\TransferAgent.resources.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\ja\TransferAgent.resources.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\ko-KR\TransferAgent.resources.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\ko\TransferAgent.resources.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\Microsoft.Msdn.Samples.BITS.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details.html
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_da-DK.html
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_de-DE.html
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_en-US.htm
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_en-US.html
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_en.html
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_es-ES.html
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_fi-FI.html
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_fr-FR.html
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_it-IT.html
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_ja-JP.html
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_ko-KR.html
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_nb-NO.html
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_nl-BE.html
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_nl-NL.html
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_pt-BR.html
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_sv-FI.html
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_sv-SE.html
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_zh-CN.html
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_zh-HK.html
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_zh-TW.html
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\nb-NO\TransferAgent.resources.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\nl-BE\TransferAgent.resources.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\nl-NL\TransferAgent.resources.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\nl\TransferAgent.resources.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\nn-NO\TransferAgent.resources.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\no\TransferAgent.resources.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\pt-BR\TransferAgent.resources.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\pt\TransferAgent.resources.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\SIDUtilities.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\sv-FI\TransferAgent.resources.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\sv-SE\TransferAgent.resources.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\sv\TransferAgent.resources.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe.config
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\zh-CHS\TransferAgent.resources.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\zh-CHT\TransferAgent.resources.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\zh-CN\TransferAgent.resources.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\zh-HK\TransferAgent.resources.dll
    c:\documents and settings\All Users\Application Data\Dell\TransferAgent\zh-TW\TransferAgent.resources.dll
    c:\documents and settings\All Users\Application Data\FjjsPPOSZAHujl
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Cheryl\WINDOWS
    c:\documents and settings\Jan\eqffw32.dll
    c:\documents and settings\Jan\eqfow32.dll
    c:\documents and settings\Jan\eqfow32a.dll
    c:\documents and settings\Jan\eqfow32b.dll
    c:\documents and settings\Jan\eqfow32c.dll
    c:\documents and settings\Jan\ProcessMSV8Dgn.exe
    c:\documents and settings\Jan\Start Menu\Programs\System Check
    c:\documents and settings\Jan\Start Menu\Programs\System Check\System Check.lnk
    c:\documents and settings\Jan\Start Menu\Programs\System Check\Uninstall System Check.lnk
    c:\documents and settings\Jan\WINDOWS
    c:\documents and settings\Marshall\WINDOWS
    c:\documents and settings\Paige\WINDOWS
    c:\documents and settings\Tara\WINDOWS
    c:\program files\Common Files\rizo
    c:\program files\Common Files\rizo\rizoa.lck
    c:\program files\Common Files\rizo\rizod\class-barrel
    c:\program files\Common Files\rizo\rizoh
    c:\program files\Common Files\rizo\rizol.lck
    c:\program files\Common Files\rizo\rizom.lck
    c:\program files\Common Files\rizo\rizop.lck
    c:\program files\outlook
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\cup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\customer_cup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\heart.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_down.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_up.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\plates.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\ticket.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\tray.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\music\mainmenumusic.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_bring_check_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_diner.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_food_ready_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_gain_heart_1.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pencil_write_2.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_rollover_1.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_seat_people_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\choosedifficulty.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\credits.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_lose.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_win.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help1.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help2.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\highscores.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro_mask.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover_mask.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\mainmenu.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup_mask.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradegrid.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradetitle.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upsell.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalk.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalkup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancel.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancelup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\close.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\closeup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continueover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplay.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplayover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfo.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfoup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off_on.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on_on.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pause.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pauseover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quit.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgame.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgameover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegame.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegameover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submit.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submitup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagain.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagainover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_up.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobal.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobalup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscore.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscoreon.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocal.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocalup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\comics\webcomic.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\career.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\customer.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\endless.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\global.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\powerups.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\stove.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\arrow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click2.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\grab.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\open.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\arial.mvec
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\komikaaxis.mvec
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt2top.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt4top.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_off.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on1.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on2.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdown.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdownon.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowleft.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowlefton.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowright.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowrighton.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowupon.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\p1icon.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\textedit.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\title.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_a.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_b.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_c.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_a.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_b.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_c.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_d.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_a.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_b.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_c.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_d.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fifth_level_diner.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\first_level_diner.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fourth_level_diner.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\second_level_diner.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\playfirst_logo.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\background.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\frames\upgrade_0001.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\upgrades.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\tableshadow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\choosedifficulty.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooseplayer.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooserestaurant.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\credits.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\game.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\gothighscore.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help2.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscore.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoreinfo.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoresubmit.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelintro.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelover.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\loading.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainloop.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainmenu.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\ok.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\pause.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\style.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\tutorialintro.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upgrade.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upsell.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\webcomic.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\yesno.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\aol_logo.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\gamelabsplash.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\playfirst_logo.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\strings.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\check.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\checkmark.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\clock.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closed.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closingtime.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\dollar.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\coffee.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\tables.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\wallpaper.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expert.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expertscore.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\fork_timer.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\goalcompleted.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level_career.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\score.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\sound.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staroff.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staron.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumber.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumberup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\traynumber.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorial_character.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialarrow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialbox.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\drinks.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\maitred.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\oven.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\select.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\shoes.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\stereo.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\table.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\dinerdash.exe
    c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
    c:\windows\Downloaded Program Files\popcaploader.inf
    c:\windows\EventSystem.log
    c:\windows\system32\micro1
    H:\autorun.inf
    H:\setup.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-22 to 2012-02-22 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-14 13:58 . 2012-02-14 13:58 -------- d-----w- C:\TDSSKiller_Quarantine
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-16 16:08 . 2007-04-20 17:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-02-16 16:08 . 2010-07-19 20:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-12-10 22:24 . 2010-07-02 02:34 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-06 17:08 . 2011-08-17 18:24 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-25 21:57 . 2004-08-10 18:51 293376 ---ha-w- c:\windows\system32\winsrv.dll
    2007-08-13 21:07 . 2007-08-13 21:07 532480 -c-ha-w- c:\program files\CWShredder.exe
    2006-01-25 01:31 . 2006-01-25 01:30 11817800 -c--a-w- c:\program files\GoogleEarth.exe
    2012-02-20 00:41 . 2011-11-12 16:34 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
    "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
    "SetDefPrt"="c:\program files\Brother\Brmfl04b\BrStDvPt.exe" [2004-05-25 49152]
    "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
    "MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-10-06 110592]
    "MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-10-06 8192]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
    "Iomega Drive Icons"="c:\program files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 86016]
    "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
    "Deskup"="c:\program files\Iomega\DriveIcons\deskup.exe" [2002-07-16 32768]
    "Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
    "ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
    "ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 147456]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
    "MsgCenterExe"="c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [2010-03-24 75320]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "LifeSync"="c:\program files\LifePics\LifeSync\LifeSync.exe" [2010-05-28 9171384]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    Risco ReaderKEY2 Client.lnk - c:\program files\Risco ReaderKEY2 Client\rk2client.exe [N/A]
    .
    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source= c:\program files\MSN\rtememo.html
    FriendlyName=
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Novell\\GroupWise\\grpwise.exe"=
    "c:\\Novell\\GroupWise\\notify.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "h:\\World of Warcraft\\Launcher.exe"=
    "h:\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
    "h:\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
    "h:\\World of Warcraft\\BackgroundDownloader.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6112:TCP"= 6112:TCP:Blizzard Downloader
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
    .
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/5/2011 6:58 PM 691696]
    R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
    S1 MpKsl2f7a35e9;MpKsl2f7a35e9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{49402ECB-C49D-4155-B0E7-02E27255437A}\MpKsl2f7a35e9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{49402ECB-C49D-4155-B0E7-02E27255437A}\MpKsl2f7a35e9.sys [?]
    S1 MpKsl5a88931f;MpKsl5a88931f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0380A1C2-A655-41FE-982A-E48EEFBF0812}\MpKsl5a88931f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0380A1C2-A655-41FE-982A-E48EEFBF0812}\MpKsl5a88931f.sys [?]
    S1 MpKsl647518f9;MpKsl647518f9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0265BE02-992C-4F2E-92C4-0339EDC21047}\MpKsl647518f9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0265BE02-992C-4F2E-92C4-0339EDC21047}\MpKsl647518f9.sys [?]
    S1 MpKsl6a240e17;MpKsl6a240e17;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0D2E2EEA-3F05-4BA2-A22F-84DD301CC77A}\MpKsl6a240e17.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0D2E2EEA-3F05-4BA2-A22F-84DD301CC77A}\MpKsl6a240e17.sys [?]
    S1 MpKslb87078dc;MpKslb87078dc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{889E0CF4-357F-41C7-B75C-EB5E198C76C5}\MpKslb87078dc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{889E0CF4-357F-41C7-B75C-EB5E198C76C5}\MpKslb87078dc.sys [?]
    S1 MpKslcca61cef;MpKslcca61cef;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FC542C36-D7B4-4364-AE27-9CBA6CB76053}\MpKslcca61cef.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FC542C36-D7B4-4364-AE27-9CBA6CB76053}\MpKslcca61cef.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
    S2 gupdate1c988f24423eabc;Google Update Service (gupdate1c988f24423eabc);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2009 12:04 AM 133104]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2009 12:04 AM 133104]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 10:15 AM 31125880]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 12:37 PM 517096]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
    S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - Lavasoft Kernexplorer
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-21 c:\windows\Tasks\AdobeAAMUpdater-1.0-DELL-Jan.job
    - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-11-13 00:42]
    .
    2012-02-15 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]
    .
    2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 07:03]
    .
    2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 07:03]
    .
    2012-02-21 c:\windows\Tasks\LifeSync.job
    - c:\program files\LifePics\LifeSync\LifeSync.exe [2010-05-28 20:24]
    .
    2012-02-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-193927594-1547177712-2939904102-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]
    .
    2012-02-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-193927594-1547177712-2939904102-1015.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]
    .
    2012-02-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-193927594-1547177712-2939904102-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]
    .
    2012-02-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-193927594-1547177712-2939904102-1015.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = <local>
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
    Trusted Zone: convergys.com\sharepoint
    Trusted Zone: google.com\www
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: myitlab.com
    Trusted Zone: pearsoncmg.com
    Trusted Zone: pearsoned.com
    Trusted Zone: musicmatch.com\online
    TCP: DhcpNameServer = 160.7.240.20 160.7.240.4
    DPF: PUFLITE - hxxp://2levis.point2agent.com/Office/ColpaControls/Photo/Control/PUFLITE.CAB
    DPF: {00110000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://docimg.co.utah.ut.us/bmiweb/controls/ltocx11n.cab
    DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
    DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} - hxxp://161.28.163.226/activex/AMC.cab
    DPF: {CCA0B877-CB5E-4ADC-AD30-457C379512DD} - hxxp://uvscnet.com/cameras/xplugLiteAL.cab
    DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://download-games.pogo.com/online2/pogo/diner_dash/DinerDash.1.0.0.80.cab
    DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://161.28.215.212/activex/AMC.cab
    DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} - hxxp://qmedia.xlontech.net/100170/sdk/latest/qsp2ie06041001.cab
    DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} - hxxp://66.237.84.30/user/TSBnwCam.CAB
    FF - ProfilePath - c:\documents and settings\Jan\Application Data\Mozilla\Firefox\Profiles\3na5t7aa.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-BEwayyOQwaSlI.exe - c:\documents and settings\All Users\Application Data\BEwayyOQwaSlI.exe
    HKU-Default-RunOnce-AutoLaunch - c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe
    Notify-avgrsstarter - avgrsstx.dll
    SafeBoot-AVG Anti-Spyware Driver
    SafeBoot-AVG Anti-Spyware Guard
    AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2012-02-21 20:06
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
    "value"="?\03\05\13\0d0\0cO"
    .
    Completion time: 2012-02-21 20:27:23
    ComboFix-quarantined-files.txt 2012-02-22 03:27
    ComboFix2.txt 2007-08-10 00:20
    .
    Pre-Run: 9,233,924,096 bytes free
    Post-Run: 14,528,823,296 bytes free
    .
    - - End Of File - - 001D34423427467D2FC49725C8F0EAB4
  6. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Messages:
    7,347
    Operating System:
    Windows 8
    Looks good.

    How is computer doing?

    If MSE is not working see if you can reinstall it.

    Then....

    Download OTL to your Desktop.


    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:



    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop



    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  7. Idabobaho

    Idabobaho Techie7 New Member

    Messages:
    15
    Operating System:
    Windows XP
    Things are much improved, thank you. MSE seems to be working, no more redirects, and the lingering effects of System Check seem to be gone, i.e. desktop icons appear normal and the remaining files, favoirtes, and shortcuts are all restored. I downloaded OTL, but I cant get it to run. I get an error "Exception EOleSysError in module OTL.exe at 00571A5. Class not registered." I deleted it and downloaded again, same error. Also, and I dont know if this is related to what we have done, the sound on my computer has really crapped out. For lack of a better term, it sounds really crackly and distorted.
  8. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Messages:
    7,347
    Operating System:
    Windows 8
    Download BTKR_RunBox to your desktop.

    Double click on downloaded BTKR_RunBox.exe file.
    Small RunBox DOS window will open.
    Press any key to continue.
    Press "1" to select "Run a scan with Bootkit Remover" option.
    Press "Enter".
    Press "Enter" one more time to generate log.
    Click OK, IF any "Warning" message pops up.
    Notepad will open with Bootkit Remover log.
    Copy the content and post it in your next reply.
    In RunBox press "4" then Enter to exit it.

    NOTE. In case you lost the log it's also located on your desktop as "scan.txt"

    ===========================================================


    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Click on SCAN.
      [/b]
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
  9. Idabobaho

    Idabobaho Techie7 New Member

    Messages:
    15
    Operating System:
    Windows XP
    Here are those logs

    Bootkit Remover
    (c) 2009 eSage Lab
    Esage Lab - Digital security research and consulting - Main
    Program version: 1.2.0.0
    OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`01f60800
    Boot sector MD5 is: e7e6f498a5aad54bc8d066e2192a8456

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>

    Done;


    RogueKiller V7.1.0 [02/15/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: RogueKiller - Geeks to Go Forums
    Blog: tigzy-RK

    Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User: Jan [Admin rights]
    Mode: Scan -- Date: 02/21/2012 23:49:50

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 5 ¤¤¤
    [PROXY IE] HKLM\[...]\Internet Settings : ProxyServer (hxxp=localhost:7171) -> FOUND
    [PROXY IE] HKLM\[...]\Internet Settings : ProxyEnable (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: HDS728080PLAT20 +++++
    --- User ---
    [MBR] d06eb76b96488697c3dec4a5670a5599
    [BSP] b72667633f4c7c2babf1970635a88ab8 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 31 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 64260 | Size: 73076 Mo
    2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 149725800 | Size: 3176 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: WD 5000AAV External USB Device +++++
    --- User ---
    [MBR] 07886398f5223b638cfda8b3ebd2ffd6
    [BSP] 96545aae4c3a8e5d84fbb99372be0652 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt
  10. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Messages:
    7,347
    Operating System:
    Windows 8
    1. Download Security Check from HERE, and save it to your Desktop.

    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.



    3. Download Temp File Cleaner (TFC)

    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.



    4. Please run a free online scan with the ESET Online Scanner


    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  11. Idabobaho

    Idabobaho Techie7 New Member

    Messages:
    15
    Operating System:
    Windows XP
    Here are the logs from these scans. I ran the Temp File Cleaner too. I still get the same error (Exception EOleSysError in module OTL.exe at 00571A5. Class not registered) when I try to run OTL.

    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    McAfee Security Scan Plus
    Microsoft Security Essentials
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Windows Defender
    CCleaner (remove only)
    Java(TM) 6 Update 31
    Java(TM) SE Runtime Environment 6 Update 1
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java 2 Runtime Environment, SE v1.4.2_03
    Out of date Java installed!
    Adobe Flash Player ( 10.3.183.5) Flash Player Out of Date!
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Microsoft Security Client Antimalware MsMpEng.exe
    ``````````End of Log````````````


    Farbar Service Scanner Version: 22-02-2012
    Ran by Jan (administrator) on 22-02-2012 at 22:00:57
    Running from "C:\Documents and Settings\Jan\Desktop"
    Microsoft Windows XP Home Edition Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
    0x080000000400000001000000020000000300000056000000050000000600000007000000
    IpSec Tag value is correct.

    **** End of log ****

    ESET Online Scanner Log
    C:\TDSSKiller_Quarantine\14.02.2012_06.57.50\mbr0000\tdlfs0000\tsk0003.dta
  12. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Messages:
    7,347
    Operating System:
    Windows 8
    Uninstall:
    Java(TM) SE Runtime Environment 6 Update 1
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java 2 Runtime Environment, SE v1.4.2_03

    Update Adobe Flash Player
    Download the Latest Adobe Flash for Firefox and IE Without Any Extras: Download the Latest Adobe Flash for Firefox and IE Without Any Extras

    =========================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL


    • Under the Custom Scans/Fixes box at the bottom, paste in the following:


    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.


    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:


    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.


    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): Safe Browsing Tool | WOT (Web of Trust). It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): Free Computer Security - Personal Software Inspector (PSI) - Secunia. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: How did I get infected?

    13. Please, let me know, how your computer is doing.
  13. Idabobaho

    Idabobaho Techie7 New Member

    Messages:
    15
    Operating System:
    Windows XP
    I've uninstalled those programs. I still cant get OTL to launch. I get the same error pop up as before "Exception EOleSysError in module OTL.exe at 00571A5. Class not registered." Any sugggestions?
  14. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Messages:
    7,347
    Operating System:
    Windows 8
    Instead of step one, reset system restore manually.
    Turn system restore off.
    Restart computer.
    Turn system restore on.
    How to turn off and turn on System Restore in Windows XP

    Instead of step 2...
    Please download OTC to your desktop. It'll remove most tools and logs we used so far. If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


    • Double-click OTC.exe to run it. (Vista and 7 users, please right click on OTC and select "Run as an Administrator")
    • Click on the CleanUp! button and follow the prompts.
    • You will be asked to reboot the machine to finish the Cleanup process, choose Yes. If it doesn't ask you to reboot, restart computer manually.
    • After the reboot all the tools we used should be gone.
    • The tool will delete itself once it finishes.
  15. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Messages:
    7,347
    Operating System:
    Windows 8
    Still with me?
Thread Status:
Not open for further replies.

Share This Page