# hard drive won't stop running



## human_error (Feb 5, 2010)

I'm running a Dell 4600 with Windows XP. Until recently, the PC was relatively quick but now it's virtually crawling. The hard drive seems to be working almost nonstop. I'm unsure what's happened but I'd give anything to know how to speed it back up again. I've tried running a registry repair as well as defrag but that doesn't seem to make any difference at all. Any help will be extremely appreciated. Thanks.


----------



## sp3851 (Jan 4, 2010)

Have you ran a virus and spyware program to see if you might have a virus ?


----------



## human_error (Feb 5, 2010)

Yes, I'm using eAcceleration Stop Sign which runs a scan daily. No indication of any spyware or virusus in the scan log.


----------



## flavallee (May 12, 2002)

Stop using registry "cleaners" before you break a bunch of programs and damage the operating system. And get rid of whatever programs you may be using that claim to clean/boost/optimize your computer and make it run better - which it won't.

----------------------------------------------------------------

Go here to download and save *Trend Micro HijackThis 2.0.3*. Close all open windows first, then install it in its default location. Run a scan with it - which should take 30 seconds or less. Save the resulting log in Notepad. Return here, then copy-and-paste the entire log here.

------------------------------------------------------------------


----------



## human_error (Feb 5, 2010)

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 5:53:03 PM, on 2/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\eAcceleration\Framework\eac_productsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\eAcceleration\Framework\eac_svc.exe
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
C:\PROGRA~1\StopSign\POPUPB~1\sspopupblockerctrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {B753C7C5-0942-4b7f-BC27-942B52BDAC66} - C:\PROGRA~1\StopSign\POPUPB~1\sspopupblocker0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Rightdown Software SearchBar - {D6F180CB-E683-41a3-8CD2-C53DBAA0530D} - C:\Program Files\Rightdown Software SearchBar\rssb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StopSignPopupBlocker] C:\PROGRA~1\StopSign\POPUPB~1\sspopupblockerctrl.exe /Startup
O4 - HKLM\..\Run: [OnAccess] "C:\Program Files\StopSign\OnAccess\onaccess.exe" -erk
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [UniblueRegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~1\StopSign\POPUPB~1\sspopupblocker0.dll
O9 - Extra 'Tools' menuitem: Block This Page - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~1\StopSign\POPUPB~1\sspopupblocker0.dll
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.usahc.com
O15 - Trusted Zone: http://www.usateamcorp.com
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://www.gamehouse.com/games/TriJinx.cab
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://www.gamehouse.com/games/PiratePoppers.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224829979531
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://www.gamehouse.com/games/gamehouse/ghplayer.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://www.gamehouse.com/games/DreamChronicles.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.gamehouse.com/games/mjolauncher.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.gamehouse.com/games/zylom/zylomplayer.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://frontier.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://kodak.webex.com/client/T26L10NSP49EP10/support/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://www.gamehouse.com/games/mjescape/PTLauncher.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\Program Files\eAcceleration\Framework\eac_svc.exe
O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\Program Files\eAcceleration\Framework\eac_productsvc.exe
O23 - Service: FWService - eAcceleration Corp - C:\Program Files\eAcceleration\Firewall\FWService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Windows CardSpace (idsvc) - Macrovision Corporation - (no file)
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: StopSign Firewall Security Center Provider (ssfwmonsvc) - eAcceleration Corp - C:\Program Files\eAcceleration\Framework\eac_svc.exe
O23 - Service: StopSign Antivirus Security Center Provider (sstsmonsvc) - eAcceleration Corp - C:\Program Files\eAcceleration\Framework\eac_svc.exe
--
End of file - 11048 bytes


----------



## flavallee (May 12, 2002)

Do the following in the order listed:

Uninstall *Uniblue Registry Booster* and *Windows Defender* and all that *StopSign eAcceleration* crap.

Restart your computer.

Go into the *C:\Program Files* folder and delete the entire *Uniblue* and *Windows Defender* and *eAcceleration/Acceleration Software* folders - if they're still there.

Restart your computer again.

Go here to download and save *Malwarebytes Anti-Malware*. Don't install it nor do anything with it yet.

Go here to download and save *SUPERAntiSpyware*. Don't install it nor do anything with it yet.

After all of the above has been done, run a HijackThis scan and post a new log here.

-------------------------------------------------------------

Your computer is infested with spyware and malware. There's a lot of work to do.

------------------------------------------------------------


----------



## human_error (Feb 5, 2010)

I was able to uninstall Uniblue Registry Booster, Windows Defender, and Stop Sign.
I restarted my computer.
I went into program files. Uniblue and eAcceleration didn't exist. Windows Defender was there but when I tried to delete the foler, I received a popup that said cannot delete MpClient.dll: Access denied.

Is it okay to continue with the restart and downloading the malware and antispyware and rerunning HijackThis?


----------



## flavallee (May 12, 2002)

human_error said:


> I was able to uninstall Uniblue Registry Booster, Windows Defender, and Stop Sign.
> I restarted my computer.
> I went into program files. Uniblue and eAcceleration didn't exist. Windows Defender was there but when I tried to delete the foler, I received a popup that said cannot delete MpClient.dll: Access denied.
> 
> Is it okay to continue with the restart and downloading the malware and antispyware and rerunning HijackThis?


Yes. Download and save MBAM and SAS for now and don't install them yet. Run a HijackThis scan and then post that new log here.

I may be going off-line soon for the night. If I don't reply back after you do the above, I'll be back in the morning.

Open the *Windows Defender* folder and delete the files one-by-one until the folder is empty, then try to delete the folder.

----------------------------------------------------------------


----------



## human_error (Feb 5, 2010)

still unable to delete any of the Windows Defender files. All say access denied.

here is the most recent HJT log:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 7:33:16 PM, on 2/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\eAcceleration\Framework\eac_productsvc.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\eAcceleration\Framework\eac_svc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Rightdown Software SearchBar - {D6F180CB-E683-41a3-8CD2-C53DBAA0530D} - C:\Program Files\Rightdown Software SearchBar\rssb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.usahc.com
O15 - Trusted Zone: http://www.usateamcorp.com
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://www.gamehouse.com/games/TriJinx.cab
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://www.gamehouse.com/games/PiratePoppers.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224829979531
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://www.gamehouse.com/games/gamehouse/ghplayer.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://www.gamehouse.com/games/DreamChronicles.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.gamehouse.com/games/mjolauncher.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.gamehouse.com/games/zylom/zylomplayer.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://frontier.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://kodak.webex.com/client/T26L10NSP49EP10/support/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://www.gamehouse.com/games/mjescape/PTLauncher.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\Program Files\eAcceleration\Framework\eac_svc.exe
O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\Program Files\eAcceleration\Framework\eac_productsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Windows CardSpace (idsvc) - Macrovision Corporation - (no file)
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
--
End of file - 9781 bytes


----------



## flavallee (May 12, 2002)

Go into Start - Run - MSCONFIG - OK - Startup(tab).

Remove the checkmark in *Windows Defender* or *MSASCui.exe*

Click Apply - OK - Exit Without Restart.

Go into Start - Run - SERVICES.MSC - OK.

Expand the services window so you can see the list.

Double-click on *Windows Defender*

Change "Startup Type" from Automatic to Disabled.

Click Apply - OK and then close the services window.

Install both *Malwarebytes* and *SUPERAntiSpyware*.

Allow them to update the definition files during the install process.

Restart your computer after they're both installed.

Don't do anything else with them yet.

Go into the *C:\Program Files* folder and try to delete the *Windows Defender* folder again.

After all of the above has been done, start HijackThis and run a scan.

Return here and then post that new log here.

---------------------------------------------------------------


----------



## human_error (Feb 5, 2010)

Good morning. Just wanted to say thank you for your continued help. Your kindness is amazing.

I was now able to delete all Windows Defender files except mpshhook.dll and the folder itself. Everything else has been deleted.

Here is the most recent HJT log:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 9:22:21 AM, on 2/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\eAcceleration\Framework\eac_productsvc.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\eAcceleration\Framework\eac_svc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRAM FILES\IWIN GAMES\IWINGAMESHOOKIE.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Rightdown Software SearchBar - {D6F180CB-E683-41a3-8CD2-C53DBAA0530D} - C:\Program Files\Rightdown Software SearchBar\rssb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.usahc.com
O15 - Trusted Zone: http://www.usateamcorp.com
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://www.gamehouse.com/games/TriJinx.cab
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://www.gamehouse.com/games/PiratePoppers.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224829979531
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://www.gamehouse.com/games/gamehouse/ghplayer.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://www.gamehouse.com/games/DreamChronicles.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.gamehouse.com/games/mjolauncher.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.gamehouse.com/games/zylom/zylomplayer.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://frontier.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://kodak.webex.com/client/T26L10NSP49EP10/support/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://www.gamehouse.com/games/mjescape/PTLauncher.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\Program Files\eAcceleration\Framework\eac_svc.exe
O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\Program Files\eAcceleration\Framework\eac_productsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Windows CardSpace (idsvc) - Macrovision Corporation - (no file)
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
--
End of file - 9798 bytes


----------



## Phantom010 (Mar 9, 2009)

I don't know if flavallee has noticed it already but your computer is infected:

*O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe*


----------



## human_error (Feb 5, 2010)

He did mention that my PC is infested with spyware and malware so I'm certain he's noticed. I've been running what I thought was a quality virus protection software (StopSign) but apparently it didn't catch problems I was depending on it to find.


----------



## flavallee (May 12, 2002)

Phantom010:

I saw that O4 log entry. Let's see if MBAM and/or SAS gets rid of it - along with all the other spyware and malware in that computer. If it doesn't, we'll get one of the malware experts to intervene.

----------------------------------------------------------------

human_error:

Start Malwarebytes Anti-Malware and run its update function to get its definition files up-to-date.

After that's done, run a "quick scan" with it. 

When the scan is finished, select and remove EVERYTHING that it found.

Restart your computer to complete the removal process, if prompted to.

Start SUPERAntiSpyware and run its update function to get its definition files up-to-date.

After that's done, run a "quick scan" with it.

When the scan is finished, select and remove EVERYTHING that it found.

Restart your computer to complete the removal process, if prompted to.

(2 important things to remember: Don't use your computer while it's scanning, and make sure to select and remove EVERYTHING that's found.)

Advise me when that's done, then I'll give you instructions for posting the scan logs here.

---------------------------------------------------------------


----------



## human_error (Feb 5, 2010)

okay, will do


----------



## flavallee (May 12, 2002)

human_error said:


> okay, will do


I will be going off-line shortly. If Phantom010 is still monitoring your thread when you finish with both scans and post back here, he can give you instructions for posting the scan logs here. If not, I'll get back to your thread in the morning and give you instructions. There's no big hurry with you posting the scan logs here. The important thing is you getting the scans done and then removing EVERYTHING that was found.

----------------------------------------------------------------


----------



## human_error (Feb 5, 2010)

Okay, I ran the malwarebytes and superantispyware. Both found a significant number of problems. I removed and restarted after each process. Now I'm ready for the next step.


----------



## Phantom010 (Mar 9, 2009)

Can you post both reports, as requested by flavallee?


----------



## flavallee (May 12, 2002)

I'm still here and haven't shut down yet.

Start MBAM and then go to Logs(tab).

Click on and highlight the scan log entry, then click Open.

When the scan log appears in Notepad, copy-and-paste it here.

Start SAS and then go to Preferences - Statistics/Logs(tab).

Click on and highlight the scan log entry, then click View Log.

When the scan log appears in Notepad, copy-and-paste it here.

I'm shutting down now for the night.

------------------------------------------------------------


----------



## human_error (Feb 5, 2010)

Malwarebytes' Anti-Malware 1.44
Database version: 3722
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
2/10/2010 6:28:50 PM
mbam-log-2010-02-10 (18-28-50).txt
Scan type: Quick Scan
Objects scanned: 117881
Time elapsed: 7 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 18
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 5
Files Infected: 28
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{7b9a715e-9d87-4c21-bf9e-f914f2fa953f} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eaf2ccee-21a1-4203-9f36-4929fd104d43} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{6d3f5de4-e980-4407-a10f-9ac771abaae6} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d6f180cb-e683-41a3-8cd2-c53dbaa0530d} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d6f180cb-e683-41a3-8cd2-c53dbaa0530d} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{d6f180cb-e683-41a3-8cd2-c53dbaa0530d} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PiratePoppers.1.0.0.24.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{38d97cce-7243-4b6e-b6a8-dd872ad3eb33} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6868afe5-f258-47dc-bc37-0821f96dc1d2} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{49e67060-2c0d-415e-94c7-52a49f73b2f1} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{49e67060-2c0d-415e-94c7-52a49f73b2f1} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{49e67060-2c0d-415e-94c7-52a49f73b2f1} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pugi.pugiobj (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pugi.pugiobj.1 (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ErrorKiller_is1 (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{d6f180cb-e683-41a3-8cd2-c53dbaa0530d} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{d6f180cb-e683-41a3-8cd2-c53dbaa0530d} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\PiratePoppers.1.0.0.24.dll (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Documents and Settings\The Cook's\Application Data\WinAntiSpyware 2007 Free (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Program Files\ErrorKiller\Log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Program Files\ErrorKiller\Registry Backups (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\Rightdown Software SearchBar\rssb.dll (Adware.ISTBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\The Cook's\Application Data\WinAntiSpyware 2007 Free\DownloadUWAS7.url (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\ErrorKiller\ErrorKiller.exe (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Program Files\ErrorKiller\ErrorKiller.url (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Program Files\ErrorKiller\Errors.stg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Program Files\ErrorKiller\Launcher.exe (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Program Files\ErrorKiller\license.txt (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Program Files\ErrorKiller\unins000.dat (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Program Files\ErrorKiller\unins000.exe (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Program Files\ErrorKiller\Log\log_2006_10_31_05_37_59.eklog (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Program Files\ErrorKiller\Log\log_2006_10_31_10_36_53.eklog (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Program Files\ErrorKiller\Log\log_2006_10_31_17_32_56.eklog (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Program Files\ErrorKiller\Log\log_2006_10_31_17_40_54.eklog (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Program Files\ErrorKiller\Log\log_2006_10_31_17_48_00.eklog (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Program Files\ErrorKiller\Log\log_2009_03_14_18_33_03.eklog (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Program Files\ErrorKiller\Log\log_2009_11_09_23_56_44.eklog (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Program Files\ErrorKiller\Registry Backups\2006-04-15_14-58-55.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Program Files\ErrorKiller\Registry Backups\2006-04-15_15-00-24.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Program Files\ErrorKiller\Registry Backups\2006-05-30_16-21-44.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Program Files\ErrorKiller\Registry Backups\2006-06-08_08-58-03.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Program Files\ErrorKiller\Registry Backups\2006-10-26_18-31-35.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Program Files\ErrorKiller\Registry Backups\2006-10-31_10-40-06.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Program Files\ErrorKiller\Registry Backups\Errors.stg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\ErrorKiller\ErrorKiller on the Web.lnk (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\ErrorKiller\ErrorKiller.lnk (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\ErrorKiller\Uninstall ErrorKiller.lnk (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\PiratePoppers.1.0.0.24.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\PiratePoppers.1.0.0.24.inf (Trojan.Agent) -> Quarantined and deleted successfully.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 02/10/2010 at 06:51 PM
Application Version : 4.33.1000
Core Rules Database Version : 4575
Trace Rules Database Version: 2387
Scan type : Quick Scan
Total Scan Time : 00:17:44
Memory items scanned : 404
Memory threats detected : 0
Registry items scanned : 536
Registry threats detected : 14
File items scanned : 9787
File threats detected : 7
Adware.IWinGames
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\InprocServer32
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\InprocServer32#ThreadingModel
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\ProgID
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\Programmable
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\VersionIndependentProgID
HKCR\IEHlprObj.IEHlprObj.1
HKCR\IEHlprObj.IEHlprObj.1\CLSID
HKCR\IEHlprObj.IEHlprObj
HKCR\IEHlprObj.IEHlprObj\CurVer
C:\PROGRAM FILES\IWIN GAMES\IWINGAMESHOOKIE.DLL
HKU\S-1-5-21-299502267-308236825-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8CA5ED52-F3FB-4414-A105-2E3491156990}
Adware.Gamevance
HKU\S-1-5-21-299502267-308236825-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}
Browser Hijacker.Favorites
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Favorites\Pharmacy\About - Health & Fitness - Drug Finder.url
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Favorites\Pharmacy\Express-Scripts.com.url
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Favorites\Pharmacy\Onlinepharmacyusa.com.url
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Favorites\Pharmacy\Thedoctorsonline.com.url
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Favorites\Pharmacy\Ultra Diet Pep Natural Balance.url
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Favorites\Pharmacy


----------



## flavallee (May 12, 2002)

Thanks for posting the 2 scan logs. All the problems that MBAM and SAS found didn't surprise me.

Close all open windows first, then start HijackThis and run a scan, then save the log, then post the entire log here.

----------------------------------------------------------------


----------



## human_error (Feb 5, 2010)

just knowing you can understand the scan logs is amazing to me...incredibly impressive

here is the latest hjt log:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 12:53:19 PM, on 2/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\eAcceleration\Framework\eac_productsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\eAcceleration\Framework\eac_svc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.usahc.com
O15 - Trusted Zone: http://www.usateamcorp.com
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://www.gamehouse.com/games/TriJinx.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224829979531
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://www.gamehouse.com/games/gamehouse/ghplayer.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://www.gamehouse.com/games/DreamChronicles.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.gamehouse.com/games/mjolauncher.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.gamehouse.com/games/zylom/zylomplayer.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://frontier.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://kodak.webex.com/client/T26L10NSP49EP10/support/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://www.gamehouse.com/games/mjescape/PTLauncher.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\Program Files\eAcceleration\Framework\eac_svc.exe
O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\Program Files\eAcceleration\Framework\eac_productsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Windows CardSpace (idsvc) - Macrovision Corporation - (no file)
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
--
End of file - 9304 bytes


----------



## flavallee (May 12, 2002)

This log entry

*O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe*

is still present, so I've reported your thread to the "Malware Removal & HijackThis Logs" section so you can be assisted further by a gold shield malware expert.

-------------------------------------------------------------------

Have you deleted the *eAcceleration* and *StopSign* folders from inside the *C:\Program Files* folder?

You previously advised that you had uninstalled all the *StopSign* and *eAcceleration* crap.

------------------------------------------------------------------


----------



## Phantom010 (Mar 9, 2009)

Yeah, that is one of those malware files with the ability to camouflage itself to look like a typical Windows file.


----------



## human_error (Feb 5, 2010)

I tried to delete eAcceleration and StopSign files from c:\programfiles. In both cases, I get a popup saying that several of the files within the folders are in use. Not sure how to disable the programs so that these folders can be deleted.


----------



## human_error (Feb 5, 2010)

Prior to this attempt to delete files, yesterday I went into control panel, add/remove programs and attempted to delete the eAcceleration and StopSign programs that way. I hadn't tried to delete the folders from programfiles.


----------



## eddie5659 (Mar 19, 2001)

Hiya

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! Save ComboFix.exe to your Desktop*


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

eddie


----------



## TheOutcaste (Aug 8, 2007)

Human_error, you'll want to edit the last 6 lines or so of post#20 and remove your email address, it's listed in the SUPERAntiSpyware log.

eAcceleration still has a couple of services running, so that's why you can't delete the folders.
You can follow the same process flavallee posted for disabling Windows Defender, just look for these two instead of Windows Defender:
*eAcceleration Notification Service
eAcceleration Product Manager Service*

*Wait for eddie5659 to give the go ahead before doing so though, as we don't want to interfere with his process.*



flavallee said:


> Go into Start - Run - SERVICES.MSC - OK.
> 
> Expand the services window so you can see the list.
> 
> ...


Reboot, then see if you can delete the eAcceleration and StopSign folders.


----------



## eddie5659 (Mar 19, 2001)

I'm going to move this to the malware forum as well


----------



## human_error (Feb 5, 2010)

log is too long -- i'll break it into small chunks

ComboFix 10-02-11.02 - The Cook's 02/11/2010 14:38:48.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.262 [GMT -5:00]
Running from: c:\documents and settings\The Cook's\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Internet Explorer\SETA60.tmp
c:\recycler\NPROTECT
c:\windows\100 Sunrises and Sunsets Uninstaller.exe
c:\windows\Downloaded Program Files\DDTums.1.0.0.12
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\cup.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\customer_cup.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\heart.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\menu_down.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\menu_up.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\plates.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\ticket.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\tray.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_bring_check_1_snd.ogg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_diner.ogg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_food_ready_1_snd.ogg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_gain_heart_1.ogg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_pencil_write_2.ogg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_rollover_1.ogg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_seat_people_snd.ogg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\choosedifficulty.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\credits.jpg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\flo_lose.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\flo_win.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\help1.jpg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\help2.jpg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\highscores.jpg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\levelintro.jpg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\levelintro_mask.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\levelover.jpg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\levelover_mask.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\mainmenu.jpg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\popup.jpg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\popup_mask.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\upgradegrid.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\upgradetitle.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\upsell.jpg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\arrowleft_blue.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\arrowleft_yellow.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\arrowright_blue.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\arrowright_yellow.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\back_blue.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\back_yellow.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\backchalk.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\backchalkup.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\backtomenu_blue.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\backtomenu_yellow.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\cancel.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\cancelup.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\career.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\career_over.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\close.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\closeup.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\continue.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\continueover.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\credits_blue.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\credits_yellow.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\download_blue.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\download_yellow.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\easy.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\easy_over.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\endlessshift.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\endlessshift_over.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\hard.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\hard_over.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\help.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\help_over.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\highscores.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\highscores_over.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\instructions_blue.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\instructions_yellow.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\letsplay.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\letsplayover.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\medium.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\medium_over.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\moreinfo.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\moreinfoup.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\off.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\off_on.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\on.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\on_on.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\pause.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\pauseover.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\quit.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\quitgame.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\quitgameover.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\quitover.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\resumegame.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\resumegameover.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\submit.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\submitup.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\tryagain.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\tryagainover.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\upgrade_over.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\upgrade_up.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewglobal.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewglobalup.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewhighscore.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewhighscoreon.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewlocal.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewlocalup.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\comics\webcomic.jpg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\config\career.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\config\customer.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\config\endless.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\config\global.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\config\powerups.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cook\cook.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cook\cook.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cook\stove.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cursor\arrow.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cursor\click.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cursor\click2.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cursor\grab.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\cursor\open.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\anim.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\blue\anim.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\blue\anim.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\blue\sit_legs.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\green\anim.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\green\anim.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\green\sit_legs.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\purple\anim.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\purple\anim.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\purple\sit_legs.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\red\anim.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\red\anim.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\red\sit_legs.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\yellow\anim.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\yellow\anim.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\yellow\sit_legs.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\anim.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\blue\anim.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\blue\anim.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\blue\sit_legs.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\green\anim.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\green\anim.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\green\sit_legs.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\purple\anim.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\purple\anim.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\purple\sit_legs.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\red\anim.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\red\anim.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\red\sit_legs.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\yellow\anim.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\yellow\anim.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\yellow\sit_legs.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\idle.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\idle.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\lower.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\lower.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\upper.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\upper.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\fonts\arial.mvec
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\fonts\komikaaxis.mvec
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\chair.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\chair.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\dirt2top.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\dirt4top.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\dishcart.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\dishcart.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\drinkstation_off.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\drinkstation_on1.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\drinkstation_on2.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\ticketstation.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\ticketstation.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowdown.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowdownon.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowleft.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowlefton.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowright.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowrighton.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowup.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowupon.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\p1icon.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\textedit.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\title.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_1.txt
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_1_a.txt
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_1_b.txt
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_1_c.txt
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_2.txt
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_2_a.txt
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_2_b.txt
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_2_c.txt
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_2_d.txt
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_3.txt
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_3_a.txt
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_3_b.txt
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_3_c.txt
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_3_d.txt
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\fifth_level_diner.txt
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\first_level_diner.txt
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\fourth_level_diner.txt
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\second_level_diner.txt
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\playfirst_logo.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\background.jpg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food1.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food1.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food2.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food2.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food3.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food3.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\frames\upgrade_0001.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\tables\2top.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\tables\2top.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\tables\4top.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\tables\4top.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\upgrades.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\tableshadow.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\choosedifficulty.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\chooseplayer.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\chooserestaurant.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\credits.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\game.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\gothighscore.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\help.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\help2.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\hiscore.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\hiscoreinfo.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\hiscoresubmit.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\levelintro.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\levelover.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\loading.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\mainloop.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\mainmenu.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\ok.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\pause.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\style.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\tutorialintro.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\upgrade.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\upsell.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\webcomic.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\yesno.lua
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\splash\aol_logo.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\splash\gamelabsplash.jpg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\strings.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\angersmoke.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\angersmoke.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\chairflags.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\chairflags.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\check.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\checkmark.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\clock.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\closed.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\closingtime.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\coinflip.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\coinflip.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\dollar.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\doodles\coffee.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\doodles\tables.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\doodles\wallpaper.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\expert.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\expertscore.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\foodpoof.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\foodpoof.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\fork_timer.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\goalcompleted.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\heartgrow.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\heartgrow.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\jar.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\jar.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\level.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\level_career.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\score.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\sound.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\staroff.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\staron.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\tablenumber.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\tablenumberup.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\traynumber.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\tutorial_character.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\tutorialarrow.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\tutorialbox.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgradeanim.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgradeanim.xml
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\drinks.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\maitred.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\oven.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\select.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\shoes.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\stereo.png
c:\windows\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\table.png

more to follow


----------



## human_error (Feb 5, 2010)

c:\windows\Downloaded Program Files\DDTums.1.0.0.12\dinerdash.exe
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_boton_big.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_boton_big.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_boton_small.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_boton_small.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_explosion1.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_explosion1.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_highlight.alpha.png
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_highlight.png
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_hrzarrows.alpha.png
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_hrzarrows.png
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_magiclights.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_magiclights.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_pw_cat.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_pw_cat.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_pw_cbb.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_pw_cbb.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_pw_cbg.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_pw_cbk.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_pw_cbr.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_pw_cbv.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_pw_cbw.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_pw_cby.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_pw_chain.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_pw_fireball.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_pw_fireball.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_pw_misc.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_pw_misc.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_pw_misc2.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_pw_misc2.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_pw_reverse.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_pw_slow.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_pw_speedshot.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_pw_stop.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_pw_wild.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_questionmark.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_questionmark.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_rays.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_rays.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_smallballs.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\_smallballs.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\aol_logo.png
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\arrow_down_disabled.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\arrow_down_disabled.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\arrow_down_highlight.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\arrow_down_highlight.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\arrow_down_normal.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\arrow_down_normal.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\arrow_down_pushed.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\arrow_down_pushed.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\arrow_left_highlight.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\arrow_left_highlight.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\arrow_left_normal.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\arrow_left_normal.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\arrow_right_highlight.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\arrow_right_highlight.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\arrow_right_normal.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\arrow_right_normal.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\arrow_up_disabled.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\arrow_up_disabled.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\arrow_up_highlight.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\arrow_up_highlight.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\arrow_up_normal.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\arrow_up_normal.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\arrow_up_pushed.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\arrow_up_pushed.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\ball_1.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\ball_1.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\ball_2.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\ball_3.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\ball_4.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\ball_5.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\ball_6.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\ball_7.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\ball_fireball.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\ball_fireball.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\ball_highlight.png
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\ball_pusher.png
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\ball_ray.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\ball_ray.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\ball_shadow.png
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\ball_supercannonbal00.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\ball_supercannonbal01.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\ball_supercannonbal02.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\ball_supercannonbal03.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\ball_supercannonbal04.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\ball_supercannonbal05.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\ball_supercannonbal06.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\ball_supercannonbal07.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\ball_supercannonbal08.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\ball_supercannonbal09.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\ball_supercannonbal10.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\ball_supercannonbal11.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\ball_supercannonbal12.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\ball_supercannonbal13.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\ball_supercannonbal14.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\ball_supercannonbal15.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\ball_wild.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\ball_wild.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\barril_top.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\barril_top.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\barril_top_l.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\barril_top_l.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\bigflare.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\bigflare.jpg

more to follow


----------



## human_error (Feb 5, 2010)

c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\blast.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\blast.emitter
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\blast.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\bomb.emitter
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\boton_big_disabled.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\boton_big_highlight.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\boton_big_normal.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\boton_big_pushed.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\boton_small_disabled.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\boton_small_highlight.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\boton_small_normal.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\boton_small_pushed.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\bright.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\bright.emitter
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\bright.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\brillito01.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\brillito01.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cannonball.anim
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cannonball.emitter
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0000.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0000.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0001.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0001.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0002.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0002.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0003.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0003.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0004.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0004.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0005.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0005.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0006.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0006.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0007.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0007.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0008.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0008.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0009.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0009.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0010.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0010.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0011.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0011.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0012.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0012.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0013.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0013.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0014.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0014.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0015.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0015.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0016.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0016.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0017.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0017.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0018.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0018.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0019.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0019.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0020.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0020.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0021.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0021.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0022.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0022.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0023.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0023.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0024.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0024.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0025.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0025.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0026.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0026.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0027.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0027.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0028.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0028.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0029.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0029.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0030.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0030.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0031.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cat0031.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\categories.ui
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black00.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black00.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black01.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black01.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black02.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black02.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black03.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black03.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black04.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black04.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black05.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black05.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black06.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black06.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black07.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black07.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black08.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black08.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black09.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black09.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black10.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black10.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black11.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black11.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black12.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black12.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black13.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black13.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black14.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black14.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black15.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black15.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black16.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black16.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black17.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black17.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black18.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black18.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black19.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black19.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black20.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black20.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black21.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black21.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black22.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black22.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black23.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black23.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black24.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black24.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black25.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black25.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black26.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black26.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black27.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black27.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black28.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black28.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black29.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black29.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black30.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black30.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black31.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_black31.subimage

more to follow


----------



## human_error (Feb 5, 2010)

c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue00.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue00.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue01.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue01.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue02.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue02.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue03.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue03.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue04.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue04.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue05.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue05.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue06.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue06.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue07.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue07.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue08.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue08.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue09.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue09.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue10.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue10.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue11.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue11.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue12.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue12.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue13.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue13.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue14.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue14.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue15.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue15.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue16.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue16.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue17.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue17.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue18.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue18.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue19.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue19.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue20.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue20.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue21.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue21.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue22.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue22.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue23.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue23.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue24.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue24.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue25.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue25.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue26.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue26.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue27.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue27.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue28.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue28.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue29.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue29.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue30.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue30.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue31.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_blue31.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green00.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green00.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green01.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green01.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green02.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green02.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green03.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green03.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green04.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green04.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green05.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green05.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green06.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green06.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green07.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green07.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green08.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green08.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green09.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green09.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green10.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green10.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green11.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green11.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green12.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green12.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green13.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green13.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green14.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green14.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green15.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green15.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green16.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green16.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green17.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green17.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green18.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green18.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green19.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green19.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green20.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green20.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green21.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green21.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green22.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green22.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green23.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green23.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green24.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green24.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green25.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green25.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green26.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green26.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green27.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green27.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green28.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green28.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green29.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green29.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green30.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green30.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green31.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_green31.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red00.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red00.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red01.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red01.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red02.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red02.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red03.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red03.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red04.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red04.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red05.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red05.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red06.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red06.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red07.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red07.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red08.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red08.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red09.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red09.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red10.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red10.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red11.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red11.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red12.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red12.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red13.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red13.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red14.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red14.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red15.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red15.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red16.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red16.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red17.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red17.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red18.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red18.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red19.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red19.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red20.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red20.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red21.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red21.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red22.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red22.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red23.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red23.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red24.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red24.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red25.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red25.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red26.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red26.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red27.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red27.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red28.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red28.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red29.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red29.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red30.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red30.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red31.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_red31.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet00.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet00.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet01.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet01.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet02.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet02.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet03.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet03.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet04.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet04.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet05.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet05.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet06.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet06.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet07.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet07.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet08.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet08.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet09.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet09.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet10.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet10.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet11.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet11.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet12.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet12.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet13.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet13.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet14.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet14.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet15.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet15.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet16.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet16.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet17.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet17.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet18.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet18.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet19.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet19.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet20.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet20.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet21.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet21.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet22.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet22.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet23.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet23.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet24.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet24.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet25.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet25.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet26.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet26.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet27.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet27.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet28.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet28.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet29.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet29.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet30.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet30.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet31.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_violet31.subimage

more to follow


----------



## human_error (Feb 5, 2010)

c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white00.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white00.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white01.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white01.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white02.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white02.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white03.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white03.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white04.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white04.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white05.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white05.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white06.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white06.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white07.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white07.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white08.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white08.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white09.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white09.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white10.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white10.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white11.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white11.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white12.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white12.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white13.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white13.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white14.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white14.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white15.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white15.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white16.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white16.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white17.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white17.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white18.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white18.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white19.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white19.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white20.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white20.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white21.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white21.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white22.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white22.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white23.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white23.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white24.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white24.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white25.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white25.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white26.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white26.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white27.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white27.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white28.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white28.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white29.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white29.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white30.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white30.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white31.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_white31.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow00.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow00.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow01.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow01.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow02.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow02.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow03.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow03.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow04.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow04.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow05.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow05.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow06.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow06.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow07.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow07.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow08.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow08.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow09.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow09.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow10.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow10.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow11.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow11.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow12.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow12.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow13.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow13.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow14.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow14.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow15.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow15.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow16.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow16.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow17.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow17.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow18.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow18.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow19.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow19.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow20.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow20.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow21.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow21.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow22.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow22.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow23.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow23.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow24.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow24.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow25.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow25.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow26.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow26.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow27.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow27.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow28.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow28.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow29.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow29.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow30.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow30.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow31.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cbomb_yellow31.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0000.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0000.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0001.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0001.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0002.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0002.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0003.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0003.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0004.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0004.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0005.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0005.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0006.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0006.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0007.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0007.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0008.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0008.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0009.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0009.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0010.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0010.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0011.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0011.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0012.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0012.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0013.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0013.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0014.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0014.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0015.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0015.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0016.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0016.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0017.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0017.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0018.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0018.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0019.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0019.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0020.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0020.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0021.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0021.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0022.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0022.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0023.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0023.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0024.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0024.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0025.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0025.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0026.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0026.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0027.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0027.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0028.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0028.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0029.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0029.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0030.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0030.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0031.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\chain_break0031.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\checkbox_base.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\checkbox_base.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\checkbox_fill.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\checkbox_fill.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\commonfont.mvec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cursor_default.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cursor_default.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cursor_ingame.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\cursor_ingame.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\editbox_back.png
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\editbox_frame.png
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\expl_1_00.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\expl_1_00.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\expl_1_01.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\expl_1_01.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\expl_1_02.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\expl_1_02.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\expl_1_03.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\expl_1_03.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\expl_1_04.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\expl_1_04.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\expl_1_05.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\expl_1_05.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\expl_1_06.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\expl_1_06.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\expl_1_07.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\expl_1_07.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\expl_1_08.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\expl_1_08.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\expl_1_09.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\expl_1_09.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\expl_1_10.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\expl_1_10.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\expl_1_11.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\expl_1_11.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\expl_1_12.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\expl_1_12.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\expl_1_13.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\expl_1_13.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\expl_1_14.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\expl_1_14.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\expl_1_15.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\expl_1_15.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\explosion1.anim
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball00.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball00.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball01.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball01.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball02.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball02.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball03.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball03.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball04.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball04.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball05.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball05.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball06.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball06.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball07.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball07.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball08.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball08.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball09.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball09.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball10.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball10.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball11.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball11.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball12.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball12.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball13.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball13.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball14.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball14.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball15.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball15.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball16.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball16.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball17.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball17.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball18.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball18.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball19.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball19.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball20.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball20.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball21.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball21.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball22.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball22.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball23.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball23.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball24.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball24.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball25.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball25.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball26.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball26.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball27.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball27.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball28.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball28.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball29.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball29.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball30.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball30.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball31.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\fireball31.subimage

more to follow


----------



## human_error (Feb 5, 2010)

c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\firetrail_smoke.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\firetrail2.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\flare.emitter
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\frame_back.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\frame_int_back.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\frame_int_bottom.png
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\frame_int_left.png
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\frame_int_ll.png
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\frame_int_lr.png
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\frame_int_right.png
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\frame_int_top.png
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\frame_int_ul.png
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\frame_int_ur.png
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\goldcoin.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\goldcoin.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highlight.anim
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highlight_1.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highlight_1.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highlight_10.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highlight_10.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highlight_11.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highlight_11.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highlight_12.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highlight_12.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highlight_13.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highlight_13.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highlight_14.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highlight_14.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highlight_15.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highlight_15.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highlight_16.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highlight_16.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highlight_2.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highlight_2.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highlight_3.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highlight_3.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highlight_4.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highlight_4.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highlight_5.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highlight_5.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highlight_6.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highlight_6.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highlight_7.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highlight_7.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highlight_8.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highlight_8.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highlight_9.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highlight_9.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highscore_back.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highscore_entry.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highscore_entry.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highscore_entry_highlight.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\highscore_entry_highlight.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\hotfire.emitter
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\hotfire2.emitter
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\howtoplay_back.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\howtoplay_pathback.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\howtoplay_pathback.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\htp_ballfade.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\htp_ballfade.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\loadingscreen.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\login.ui
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\magiclight.anim
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\magiclight.emitter
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\magiclights1.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\magiclights2.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\magiclights3.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\magiclights4.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\magiclights5.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\mainmenu.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_a.map
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_b.map
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_c.map
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_d.map
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_doble1.map
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_doble2.map
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_doble3.map
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_doble4.map
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_doble5.map
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_e.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_e.map
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_e_ovl1.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_e_ovl1.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_e_ovl2.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_e_ovl2.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_g.map
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_h.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_h.map
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_h_ovl1.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_h_ovl1.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_i.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_i.map
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_j.map
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_k.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_k.map
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_k_ovl1.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_k_ovl1.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_k_ovl2.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_k_ovl2.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_k_ovl3.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_k_ovl3.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_l.map
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_m.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_m.map
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_n.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_n.map
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_o.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_o.map
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_p.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_p.map
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_q.map
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_sea1.map
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_sea2.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_sea2.map
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_sea2_ovl1.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_sea2_ovl1.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_sea3.map
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_skull1.map
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_totem1.map
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_volcan1.map
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_volcan2.map
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_whirlwind1.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_whirlwind1.map
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_whirlwind1_ovl1.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_whirlwind1_ovl1.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_whirlwind1_ovl2.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_whirlwind1_ovl2.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\map_whirlwind2.map
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\messages.xml
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\moreinfo.ui
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\mouse.png
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\mouse_left.png
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\mouse_move.png
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\mouse_right.png
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\p1icon.png
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\pearls.theme
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\powerup.emitter
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\powerup_new.template
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\pp_button_click.ogg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\preload-anims.txt
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\preload-emitter.txt
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\preload-images.txt
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\preload-music.txt
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\preload-sounds.txt
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\prescaled.txt
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\progress_done.png
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\progress_full.png
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\progressbar_ball.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\progressbar_ball.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\pu_back.anim
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\pu_chains.anim
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\pu_colorbomb_1.anim
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\pu_colorbomb_2.anim
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\pu_colorbomb_3.anim
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\pu_colorbomb_4.anim
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\pu_colorbomb_5.anim
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\pu_colorbomb_6.anim
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\pu_colorbomb_7.anim
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\pu_fireball.anim
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\pu_ray.anim
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\pu_sight.anim
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\pu_slow.anim
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\pu_stop.anim
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\pu_wildball.anim
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\puzzleballs.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\puzzleballs.jpg

more to follow


----------



## human_error (Feb 5, 2010)

c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0000.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0000.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0001.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0001.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0002.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0002.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0003.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0003.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0004.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0004.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0005.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0005.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0006.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0006.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0007.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0007.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0008.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0008.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0009.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0009.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0010.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0010.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0011.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0011.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0012.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0012.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0013.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0013.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0014.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0014.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0015.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0015.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0016.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0016.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0017.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0017.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0018.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0018.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0019.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\question0019.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\questionmark.anim
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\rayos00.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\rayos01.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\rayos02.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\rayos03.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\rayos04.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\rayos05.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\rayos06.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\rayos07.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\rayos08.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\rayos09.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\rayos10.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\rayos11.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\rayos12.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\rayos13.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\rayos14.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\rayos15.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\resource-alias.txt
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0000.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0000.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0001.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0001.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0002.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0002.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0003.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0003.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0004.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0004.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0005.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0005.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0006.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0006.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0007.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0007.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0008.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0008.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0009.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0009.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0010.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0010.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0011.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0011.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0012.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0012.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0013.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0013.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0014.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0014.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0015.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0015.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0016.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0016.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0017.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0017.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0018.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0018.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0019.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0019.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0020.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0020.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0021.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0021.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0022.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0022.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0023.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0023.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0024.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0024.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0025.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0025.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0026.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0026.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0027.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0027.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0028.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0028.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0029.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0029.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0030.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0030.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0031.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\reverse0031.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\ribbon.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\ribbon.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\rieles.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\rieles.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\schwrzw.mvec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\screen1.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\screen2.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\screen3.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\screen4.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\screen5.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\screen6.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\screen7.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\separator.png
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\sfx_break_pusher.ogg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\sfx_explosion.ogg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\sfx_goalreached.ogg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\sfx_insert.ogg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\sfx_launch_ball.ogg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\sfx_launch_bomb.ogg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\sfx_launcher_reload.ogg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\sfx_lose.ogg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\sfx_match_1.ogg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\sfx_match_2.ogg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\sfx_merge.ogg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\sfx_powerup.ogg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\sfx_roll.ogg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\sfx_spawn_chain.ogg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\sfx_spawn_powerup.ogg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\sfx_startlevel.ogg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\sfx_swap_ball.ogg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\sfx_win_level.ogg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\shooter.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\shooter.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\shooter_top.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\shooter_top.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\sight.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\sight.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\silvercoin.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\silvercoin.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slider_empty.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slider_empty.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slider_fill.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slider_fill.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slider_thumb.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slider_thumb.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow00.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow00.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow01.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow01.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow02.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow02.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow03.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow03.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow04.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow04.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow05.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow05.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow06.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow06.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow07.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow07.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow08.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow08.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow09.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow09.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow10.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow10.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow11.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow11.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow12.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow12.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow13.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow13.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow14.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow14.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow15.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow15.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow16.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow16.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow17.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow17.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow18.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow18.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow19.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow19.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow20.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow20.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow21.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow21.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow22.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow22.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow23.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow23.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow24.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow24.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow25.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow25.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow26.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow26.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow27.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow27.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow28.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow28.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow29.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow29.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow30.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow30.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow31.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\slow31.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\smallball_black.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\smallball_blue.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\smallball_cannon.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\smallball_empty.png
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\smallball_fireball.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\smallball_green.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\smallball_red.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\smallball_violet.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\smallball_white2.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\smallball_wildcard.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\smallball_yellow.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\smallflare.emitter
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\smoke.anim
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\smoke_1.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\smoke_1.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\smoke_2.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\smoke_2.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\smoke_3.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\smoke_3.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\smoke_w_1.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\smoke_w_1.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\smoke_w_2.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\smoke_w_2.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\smoke_w_3.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\smoke_w_3.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\smoketrail.emitter
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\smoketrail2.emitter
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0000.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0000.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0001.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0001.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0002.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0002.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0003.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0003.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0004.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0004.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0005.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0005.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0006.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0006.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0007.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0007.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0008.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0008.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0009.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0009.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0010.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0010.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0011.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0011.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0012.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0012.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0013.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0013.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0014.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0014.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0015.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0015.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0016.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0016.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0017.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0017.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0018.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0018.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0019.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0019.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0020.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0020.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0021.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0021.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0022.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0022.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0023.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0023.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0024.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0024.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0025.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0025.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0026.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0026.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0027.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0027.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0028.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0028.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0029.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0029.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0030.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0030.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0031.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\speed0031.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\splash_marino.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\splash_mystery.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\splash_playfirst.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\st_game_short.ogg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\statusbar_arcade.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\statusbar_arcade.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\statusbar_puzzle.alpha.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\statusbar_puzzle.jpg

more to follow


----------



## human_error (Feb 5, 2010)

c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop00.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop00.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop01.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop01.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop02.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop02.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop03.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop03.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop04.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop04.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop05.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop05.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop06.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop06.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop07.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop07.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop08.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop08.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop09.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop09.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop10.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop10.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop11.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop11.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop12.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop12.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop13.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop13.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop14.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop14.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop15.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop15.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop16.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop16.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop17.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop17.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop18.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop18.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop19.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop19.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop20.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop20.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop21.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop21.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop22.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop22.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop23.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop23.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop24.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop24.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop25.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop25.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop26.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop26.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop27.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop27.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop28.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop28.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop29.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop29.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop30.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop30.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop31.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\stop31.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\submit.ui
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\upsell.jpg
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\webmessages.xml
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\whitesmoke.anim
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0000.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0000.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0001.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0001.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0002.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0002.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0003.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0003.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0004.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0004.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0005.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0005.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0006.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0006.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0007.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0007.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0008.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0008.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0009.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0009.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0010.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0010.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0011.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0011.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0012.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0012.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0013.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0013.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0014.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0014.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0015.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0015.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0016.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0016.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0017.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0017.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0018.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0018.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0019.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0019.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0020.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0020.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0021.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0021.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0022.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0022.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0023.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0023.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0024.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0024.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0025.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0025.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0026.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0026.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0027.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0027.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0028.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0028.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0029.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0029.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0030.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0030.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0031.spec
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\assets\wildcard0031.subimage
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\hiscore.dat
c:\windows\Downloaded Program Files\PiratePoppers.1.0.0.24\piratepoppers.exe

more to follow


----------



## human_error (Feb 5, 2010)

c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\areabomb.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\beetlezap.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\bonusrow.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\bonustimer.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\bucketfilled.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\clearpyramid.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\cleartriangle1a.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\cleartriangle1b.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\cleartriangle1c.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\cleartriangle2a.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\cleartriangle2b.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\cleartriangle2c.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\colorchain.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\dialogbox.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\drumbeat.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\fillrow.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\gateopen.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\helptip.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\powerup.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\rotateboardleft.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\timerup.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\warning.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\warning2.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\artifacts-bb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\bar.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\chamber0.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\chamber1.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\circledoor.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\full_screen_dialog.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\global-hs-bb_large.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\global-hs-bb_small.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\help-bb_large.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\help-bb_small.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\hexfield.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\hidden-artifact_icon.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\large_dialog.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\local-hs-bb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\mainmenu.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\small_dialog.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\textfield.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\trifield.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetlehover1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetlehover2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetlehover3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetlehover4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetleshock1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetleshock2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetleshock3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetleshock4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetletatoo.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\dirt.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\scarabpost.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\scarabpostovr.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\tritop.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowdown_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowdown_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowdown_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowleft_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowleft_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowleft_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowright_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowright_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowright_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowup_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowup_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowup_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\bluearrowleft_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\bluearrowleft_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\bluearrowleft_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\bluearrowright_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\bluearrowright_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\bluearrowright_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\checkdown.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\checkup.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\long_button_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\long_button_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\long_button_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\orange-button_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\orange-button_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\orange-button_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\rotleft_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\rotleft_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\rotleft_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\rotright_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\rotright_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\rotright_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\simplebutton_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\simplebutton_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\simplebutton_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\sliderknob.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\sliderknobover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\sliderrail.png

more to follow


----------



## human_error (Feb 5, 2010)

c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\characters\anwar\look\pl0001.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\characters\bast\look\bl0001.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\characters\kristine\look\kl0001.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\crackedstopper.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\cursor.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\doorlights.txt
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\fonts\jackarmstrong.mvec
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\fonts\lithos.mvec
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\greybomb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\helptips\arrowkeys.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\helptips\helptip.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\levels\levels.dat
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\models\disk.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\models\equilateraltriangle.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\models\flattri.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\models\pyramid.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\models\quad.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\models\rotatingpyramid.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\models\scarabpanel.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\p1icon.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\scenes\page1-0.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\scenes\page1-1.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\scenes\panel1-0-1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\scenes\panel1-1-1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\scorecloud.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\setup.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\areashockwave.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\bolt_1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\bolt_2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\bolt_3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\bolt_4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\bolt_starter.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\bolt_tail.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\flash.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\rubble.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\smoke.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\smoke2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\smoke3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\splash\aol_logo.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\statues\statue0\snake_dirty.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\statues\statue1\arm01_dirty.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\statues\statue1\mask01_1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\statues\statue1\statue01_dirty.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\stopper.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\timer.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\timerglow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\timericon.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\tm.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mouseblue1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mouseblue2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mouseblue3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mousegreen1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mousegreen2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mousegreen3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mousered1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mousered2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mousered3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mouseyellow1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mouseyellow2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mouseyellow3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\areabomb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\areabombrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\blue.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\bluerollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\boardfill.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\brick.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\brick1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\brick2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\brick3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\bricktip.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\clearanim\cleared1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\clearanim\cleared2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\clearanim\cleared3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\clearanim\cleared4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\clearanim\cleared5.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\clearanim\cleared6.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\eye1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\eye2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\eye3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\eye4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\green.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\greenrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-blue.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-bluerollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-green.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-greenrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-red.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-redrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-yellow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-yellowrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\red.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\redrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\wild.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\wildrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\yellow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\yellowrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\upsell\image0.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\upsell\image1.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\upsell\image2.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\upsell\image3.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\bluebucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\buckettriangle.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\chainlink.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\chaintip.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\genericbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\greenbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\redbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\smallblue.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\smallgreen.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\smallred.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\smallyellow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\urnglow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\urnplatform.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\yellowbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\assets\warning.png

more to follow


----------



## human_error (Feb 5, 2010)

c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\error.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\game.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\gameover.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\hiscore.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\hiscoreinfo.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\hiscoresubmit.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\instructions.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\leveldesign.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\levelover.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\mainarcade.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\mainconfirm.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\maincontinue.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\maingames.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\mainpuzzle.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\maphelptip.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\options.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\pause.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\quitconfirm.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\start.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\storyplayer.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\style.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\screens\upsell.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\strings.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.60\TriJinx.exe
c:\windows\system32\_004083_.tmp.dll
c:\windows\system32\_004086_.tmp.dll
c:\windows\system32\_004089_.tmp.dll
c:\windows\system32\_004238_.tmp.dll
c:\windows\system32\_004239_.tmp.dll
c:\windows\system32\_004240_.tmp.dll
c:\windows\system32\_004241_.tmp.dll
c:\windows\system32\_004248_.tmp.dll
c:\windows\system32\_004249_.tmp.dll
c:\windows\system32\_004250_.tmp.dll
c:\windows\system32\_004252_.tmp.dll
c:\windows\system32\_004253_.tmp.dll
c:\windows\system32\_004256_.tmp.dll
c:\windows\system32\_004257_.tmp.dll
c:\windows\system32\_004259_.tmp.dll
c:\windows\system32\_004260_.tmp.dll
c:\windows\system32\_004261_.tmp.dll
c:\windows\system32\_004263_.tmp.dll
c:\windows\system32\_004264_.tmp.dll
c:\windows\system32\_004266_.tmp.dll
c:\windows\system32\_004270_.tmp.dll
c:\windows\system32\_004271_.tmp.dll
c:\windows\system32\_004273_.tmp.dll
c:\windows\system32\_004276_.tmp.dll
c:\windows\system32\_004278_.tmp.dll
c:\windows\system32\_004279_.tmp.dll
c:\windows\system32\_004280_.tmp.dll
c:\windows\system32\_004281_.tmp.dll
c:\windows\system32\_004284_.tmp.dll
c:\windows\system32\_004286_.tmp.dll
c:\windows\system32\_004287_.tmp.dll
c:\windows\system32\_004288_.tmp.dll
c:\windows\system32\_004292_.tmp.dll
c:\windows\system32\_004294_.tmp.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\twain_32.dll
c:\windows\system32\vclwiz8.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SKYNET
-------\Service_SKYNET

more to follow


----------



## human_error (Feb 5, 2010)

((((((((((((((((((((((((( Files Created from 2010-01-11 to 2010-02-11 )))))))))))))))))))))))))))))))
.
2010-02-10 14:14 . 2010-02-10 14:14 -------- d-----w- c:\documents and settings\The Cook's\Application Data\Malwarebytes
2010-02-10 14:14 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-10 14:13 . 2010-02-10 14:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-10 14:13 . 2010-02-10 14:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-10 14:13 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-10 14:10 . 2010-02-10 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-10 14:10 . 2010-02-10 14:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-10 14:10 . 2010-02-10 14:10 -------- d-----w- c:\documents and settings\The Cook's\Application Data\SUPERAntiSpyware.com
2010-02-09 04:17 . 2010-02-09 04:17 -------- d-----w- c:\documents and settings\The Cook's\Application Data\Uniblue
2010-02-05 17:46 . 2010-02-05 17:46 -------- d-----w- c:\program files\TrendMicro
2010-02-02 05:13 . 2010-02-02 05:13 -------- d-----w- c:\documents and settings\The Cook's\Saved Games
2010-02-02 04:56 . 2010-02-02 04:58 -------- d-----w- c:\program files\iWin.com Games
2010-02-01 22:27 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-02-01 22:27 . 2009-09-04 22:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-02-01 22:27 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-02-01 22:27 . 2009-09-04 22:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-02-01 22:25 . 2008-05-30 19:18 238088 ----a-w- c:\windows\system32\xactengine3_1.dll
2010-02-01 22:25 . 2008-05-30 19:17 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2010-02-01 22:25 . 2008-05-30 19:11 467984 ----a-w- c:\windows\system32\d3dx10_38.dll
2010-02-01 22:25 . 2008-05-30 19:11 1491992 ----a-w- c:\windows\system32\D3DCompiler_38.dll
2010-02-01 22:25 . 2008-05-30 19:11 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2010-02-01 22:25 . 2008-03-05 21:03 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2010-02-01 22:25 . 2008-03-05 21:03 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2010-02-01 22:25 . 2008-03-05 21:00 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll
2010-02-01 22:25 . 2008-03-05 20:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2010-02-01 22:25 . 2008-02-06 04:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2010-02-01 22:24 . 2008-03-05 20:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2010-02-01 22:24 . 2007-10-22 08:39 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2010-02-01 22:24 . 2007-10-02 14:56 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2010-02-01 22:24 . 2007-10-12 20:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2010-02-01 22:23 . 2007-10-12 20:14 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2010-02-01 22:08 . 2010-02-01 22:08 -------- d-----w- c:\windows\Logs
2010-02-01 06:44 . 2010-01-14 16:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-02-01 06:41 . 2010-02-10 14:19 -------- d-----w- c:\program files\Windows Defender
2010-01-31 19:39 . 2010-01-31 19:40 -------- d-----w- c:\documents and settings\The Cook's\Application Data\EnchantedCavern
2010-01-31 19:11 . 2010-01-31 19:11 -------- d-----w- c:\program files\Common Files\Oberon Media
2010-01-31 19:10 . 2010-01-31 19:10 -------- d-----w- c:\program files\Frontier Games
2010-01-24 01:39 . 2010-01-24 01:39 -------- d-----w- c:\documents and settings\The Cook's\Application Data\TMInc
2010-01-20 04:16 . 2007-07-20 05:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2010-01-20 04:16 . 2007-07-19 23:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2010-01-20 04:16 . 2007-07-19 23:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2010-01-20 04:16 . 2007-07-19 23:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-01-20 04:16 . 2007-10-22 08:37 17928 ----a-w- c:\windows\system32\X3DAudio1_2.dll
2010-01-20 04:16 . 2007-06-21 01:46 266088 ----a-w- c:\windows\system32\xactengine2_8.dll
2010-01-20 04:16 . 2007-05-16 21:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2010-01-20 04:16 . 2007-05-16 21:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2010-01-20 04:14 . 2005-05-26 20:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-01-20 04:13 . 2010-01-20 04:13 -------- d-----w- c:\program files\OpenAL
2010-01-20 04:13 . 2010-01-20 04:13 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-20 04:13 . 2010-01-20 04:13 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-20 04:12 . 2010-01-20 04:12 -------- d-----w- c:\windows\system32\AGEIA
2010-01-20 04:12 . 2010-01-20 04:12 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-20 04:11 . 2010-02-10 14:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-18 21:15 . 2010-01-18 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ScreenSeven
2010-01-16 02:39 . 2010-01-16 02:39 -------- d-----w- c:\documents and settings\The Cook's\Application Data\Friday's games
2010-01-16 02:39 . 2010-02-04 02:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2010-01-16 02:19 . 2010-01-16 02:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Playrix Entertainment
2010-01-14 07:55 . 2010-01-14 07:55 -------- d-----w- c:\program files\OXXOGames
2010-01-14 07:48 . 2010-02-09 22:45 -------- d-----w- c:\program files\Viva Media
2010-01-14 07:48 . 2010-01-14 07:48 -------- d-----w- c:\program files\Viva Media Game Center
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-11 19:58 . 2009-10-18 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2010-02-11 18:33 . 2009-03-14 23:08 -------- d-----w- c:\program files\StopSign
2010-02-11 18:30 . 2007-08-27 17:57 -------- d-----w- c:\program files\eAcceleration
2010-02-10 23:28 . 2008-04-03 02:36 -------- d-----w- c:\program files\Rightdown Software SearchBar
2010-02-09 23:28 . 2007-08-27 17:57 -------- d-----w- c:\documents and settings\The Cook's\Application Data\eAcceleration
2010-02-09 23:28 . 2007-11-14 04:54 -------- d-----w- c:\program files\Common Files\eAcceleration
2010-02-08 20:29 . 2008-01-09 23:18 -------- d-----w- c:\documents and settings\The Cook's\Application Data\FileZilla
2010-02-04 19:00 . 2004-06-01 04:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-02 21:07 . 2009-03-13 15:53 -------- d-----w- c:\program files\iWin.com
2010-02-02 05:05 . 2009-03-10 01:00 -------- d-----w- c:\program files\iWin Games
2010-02-01 22:42 . 2005-11-15 18:40 -------- d-----w- c:\program files\Common Files\Java
2010-02-01 22:39 . 2005-11-15 18:43 -------- d-----w- c:\program files\Java
2010-02-01 06:21 . 2009-07-29 06:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-02-01 06:07 . 2004-03-27 17:28 -------- d-----w- c:\program files\Lavasoft
2010-01-31 20:19 . 2007-10-06 05:57 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-21 09:56 . 2009-02-22 18:36 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-31 16:50 . 2006-05-03 21:33 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-24 23:36 . 2009-02-24 21:41 -------- d-----w- c:\documents and settings\The Cook's\Application Data\Temp
2009-12-21 19:14 . 2006-05-03 21:33 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-20 20:02 . 2006-10-08 02:35 31 -c--a-w- c:\windows\popcinfo.dat
2009-12-17 22:14 . 2009-07-16 20:32 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 19:08 . 2009-03-04 04:38 -------- d-----w- c:\program files\RealArcade
2009-12-14 07:08 . 2006-05-03 21:33 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2006-05-03 21:33 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2006-05-03 21:33 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2006-05-03 21:33 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2006-05-03 21:34 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11 . 2006-05-03 21:34 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07 . 2003-07-16 20:36 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2006-05-03 21:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2006-05-03 21:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07 . 2006-05-03 21:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-21 15:51 . 2006-05-03 21:33 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2006-10-10 17:35 . 2006-10-10 17:35 774144 -c--a-w- c:\program files\RngInterstitial.dll
2009-10-17 22:28 . 2008-12-15 16:59 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-10-17 22:28 . 2008-12-15 16:59 125848 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-12-15 16:59 . 2008-12-15 16:59 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2009-09-25 00:22 . 2007-03-30 18:02 1682 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-08-03 1626112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PreCast Monitor.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BFTP Client
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPConnMan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISAT AutoUpdater
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StopSignSsSsMon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StopSignSsTsMon
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2003-08-06 06:04 114741 -c----w- c:\windows\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FilmLoop]
2006-09-28 09:59 3723264 -c--a-w- c:\program files\FilmLoop Player\FilmLoop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-08-11 20:30 249856 -c----w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-11 20:30 81920 -c----w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KMCONFIG]
2007-03-06 18:51 212992 -c----w- c:\program files\Micro Innovations\Wireless Keyboard & Mouse Driver\StartAutorun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCW Startup]
2002-12-20 22:06 321024 -c--a-w- c:\program files\Monitor Calibration Wizard\MCW.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-10-06 18:16 5058560 -c--a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2003-10-06 18:16 49152 -c----w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 10:24 286720 -c--a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 20:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-08-09 01:56 68856 -c----w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 06:01 110592 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9323:TCP"= 9323:TCP:EKDiscovery
"9322:TCP"= 9322:TCP:EKDiscovery
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 eac_notifysvc;eAcceleration Notification Service;c:\program files\eAcceleration\Framework\eac_svc.exe [4/22/2008 6:25 AM 113920]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [1/21/2010 2:12 PM 78104]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [8/5/2009 11:49 AM 284016]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
S2 eac_productsvc;eAcceleration Product Manager Service;c:\program files\eAcceleration\Framework\eac_productsvc.exe [4/22/2008 6:25 AM 263504]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/14/2009 2:53 PM 133104]
S2 NProtectService;Norton Unerase Protection;c:\progra~1\NORTON~2\NORTON~1\NPROTECT.EXE [8/30/2004 10:52 PM 95328]
S3 HNetSuN;MainData Hybrid-Net Single User Adapter;c:\windows\system32\drivers\hnetsun.sys [10/5/2004 10:29 AM 14356]
S4 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" --> c:\program files\Windows Defender\MsMpEng.exe [?]
.
Contents of the 'Scheduled Tasks' folder
2010-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-14 19:52]
2010-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-14 19:52]
2010-02-11 c:\windows\Tasks\User_Feed_Synchronization-{E44811A9-3D4A-4673-864C-58B0C09CE97C}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=localhost:8080
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}
Trusted Zone: usahc.com\www
Trusted Zone: usateamcorp.com\www
DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://www.gamehouse.com/games/TriJinx.cab
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.gamehouse.com/games/gamehouse/ghplayer.cab
DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://www.gamehouse.com/games/DreamChronicles.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.gamehouse.com/games/zylom/zylomplayer.cab
DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} - hxxp://www.gamehouse.com/games/mjescape/PTLauncher.cab
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
MSConfigStartUp-errorkiller - c:\program files\errorkiller\errorkiller.exe
MSConfigStartUp-SoftwareStation - c:\program files\eAcceleration\Station\station.exe
MSConfigStartUp-webscan - c:\program files\Acceleration Software\Anti-Virus\stopsignav.exe
MSConfigStartUp-Windows Defender - c:\program files\Windows Defender\MSASCui.exe
AddRemove-100 Sunrises and Sunsets - c:\windows\100 Sunrises and Sunsets Uninstaller.exe
AddRemove-SatDirect Plus - c:\program files\Satellite\SatDirect Plus\Uninst.isu
AddRemove-SoftwareStation - c:\program files\eAcceleration\Station\station.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-11 14:59
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ... 
scanning hidden autostart entries ... 
scanning hidden files ... 
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(448)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(2736)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msi.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\Ink\SKCHUI.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\System32\nvsvc32.exe
c:\windows\System32\locator.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-02-11 15:10:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-11 20:09
Pre-Run: 55,602,040,832 bytes free
Post-Run: 55,809,761,280 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
- - End Of File - - 22B5FB723427F2EE152B37941D25B6F8

whew...this is the end!


----------



## eddie5659 (Mar 19, 2001)

Good gravy 

Okay, will have a looksee. Just to let you know, I have to go out in 20 mins, but I will reply tomorrow evening at around 5ish (its 8.45pm here  )


----------



## human_error (Feb 5, 2010)

That would be awesome. I don't know how to thank you enough for all your time and trouble in helping me out.


----------



## eddie5659 (Mar 19, 2001)

I can reply now, then off I dash 

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)










Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

------------

After you've done the above, can you also do these as well:

Download *RootRepeal* from one of the following locations and save it to your desktop:
*Link 1*
*Link 2*
*Link 3*

Double click







to start the program
Click on the *Report* tab at the bottom of the program window
Click the







button
In the *Select Scan* dialog, check:
*
[*]Drivers
[*]Files
[*]Processes
[*]SSDT
[*]Stealth Objects
[*]Hidden Services
[*]Shadow SSDT*

Click the *OK* button
In the next dialog, select *all drives* showing
Click *OK* to start the scan
_Note: The scan can take some time. *DO NOT* run any other programs while the scan is running_​
When the scan is complete, click the







button and save the report to your Desktop as *RootRepeal.txt*
Go to *File*, then *Exit* to close the program
If the report is not too long, post the contents of RootRepeal.txt in your next reply. *If the report is very long*, it will not be complete if you post it, so please *attach* it to your reply instead.
Click on the *Go Advanced* button for the uploading options at the bottom of this page (in the picture below  ) [/list]











In there, at the bottom, click on the button *Manage Attachments* (in the picture below  .
A window will appear, and then Browse to *RootRepeal.txt* on your Desktop.
Click Upload, and when uploaded click *Close this Window*
Then, in the previous window, click on *Add Reply*










-------------


Download *OTL* to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Minimal Output*.
Under the *Standard Registry* box change it to *All*.
Check the boxes beside *LOP Check* and *Purity Check*.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. *OTListIt.Txt* and *Extras.Txt*. These are saved in the same location as OTL.
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.


============

So, the next replies should be the ComboFix log, RootRepeal.txt and the OTListIt.Txt and Extras.Txt 

eddie


----------



## human_error (Feb 5, 2010)

combofix log is attached


----------



## flavallee (May 12, 2002)

human_error said:


> Prior to this attempt to delete files, yesterday I went into control panel, add/remove programs and attempted to delete the eAcceleration and StopSign programs that way. I hadn't tried to delete the folders from programfiles.


You need to uninstall programs in the "Add Or Remove Programs" list *before* you delete their folders inside the C:\PROGRAM FILES folder. Don't ever do it the other way around.

You're in eddie5659's hands now.

---------------------------------------------------------------


----------



## human_error (Feb 5, 2010)

I downloaded and saved RootRepeal on my desktop. When I double click the icon, a popup appears saying program initializing, please wait. I waited more than an hour and nothing happened. I opened task manager. It shows the program is busy and not responding so I ended it. I deleted the file from the desktop and tried downloading it from a different link. Same results. Not sure what I'm doing wrong. I'll await your instructions before I continue with your previous instructions. Thanks.


----------



## eddie5659 (Mar 19, 2001)

I'll have a look at the logs when I get home, but don't worry about RootRepeal for now. Lets see if GMER can run instead:

Download the *GMER Rootkit Scanner*. Unzip it to your Desktop.

*Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.*

Double-click *gmer.exe*. The program will begin to run.

***Caution***
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
Click *NO*
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is *un-checked*.
Now click the Scan button.
_Once the scan is complete, you may receive another notice about rootkit activity._
Click OK.
GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "*GMER.txt*" 
Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.

eddie


----------



## human_error (Feb 5, 2010)

here is the log of the GMER scan:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-12 13:08:12
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\THECOO~1\LOCALS~1\Temp\pwtoyfoc.sys

---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF5B190B0]
Code \??\C:\ComboFix\catchme.sys pIofCallDriver
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 451 804E2ABD 3 Bytes [90, B1, F5] {NOP ; MOV CL, 0xf5}
? Combo-Fix.sys The system cannot find the file specified. !
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF798E340, 0x121A5F, 0xF8000020]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF76B2F80]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF9D6380, 0x25BA81, 0xF8000020]
? C:\ComboFix\catchme.sys The system cannot find the path specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
? C:\WINDOWS\system32\drivers\rootrepeal.sys The system cannot find the file specified. !
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
---- Processes - GMER 1.0.15 ----
Library C:\PROGRA~1\WIFD1F~1\MpShHook.dll (*** hidden *** ) @ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2648] 0x5F800000 
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst 0 bytes
---- EOF - GMER 1.0.15 ----


----------



## eddie5659 (Mar 19, 2001)

Had a problem with my pc last night, and lost a few notes. Give me a few mins to re-make them, then I'll look thru the new replies


----------



## human_error (Feb 5, 2010)

no problem -- I truly appreciate your help


----------



## eddie5659 (Mar 19, 2001)

My mouse didn't, luckily it was just a standard one. My Razor gaming mouse is still alive 

Okay, before I do the next fix, have you uninstalled these two via AddRemove

*eAcceleration and StopSign*

If so, we'll clear the remains of those next


----------



## human_error (Feb 5, 2010)

yes, both eAcceleration and Stopsign are no longer in the Add/Remove list


----------



## eddie5659 (Mar 19, 2001)

Okay, lets do this:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Delete the original file called CFScript.txt that you used before.

4. Download the attached, fresh CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)










Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

eddie


----------



## human_error (Feb 5, 2010)

ComboFix 10-02-11.04 - The Cook's 02/12/2010 22:26:42.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.305 [GMT -5:00]
Running from: c:\documents and settings\The Cook's\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\The Cook's\Desktop\CFScript.txt
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FILE ::
"c:\program files\eAcceleration\Framework\eac_productsvc.exe"
"c:\program files\eAcceleration\Framework\eac_svc.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\The Cook's\Application Data\eAcceleration
c:\documents and settings\The Cook's\Application Data\eAcceleration\SoftwareStation\xml\settings.xml
c:\program files\Common Files\eAcceleration
c:\program files\Common Files\eAcceleration\eac_install00.dat
c:\program files\Common Files\eAcceleration\eanthmngr.dll
c:\program files\Common Files\eAcceleration\eanthmngr_update.exe
c:\program files\Common Files\eAcceleration\eanthmngr_update.exe.chk
c:\program files\Common Files\eAcceleration\stops_dlg_header_tl.gif
c:\program files\Common Files\eAcceleration\stops_dlg_header_tm.gif
c:\program files\Common Files\eAcceleration\stops_dlg_header_tr.gif
c:\program files\Common Files\eAcceleration\Thumbs.db
c:\program files\eAcceleration
c:\program files\eAcceleration\Framework\eac_framework.dll
c:\program files\eAcceleration\Framework\eac_notifysvc0.dll
c:\program files\eAcceleration\Framework\eac_productsvc.exe
c:\program files\eAcceleration\Framework\eac_svc.exe
c:\program files\StopSign
c:\program files\StopSign\Installer\dlinst.dll
c:\program files\StopSign\Installer\eac_framework_install.exe
c:\program files\StopSign\Installer\eaccel_setup_update.exe
c:\program files\StopSign\Installer\eaccel_setup_update.exe.chk
c:\program files\StopSign\Installer\eaccel_updater.exe
c:\program files\StopSign\Installer\eaccelsetup.dll
c:\program files\StopSign\Installer\eaccelsetup.exe
c:\program files\StopSign\Installer\eaccelsetup0.dll
c:\program files\StopSign\Installer\firstprods.ini
c:\program files\StopSign\Installer\prods.ini
c:\program files\StopSign\Installer\resources\html\eula.htm
c:\program files\StopSign\Installer\resources\html\eula_sb.htm
c:\program files\StopSign\Installer\resources\html\eula_scan.htm
c:\program files\StopSign\Installer\resources\html\install_ty.htm
c:\program files\StopSign\Installer\resources\html\install_ty_alt.htm
c:\program files\StopSign\Installer\resources\html\install_ty_alt.html
c:\program files\StopSign\Installer\resources\html\install_ty_paid.htm
c:\program files\StopSign\Installer\resources\html\intro.htm
c:\program files\StopSign\Installer\resources\html\intro_old.htm
c:\program files\StopSign\Installer\resources\icons\8pool.ico
c:\program files\StopSign\Installer\resources\icons\9pool.ico
c:\program files\StopSign\Installer\resources\icons\backgammon.ico
c:\program files\StopSign\Installer\resources\icons\blocks.ico
c:\program files\StopSign\Installer\resources\icons\checkers.ico
c:\program files\StopSign\Installer\resources\icons\chess.ico
c:\program files\StopSign\Installer\resources\icons\compass.ico
c:\program files\StopSign\Installer\resources\icons\dldguard.ico
c:\program files\StopSign\Installer\resources\icons\dominoes.ico
c:\program files\StopSign\Installer\resources\icons\duck.ico
c:\program files\StopSign\Installer\resources\icons\dvcr.ico
c:\program files\StopSign\Installer\resources\icons\emailsensor.ico
c:\program files\StopSign\Installer\resources\icons\es_select.ico
c:\program files\StopSign\Installer\resources\icons\es_sonic.ico
c:\program files\StopSign\Installer\resources\icons\es_voyager.ico
c:\program files\StopSign\Installer\resources\icons\es_windmail.ico
c:\program files\StopSign\Installer\resources\icons\firewall.ico
c:\program files\StopSign\Installer\resources\icons\freecell.ico
c:\program files\StopSign\Installer\resources\icons\geoball_icon2.ico
c:\program files\StopSign\Installer\resources\icons\gzpr.ico
c:\program files\StopSign\Installer\resources\icons\ishield.ico
c:\program files\StopSign\Installer\resources\icons\klondike.ico
c:\program files\StopSign\Installer\resources\icons\konx_mail00.ico
c:\program files\StopSign\Installer\resources\icons\konx00.ico
c:\program files\StopSign\Installer\resources\icons\lites.ico
c:\program files\StopSign\Installer\resources\icons\low.ico
c:\program files\StopSign\Installer\resources\icons\mahjongg.ico
c:\program files\StopSign\Installer\resources\icons\match.ico
c:\program files\StopSign\Installer\resources\icons\megdat.ico
c:\program files\StopSign\Installer\resources\icons\oodlz.ico
c:\program files\StopSign\Installer\resources\icons\p2n.ico
c:\program files\StopSign\Installer\resources\icons\popupdet.ico
c:\program files\StopSign\Installer\resources\icons\revenge.ico
c:\program files\StopSign\Installer\resources\icons\reversi.ico
c:\program files\StopSign\Installer\resources\icons\slide.ico
c:\program files\StopSign\Installer\resources\icons\space.ico
c:\program files\StopSign\Installer\resources\icons\stopsign.ico
c:\program files\StopSign\Installer\resources\icons\syspatch.ico
c:\program files\StopSign\Installer\resources\icons\t4c00.ico
c:\program files\StopSign\Installer\resources\icons\veloz00.ico
c:\program files\StopSign\Installer\resources\icons\word.ico
c:\program files\StopSign\Installer\resources\images\install_stopsign_logo.gif
c:\program files\StopSign\Installer\resources\images\install_stopsign_text.gif
c:\program files\StopSign\Installer\resources\images\ss_general_ss.gif
c:\program files\StopSign\Installer\resources\images\stops_dlg_header_tl.gif
c:\program files\StopSign\Installer\resources\images\stops_dlg_header_tm.gif
c:\program files\StopSign\Installer\resources\images\stops_dlg_header_tr.gif
c:\program files\StopSign\Installer\resources\images\stops_header_tl.gif
c:\program files\StopSign\Installer\resources\images\stops_header_tm.gif
c:\program files\StopSign\Installer\resources\images\stops_header_tr.gif
c:\program files\StopSign\Installer\resources\images\stopsign_big.bmp
c:\program files\StopSign\Installer\scanner_install.exe
c:\program files\StopSign\Installer\stopsact.dll
c:\recycler\NPROTECT
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_EAC_NOTIFYSVC
-------\Legacy_EAC_PRODUCTSVC
-------\Service_eac_notifysvc
-------\Service_eac_productsvc

((((((((((((((((((((((((( Files Created from 2010-01-13 to 2010-02-13 )))))))))))))))))))))))))))))))
.
2010-02-10 14:14 . 2010-02-10 14:14 -------- d-----w- c:\documents and settings\The Cook's\Application Data\Malwarebytes
2010-02-10 14:14 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-10 14:13 . 2010-02-10 14:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-10 14:13 . 2010-02-10 14:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-10 14:13 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-10 14:10 . 2010-02-10 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-10 14:10 . 2010-02-10 14:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-10 14:10 . 2010-02-10 14:10 -------- d-----w- c:\documents and settings\The Cook's\Application Data\SUPERAntiSpyware.com
2010-02-05 17:46 . 2010-02-05 17:46 -------- d-----w- c:\program files\TrendMicro
2010-02-02 05:13 . 2010-02-02 05:13 -------- d-----w- c:\documents and settings\The Cook's\Saved Games
2010-02-02 04:56 . 2010-02-02 04:58 -------- d-----w- c:\program files\iWin.com Games
2010-02-01 22:27 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-02-01 22:27 . 2009-09-04 22:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-02-01 22:27 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-02-01 22:27 . 2009-09-04 22:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-02-01 22:25 . 2008-05-30 19:18 238088 ----a-w- c:\windows\system32\xactengine3_1.dll
2010-02-01 22:25 . 2008-05-30 19:17 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2010-02-01 22:25 . 2008-05-30 19:11 467984 ----a-w- c:\windows\system32\d3dx10_38.dll
2010-02-01 22:25 . 2008-05-30 19:11 1491992 ----a-w- c:\windows\system32\D3DCompiler_38.dll
2010-02-01 22:25 . 2008-05-30 19:11 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2010-02-01 22:25 . 2008-03-05 21:03 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2010-02-01 22:25 . 2008-03-05 21:03 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2010-02-01 22:25 . 2008-03-05 21:00 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll
2010-02-01 22:25 . 2008-03-05 20:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2010-02-01 22:25 . 2008-02-06 04:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2010-02-01 22:24 . 2008-03-05 20:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2010-02-01 22:24 . 2007-10-22 08:39 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2010-02-01 22:24 . 2007-10-02 14:56 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2010-02-01 22:24 . 2007-10-12 20:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2010-02-01 22:23 . 2007-10-12 20:14 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2010-02-01 22:08 . 2010-02-01 22:08 -------- d-----w- c:\windows\Logs
2010-02-01 06:44 . 2010-01-14 16:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-31 19:39 . 2010-01-31 19:40 -------- d-----w- c:\documents and settings\The Cook's\Application Data\EnchantedCavern
2010-01-31 19:11 . 2010-01-31 19:11 -------- d-----w- c:\program files\Common Files\Oberon Media
2010-01-31 19:10 . 2010-01-31 19:10 -------- d-----w- c:\program files\Frontier Games
2010-01-24 01:39 . 2010-01-24 01:39 -------- d-----w- c:\documents and settings\The Cook's\Application Data\TMInc
2010-01-20 04:16 . 2007-07-20 05:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2010-01-20 04:16 . 2007-07-19 23:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2010-01-20 04:16 . 2007-07-19 23:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2010-01-20 04:16 . 2007-07-19 23:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-01-20 04:16 . 2007-10-22 08:37 17928 ----a-w- c:\windows\system32\X3DAudio1_2.dll
2010-01-20 04:16 . 2007-06-21 01:46 266088 ----a-w- c:\windows\system32\xactengine2_8.dll
2010-01-20 04:16 . 2007-05-16 21:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2010-01-20 04:16 . 2007-05-16 21:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2010-01-20 04:14 . 2005-05-26 20:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-01-20 04:13 . 2010-01-20 04:13 -------- d-----w- c:\program files\OpenAL
2010-01-20 04:13 . 2010-01-20 04:13 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-20 04:13 . 2010-01-20 04:13 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-20 04:12 . 2010-01-20 04:12 -------- d-----w- c:\windows\system32\AGEIA
2010-01-20 04:12 . 2010-01-20 04:12 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-20 04:11 . 2010-02-10 14:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-18 21:15 . 2010-01-18 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ScreenSeven
2010-01-16 02:39 . 2010-01-16 02:39 -------- d-----w- c:\documents and settings\The Cook's\Application Data\Friday's games
2010-01-16 02:39 . 2010-02-04 02:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2010-01-16 02:19 . 2010-01-16 02:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Playrix Entertainment
2010-01-14 07:55 . 2010-01-14 07:55 -------- d-----w- c:\program files\OXXOGames
2010-01-14 07:48 . 2010-02-09 22:45 -------- d-----w- c:\program files\Viva Media
2010-01-14 07:48 . 2010-01-14 07:48 -------- d-----w- c:\program files\Viva Media Game Center
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-13 03:37 . 2009-10-18 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2010-02-10 23:32 . 2010-02-10 14:11 117760 ----a-w- c:\documents and settings\The Cook's\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-10 23:28 . 2008-04-03 02:36 -------- d-----w- c:\program files\Rightdown Software SearchBar
2010-02-10 14:11 . 2010-02-10 14:11 52224 ----a-w- c:\documents and settings\The Cook's\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-09 22:51 . 2010-02-09 22:51 388096 ----a-r- c:\documents and settings\The Cook's\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-02-08 20:29 . 2008-01-09 23:18 -------- d-----w- c:\documents and settings\The Cook's\Application Data\FileZilla
2010-02-04 19:00 . 2004-06-01 04:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-04 11:47 . 2010-02-04 11:47 503808 ----a-w- c:\documents and settings\The Cook's\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2ca2763e-n\msvcp71.dll
2010-02-04 11:47 . 2010-02-04 11:47 499712 ----a-w- c:\documents and settings\The Cook's\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2ca2763e-n\jmc.dll
2010-02-04 11:47 . 2010-02-04 11:47 348160 ----a-w- c:\documents and settings\The Cook's\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2ca2763e-n\msvcr71.dll
2010-02-04 11:47 . 2010-02-04 11:47 61440 ----a-w- c:\documents and settings\The Cook's\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5c04bced-n\decora-sse.dll
2010-02-04 11:47 . 2010-02-04 11:47 12800 ----a-w- c:\documents and settings\The Cook's\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5c04bced-n\decora-d3d.dll
2010-02-02 21:07 . 2009-03-13 15:53 -------- d-----w- c:\program files\iWin.com
2010-02-02 05:05 . 2009-03-10 01:00 -------- d-----w- c:\program files\iWin Games
2010-02-01 22:42 . 2005-11-15 18:40 -------- d-----w- c:\program files\Common Files\Java
2010-02-01 22:39 . 2005-11-15 18:43 -------- d-----w- c:\program files\Java
2010-02-01 06:21 . 2009-07-29 06:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-02-01 06:07 . 2004-03-27 17:28 -------- d-----w- c:\program files\Lavasoft
2010-01-31 20:19 . 2007-10-06 05:57 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-21 09:56 . 2009-02-22 18:36 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-31 16:50 . 2006-05-03 21:33 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-24 23:36 . 2009-02-24 21:41 -------- d-----w- c:\documents and settings\The Cook's\Application Data\Temp
2009-12-21 19:14 . 2006-05-03 21:33 916480 ------w- c:\windows\system32\wininet.dll
2009-12-20 20:02 . 2006-10-08 02:35 31 -c--a-w- c:\windows\popcinfo.dat
2009-12-17 22:14 . 2009-07-16 20:32 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 19:08 . 2009-03-04 04:38 -------- d-----w- c:\program files\RealArcade
2009-12-14 07:08 . 2006-05-03 21:33 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2006-05-03 21:33 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2006-05-03 21:33 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2006-05-03 21:33 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-04 03:31 . 2009-12-04 03:31 152576 ----a-w- c:\documents and settings\The Cook's\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-04 03:30 . 2009-12-04 03:30 79488 ----a-w- c:\documents and settings\The Cook's\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-27 17:11 . 2006-05-03 21:34 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11 . 2006-05-03 21:34 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07 . 2003-07-16 20:36 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2006-05-03 21:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2006-05-03 21:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07 . 2006-05-03 21:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-21 15:51 . 2006-05-03 21:33 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2006-10-10 17:35 . 2006-10-10 17:35 774144 -c--a-w- c:\program files\RngInterstitial.dll
2009-10-17 22:28 . 2008-12-15 16:59 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-10-17 22:28 . 2008-12-15 16:59 125848 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-12-15 16:59 . 2008-12-15 16:59 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2009-09-25 00:22 . 2007-03-30 18:02 1682 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-08-03 1626112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PreCast Monitor.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2003-08-06 06:04 114741 -c----w- c:\windows\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FilmLoop]
2006-09-28 09:59 3723264 -c--a-w- c:\program files\FilmLoop Player\FilmLoop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-08-11 20:30 249856 -c----w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-11 20:30 81920 -c----w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KMCONFIG]
2007-03-06 18:51 212992 -c----w- c:\program files\Micro Innovations\Wireless Keyboard & Mouse Driver\StartAutorun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCW Startup]
2002-12-20 22:06 321024 -c--a-w- c:\program files\Monitor Calibration Wizard\MCW.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-10-06 18:16 5058560 -c--a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2003-10-06 18:16 49152 -c----w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 10:24 286720 -c--a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 20:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-08-09 01:56 68856 -c----w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 06:01 110592 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9323:TCP"= 9323:TCP:EKDiscovery
"9322:TCP"= 9322:TCP:EKDiscovery
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [1/21/2010 2:12 PM 78104]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [8/5/2009 11:49 AM 284016]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/14/2009 2:53 PM 133104]
S2 NProtectService;Norton Unerase Protection;c:\progra~1\NORTON~2\NORTON~1\NPROTECT.EXE [8/30/2004 10:52 PM 95328]
S3 HNetSuN;MainData Hybrid-Net Single User Adapter;c:\windows\system32\drivers\hnetsun.sys [10/5/2004 10:29 AM 14356]
S4 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" --> c:\program files\Windows Defender\MsMpEng.exe [?]
.
Contents of the 'Scheduled Tasks' folder
2010-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-14 19:52]
2010-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-14 19:52]
2010-02-13 c:\windows\Tasks\User_Feed_Synchronization-{E44811A9-3D4A-4673-864C-58B0C09CE97C}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=localhost:8080
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}
Trusted Zone: usahc.com\www
Trusted Zone: usateamcorp.com\www
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.gamehouse.com/games/gamehouse/ghplayer.cab
DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://www.gamehouse.com/games/DreamChronicles.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.gamehouse.com/games/zylom/zylomplayer.cab
DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} - hxxp://www.gamehouse.com/games/mjescape/PTLauncher.cab
.
- - - - ORPHANS REMOVED - - - -
AddRemove-EaccelSetup - c:\progra~1\StopSign\INSTAL~1\eaccelsetup.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-12 22:37
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ... 
scanning hidden autostart entries ... 
scanning hidden files ... 
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(448)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(956)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\IME\SPGRMR.DLL
c:\windows\system32\msi.dll
c:\program files\Common Files\Microsoft Shared\Ink\SKCHUI.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\msiexec.exe
c:\windows\System32\nvsvc32.exe
c:\windows\System32\locator.exe
.
**************************************************************************
.
Completion time: 2010-02-12 22:46:39 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-13 03:46
ComboFix2.txt 2010-02-11 21:40
ComboFix3.txt 2010-02-11 20:10
Pre-Run: 55,790,764,032 bytes free
Post-Run: 55,760,834,560 bytes free
- - End Of File - - 2120CEA28D8223D6CF1FC099DE98ED3F


----------



## eddie5659 (Mar 19, 2001)

Firstly, have you uninstalled Windows Defender via AddRemove, as one of the services has made its way back again?

Also, can you see if you can see this is in AddRemove programs, and if so, uninstall it:

*Rightdown Software SearchBar*

Then, delete the CFScript you have on your Desktop, and do the same as you did before with the new attached file.

You mentioned in your message about an Antivirus scanner. There are a few free ones: AVG and Avast.

I'm currently using Avast, as AVG caused me some slowdown, so here's the link:

*Avast Home Edition*

Here's AVG as well 

*AVG Anti-Virus*

So, yes, its best to get it and keep it updated, but I normally post these in a close out speech when all malware is gone at the end 

Anyway, back to the thread 

If you do the CFScript thing after uninstalling the Rightdown Software SearchBar, and post the next log, and let me know about Windows Defender.

---

Then, when the above is done, can you do this:


Download *OTL* to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Minimal Output*.
Under the *Standard Registry* box change it to *All*.
Check the boxes beside *LOP Check* and *Purity Check*.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. *OTListIt.Txt* and *Extras.Txt*. These are saved in the same location as OTL.
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.


eddie


----------



## human_error (Feb 5, 2010)

I removed Windows Defender via Add/Remove.

Rightdown Software Toolbar appears in the Add/Remove program list but when I click on Change/Remove, nothing happens at all.

Should I continue with the CFScript? Or should I do something else to delete the Rightdown before proceeding?


----------



## eddie5659 (Mar 19, 2001)

I've updated the CFScript below, to take into account the Windows Defender. As Rightdown won't uninstall, lets see if ComboFix will help us instead 

Just use the newly attached CFScript here and it should be okay.


Oh, yes you can do it without doing any more in AddRemove


----------



## human_error (Feb 5, 2010)

most recent combofix log:

ComboFix 10-02-11.04 - The Cook's 02/15/2010 15:08:24.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.289 [GMT -5:00]
Running from: c:\documents and settings\The Cook's\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\The Cook's\Desktop\CFScript.txt
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FILE ::
"c:\program files\Windows Defender\MsMpEng.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Rightdown Software SearchBar
c:\program files\Rightdown Software SearchBar\nav.bmp
c:\program files\Rightdown Software SearchBar\nav_hot.bmp
c:\program files\Rightdown Software SearchBar\rssb.xml
.
((((((((((((((((((((((((( Files Created from 2010-01-15 to 2010-02-15 )))))))))))))))))))))))))))))))
.
2010-02-10 14:14 . 2010-02-10 14:14 -------- d-----w- c:\documents and settings\The Cook's\Application Data\Malwarebytes
2010-02-10 14:14 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-10 14:13 . 2010-02-10 14:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-10 14:13 . 2010-02-10 14:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-10 14:13 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-10 14:11 . 2010-02-10 14:11 52224 ----a-w- c:\documents and settings\The Cook's\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-10 14:11 . 2010-02-10 23:32 117760 ----a-w- c:\documents and settings\The Cook's\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-10 14:10 . 2010-02-10 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-10 14:10 . 2010-02-10 14:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-10 14:10 . 2010-02-10 14:10 -------- d-----w- c:\documents and settings\The Cook's\Application Data\SUPERAntiSpyware.com
2010-02-09 22:51 . 2010-02-09 22:51 388096 ----a-r- c:\documents and settings\The Cook's\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-02-05 17:46 . 2010-02-05 17:46 -------- d-----w- c:\program files\TrendMicro
2010-02-04 11:47 . 2010-02-04 11:47 503808 ----a-w- c:\documents and settings\The Cook's\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2ca2763e-n\msvcp71.dll
2010-02-04 11:47 . 2010-02-04 11:47 499712 ----a-w- c:\documents and settings\The Cook's\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2ca2763e-n\jmc.dll
2010-02-04 11:47 . 2010-02-04 11:47 348160 ----a-w- c:\documents and settings\The Cook's\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2ca2763e-n\msvcr71.dll
2010-02-04 11:47 . 2010-02-04 11:47 61440 ----a-w- c:\documents and settings\The Cook's\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5c04bced-n\decora-sse.dll
2010-02-04 11:47 . 2010-02-04 11:47 12800 ----a-w- c:\documents and settings\The Cook's\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5c04bced-n\decora-d3d.dll
2010-02-02 05:13 . 2010-02-02 05:13 -------- d-----w- c:\documents and settings\The Cook's\Saved Games
2010-02-02 04:56 . 2010-02-02 04:58 -------- d-----w- c:\program files\iWin.com Games
2010-02-01 22:27 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-02-01 22:27 . 2009-09-04 22:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-02-01 22:27 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-02-01 22:27 . 2009-09-04 22:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-02-01 22:25 . 2008-05-30 19:18 238088 ----a-w- c:\windows\system32\xactengine3_1.dll
2010-02-01 22:25 . 2008-05-30 19:17 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2010-02-01 22:25 . 2008-05-30 19:11 467984 ----a-w- c:\windows\system32\d3dx10_38.dll
2010-02-01 22:25 . 2008-05-30 19:11 1491992 ----a-w- c:\windows\system32\D3DCompiler_38.dll
2010-02-01 22:25 . 2008-05-30 19:11 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2010-02-01 22:25 . 2008-03-05 21:03 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2010-02-01 22:25 . 2008-03-05 21:03 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2010-02-01 22:25 . 2008-03-05 21:00 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll
2010-02-01 22:25 . 2008-03-05 20:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2010-02-01 22:25 . 2008-02-06 04:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2010-02-01 22:24 . 2008-03-05 20:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2010-02-01 22:24 . 2007-10-22 08:39 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2010-02-01 22:24 . 2007-10-02 14:56 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2010-02-01 22:24 . 2007-10-12 20:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2010-02-01 22:23 . 2007-10-12 20:14 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2010-02-01 22:08 . 2010-02-01 22:08 -------- d-----w- c:\windows\Logs
2010-02-01 06:44 . 2010-01-14 16:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-31 19:39 . 2010-01-31 19:40 -------- d-----w- c:\documents and settings\The Cook's\Application Data\EnchantedCavern
2010-01-31 19:11 . 2010-01-31 19:11 -------- d-----w- c:\program files\Common Files\Oberon Media
2010-01-31 19:10 . 2010-01-31 19:10 -------- d-----w- c:\program files\Frontier Games
2010-01-24 01:39 . 2010-01-24 01:39 -------- d-----w- c:\documents and settings\The Cook's\Application Data\TMInc
2010-01-20 04:16 . 2007-07-20 05:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2010-01-20 04:16 . 2007-07-19 23:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2010-01-20 04:16 . 2007-07-19 23:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2010-01-20 04:16 . 2007-07-19 23:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-01-20 04:16 . 2007-10-22 08:37 17928 ----a-w- c:\windows\system32\X3DAudio1_2.dll
2010-01-20 04:16 . 2007-06-21 01:46 266088 ----a-w- c:\windows\system32\xactengine2_8.dll
2010-01-20 04:16 . 2007-05-16 21:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2010-01-20 04:16 . 2007-05-16 21:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2010-01-20 04:14 . 2005-05-26 20:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-01-20 04:13 . 2010-01-20 04:13 -------- d-----w- c:\program files\OpenAL
2010-01-20 04:13 . 2010-01-20 04:13 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-20 04:13 . 2010-01-20 04:13 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-20 04:12 . 2010-01-20 04:12 -------- d-----w- c:\windows\system32\AGEIA
2010-01-20 04:12 . 2010-01-20 04:12 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-20 04:11 . 2010-02-10 14:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-18 21:15 . 2010-01-18 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ScreenSeven
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-13 03:37 . 2009-10-18 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2010-02-09 22:45 . 2010-01-14 07:48 -------- d-----w- c:\program files\Viva Media
2010-02-08 20:29 . 2008-01-09 23:18 -------- d-----w- c:\documents and settings\The Cook's\Application Data\FileZilla
2010-02-04 19:00 . 2004-06-01 04:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-04 02:37 . 2010-01-16 02:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2010-02-02 21:07 . 2009-03-13 15:53 -------- d-----w- c:\program files\iWin.com
2010-02-02 05:05 . 2009-03-10 01:00 -------- d-----w- c:\program files\iWin Games
2010-02-01 22:42 . 2005-11-15 18:40 -------- d-----w- c:\program files\Common Files\Java
2010-02-01 22:39 . 2005-11-15 18:43 -------- d-----w- c:\program files\Java
2010-02-01 06:21 . 2009-07-29 06:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-02-01 06:07 . 2004-03-27 17:28 -------- d-----w- c:\program files\Lavasoft
2010-01-31 20:19 . 2007-10-06 05:57 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-21 09:56 . 2009-02-22 18:36 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-16 02:39 . 2010-01-16 02:39 -------- d-----w- c:\documents and settings\The Cook's\Application Data\Friday's games
2010-01-16 02:19 . 2010-01-16 02:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Playrix Entertainment
2010-01-14 07:55 . 2010-01-14 07:55 -------- d-----w- c:\program files\OXXOGames
2010-01-14 07:48 . 2010-01-14 07:48 -------- d-----w- c:\program files\Viva Media Game Center
2009-12-31 16:50 . 2006-05-03 21:33 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-24 23:36 . 2009-02-24 21:41 -------- d-----w- c:\documents and settings\The Cook's\Application Data\Temp
2009-12-21 19:14 . 2006-05-03 21:33 916480 ------w- c:\windows\system32\wininet.dll
2009-12-20 20:02 . 2006-10-08 02:35 31 -c--a-w- c:\windows\popcinfo.dat
2009-12-17 22:14 . 2009-07-16 20:32 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-14 07:08 . 2006-05-03 21:33 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2006-05-03 21:33 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2006-05-03 21:33 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2006-05-03 21:33 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-04 03:31 . 2009-12-04 03:31 152576 ----a-w- c:\documents and settings\The Cook's\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-04 03:30 . 2009-12-04 03:30 79488 ----a-w- c:\documents and settings\The Cook's\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-27 17:11 . 2006-05-03 21:34 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11 . 2006-05-03 21:34 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07 . 2003-07-16 20:36 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2006-05-03 21:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2006-05-03 21:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07 . 2006-05-03 21:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-21 15:51 . 2006-05-03 21:33 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2006-10-10 17:35 . 2006-10-10 17:35 774144 -c--a-w- c:\program files\RngInterstitial.dll
2009-10-17 22:28 . 2008-12-15 16:59 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-10-17 22:28 . 2008-12-15 16:59 125848 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-12-15 16:59 . 2008-12-15 16:59 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2009-09-25 00:22 . 2007-03-30 18:02 1682 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( [email protected]_21.33.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-13 03:37 . 2010-02-13 03:37 16384 c:\windows\Temp\Perflib_Perfdata_62c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-08-03 1626112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PreCast Monitor.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2003-08-06 06:04 114741 -c----w- c:\windows\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FilmLoop]
2006-09-28 09:59 3723264 -c--a-w- c:\program files\FilmLoop Player\FilmLoop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-08-11 20:30 249856 -c----w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-11 20:30 81920 -c----w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KMCONFIG]
2007-03-06 18:51 212992 -c----w- c:\program files\Micro Innovations\Wireless Keyboard & Mouse Driver\StartAutorun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCW Startup]
2002-12-20 22:06 321024 -c--a-w- c:\program files\Monitor Calibration Wizard\MCW.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-10-06 18:16 5058560 -c--a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2003-10-06 18:16 49152 -c----w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 10:24 286720 -c--a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 20:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-08-09 01:56 68856 -c----w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 06:01 110592 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9323:TCP"= 9323:TCP:EKDiscovery
"9322:TCP"= 9322:TCP:EKDiscovery
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [1/21/2010 2:12 PM 78104]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [8/5/2009 11:49 AM 284016]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/14/2009 2:53 PM 133104]
S2 NProtectService;Norton Unerase Protection;c:\progra~1\NORTON~2\NORTON~1\NPROTECT.EXE [8/30/2004 10:52 PM 95328]
S3 HNetSuN;MainData Hybrid-Net Single User Adapter;c:\windows\system32\drivers\hnetsun.sys [10/5/2004 10:29 AM 14356]
.
Contents of the 'Scheduled Tasks' folder
2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-14 19:52]
2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-14 19:52]
2010-02-15 c:\windows\Tasks\User_Feed_Synchronization-{E44811A9-3D4A-4673-864C-58B0C09CE97C}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=localhost:8080
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}
Trusted Zone: usahc.com\www
Trusted Zone: usateamcorp.com\www
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.gamehouse.com/games/gamehouse/ghplayer.cab
DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://www.gamehouse.com/games/DreamChronicles.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.gamehouse.com/games/zylom/zylomplayer.cab
DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} - hxxp://www.gamehouse.com/games/mjescape/PTLauncher.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-15 15:18
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ... 
scanning hidden autostart entries ... 
scanning hidden files ... 
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(448)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-02-15 15:23:50
ComboFix-quarantined-files.txt 2010-02-15 20:23
ComboFix2.txt 2010-02-13 03:46
ComboFix3.txt 2010-02-11 21:40
ComboFix4.txt 2010-02-11 20:10
Pre-Run: 56,483,618,816 bytes free
Post-Run: 56,445,972,480 bytes free
- - End Of File - - 6B6A0997D5108A8AAA4F6F4018A316E3


----------



## eddie5659 (Mar 19, 2001)

Okay, lets look a bit deeper now, to see what's left 


Download *OTL* to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Minimal Output*.
Under the *Standard Registry* box change it to *All*.
Check the boxes beside *LOP Check* and *Purity Check*.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. *OTListIt.Txt* and *Extras.Txt*. These are saved in the same location as OTL.
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.


eddie


----------



## human_error (Feb 5, 2010)

first 1/3 of OTL.txt

OTL logfile created on: 2/15/2010 4:40:52 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\The Cook's\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 213.00 Mb Available Physical Memory | 42.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4095 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 52.60 Gb Free Space | 70.61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VICKIS4600
Current User Name: The Cook's
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\The Cook's\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\iWin Games\iWinTrusted.exe (iWin Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe (Eastman Kodak Company)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\The Cook's\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (NetTcpPortSharing) -- File not found
SRV - (idsvc) -- File not found
SRV - (iWinTrusted) -- C:\Program Files\iWin Games\iWinTrusted.exe (iWin Inc.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe (Eastman Kodak Company)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (NProtectService) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (Symantec Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\hpzipm12.exe (HP)
SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (KMWDFilter) -- C:\WINDOWS\system32\drivers\KMWDFilter.SYS (Windows (R) Codename Longhorn DDK provider)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (smwdm) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (NPDriver) -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS (Symantec Corporation)
DRV - (SDdriver) -- C:\WINDOWS\system32\drivers\SdDriver.SYS (Symantec Corporation)
DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\hpzid412.sys (HP)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (HNetSuN) -- C:\WINDOWS\system32\drivers\hnetsun.sys (MainData s.r.o)
DRV - (bvrp_pci) -- C:\WINDOWS\system32\drivers\bvrp_pci.sys ()
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (PxHelp20) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (AN983) -- C:\WINDOWS\system32\drivers\an983.sys (ADMtek Incorporated.)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Live Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost"

FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0847}: C:\Program Files\iWin Games\firefox\ [2010/02/02 00:05:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/16 15:32:25 | 000,000,000 | ---D | M]

[2009/09/03 21:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Extensions
[2008/08/27 20:39:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/03 21:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Extensions\[email protected]
[2009/11/30 09:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Firefox\Profiles\hiko01mb.default\extensions
[2009/09/03 21:26:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Firefox\Profiles\hiko01mb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/08 22:05:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Firefox\Profiles\hiko01mb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/06/13 14:55:01 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Firefox\Profiles\hiko01mb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(2)
[2009/03/13 12:20:05 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Firefox\Profiles\hiko01mb.default\searchplugins\live-search.xml
[2009/11/30 09:57:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/20 16:30:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/08/06 21:40:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2009/03/14 17:46:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/07/16 15:33:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/04 20:02:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/10/17 17:28:00 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2009/10/17 17:28:01 | 000,125,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2008/12/15 11:59:16 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2008/12/15 11:59:08 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2009/07/25 04:23:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/02/27 12:13:42 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/05/23 13:10:32 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/05/23 13:10:32 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/05/23 13:10:33 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/05/23 13:10:33 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/05/23 13:10:33 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/05/23 13:10:33 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/05/23 13:10:33 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/03/03 09:51:42 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll


----------



## human_error (Feb 5, 2010)

2nd third of OTL.txt

O1 HOSTS File: ([2010/02/12 22:37:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - Reg Error: Value error. File not found
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: usahc.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: usateamcorp.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} http://zone.msn.com/bingame/rock/default/popcaploader1.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224829979531 (MUWebControl Class)
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} http://www.gamehouse.com/games/gamehouse/ghplayer.cab (GameHouse Games Player)
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} http://www.gamehouse.com/games/DreamChronicles.cab (CPlayFirstdreamControl Object)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://www.gamehouse.com/games/mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab (ZoneAxRcMgr Class)
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} http://www.worldwinner.com/games/v67/swapit/swapit.cab (SwapIt Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://www.gamehouse.com/games/zylom/zylomplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://frontier.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab (SCEWebLauncherCtl Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://kodak.webex.com/client/T26L10NSP49EP10/support/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} http://www.gamehouse.com/games/mjescape/PTLauncher.cab (Playtime Games Launcher)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\The Cook's\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\The Cook's\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/03/26 16:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*


----------



## human_error (Feb 5, 2010)

hmmm, guess it really has to be split into quarters -- here's the 3rd quarter of OTL.txt

========== Files/Folders - Created Within 30 Days ==========

[2010/02/15 16:38:58 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\The Cook's\Desktop\OTL.exe
[2010/02/15 15:26:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/11 18:02:57 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\The Cook's\Desktop\RootRepeal.exe
[2010/02/11 14:36:23 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/11 14:34:00 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/11 14:34:00 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/11 14:34:00 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/11 14:34:00 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/11 14:33:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/11 14:33:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/10 09:14:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Cook's\Application Data\Malwarebytes
[2010/02/10 09:14:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/10 09:13:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/10 09:13:58 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/10 09:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/10 09:10:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/02/10 09:10:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Cook's\Application Data\SUPERAntiSpyware.com
[2010/02/10 09:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/02/05 12:46:33 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/02/02 00:13:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Cook's\Saved Games
[2010/02/02 00:04:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\iwin
[2010/02/01 23:56:27 | 000,000,000 | ---D | C] -- C:\Program Files\iWin.com Games
[2010/02/01 17:42:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/02/01 17:40:14 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/02/01 17:40:11 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/02/01 17:40:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/02/01 17:40:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/02/01 17:27:11 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2010/02/01 17:27:08 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2010/02/01 17:27:05 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2010/02/01 17:27:02 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2010/02/01 17:26:56 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2010/02/01 17:26:55 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2010/02/01 17:26:54 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2010/02/01 17:26:50 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2010/02/01 17:26:50 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2010/02/01 17:26:46 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2010/02/01 17:26:42 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2010/02/01 17:26:42 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2010/02/01 17:26:40 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2010/02/01 17:26:38 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2010/02/01 17:26:32 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2010/02/01 17:26:32 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2010/02/01 17:26:29 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2010/02/01 17:26:25 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2010/02/01 17:26:25 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2010/02/01 17:26:23 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2010/02/01 17:26:22 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2010/02/01 17:26:19 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2010/02/01 17:26:19 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2010/02/01 17:26:17 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2010/02/01 17:26:15 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2010/02/01 17:26:15 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2010/02/01 17:26:10 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2010/02/01 17:26:03 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2010/02/01 17:26:02 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2010/02/01 17:25:59 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2010/02/01 17:25:57 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2010/02/01 17:25:51 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2010/02/01 17:25:51 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2010/02/01 17:25:49 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2010/02/01 17:25:48 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2010/02/01 17:25:47 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2010/02/01 17:25:35 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2010/02/01 17:25:19 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2010/02/01 17:25:19 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2010/02/01 17:24:59 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2010/02/01 17:24:37 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2010/02/01 17:24:04 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2010/02/01 17:24:03 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2010/02/01 17:23:34 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2010/02/01 17:08:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/02/01 02:02:57 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/01 01:44:28 | 000,181,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/01/31 14:39:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Cook's\Application Data\EnchantedCavern
[2010/01/31 14:11:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Oberon Media
[2010/01/31 14:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\Frontier Games
[2010/01/30 14:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Cook's\My Documents\Oberon Media
[2010/01/23 20:39:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Cook's\Application Data\TMInc
[2010/01/19 23:16:16 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2010/01/19 23:16:15 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2010/01/19 23:16:15 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2010/01/19 23:16:14 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2010/01/19 23:16:10 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2010/01/19 23:16:10 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2010/01/19 23:16:04 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2010/01/19 23:16:04 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2010/01/19 23:15:59 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2010/01/19 23:15:54 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2010/01/19 23:15:49 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2010/01/19 23:15:43 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2010/01/19 23:15:43 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2010/01/19 23:15:36 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2010/01/19 23:15:35 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2010/01/19 23:15:34 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2010/01/19 23:15:30 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2010/01/19 23:15:30 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2010/01/19 23:15:29 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2010/01/19 23:15:29 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2010/01/19 23:15:28 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2010/01/19 23:15:27 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2010/01/19 23:15:26 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2010/01/19 23:15:25 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2010/01/19 23:15:07 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2010/01/19 23:15:06 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2010/01/19 23:15:06 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2010/01/19 23:15:05 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2010/01/19 23:15:03 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2010/01/19 23:15:02 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2010/01/19 23:15:01 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2010/01/19 23:14:59 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2010/01/19 23:14:58 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2010/01/19 23:14:55 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2010/01/19 23:13:50 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2010/01/19 23:13:48 | 000,413,696 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010/01/19 23:13:48 | 000,110,592 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2010/01/19 23:12:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\AGEIA
[2010/01/19 23:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2010/01/19 23:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/01/18 16:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ScreenSeven
[2009/10/17 21:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Eastman Kodak Company
[2009/07/22 01:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/04/09 19:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/04/07 01:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2007/04/19 18:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Earthlink
[2006/10/10 12:35:34 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2005/09/19 17:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Earthlink
[2005/02/15 00:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2005/02/15 00:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2004/08/25 14:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2004/04/29 17:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\EarthLink Toolbar
[2004/03/26 16:06:54 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[8 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[258 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/15 16:39:11 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Cook's\Desktop\OTL.exe
[2010/02/15 16:04:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/15 15:26:46 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E44811A9-3D4A-4673-864C-58B0C09CE97C}.job
[2010/02/15 15:23:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/15 15:18:04 | 000,000,282 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/15 11:04:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/14 18:21:49 | 007,864,320 | ---- | M] () -- C:\Documents and Settings\The Cook's\ntuser.dat
[2010/02/12 22:37:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/12 22:37:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/12 22:37:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/12 22:36:25 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\The Cook's\ntuser.ini
[2010/02/12 08:38:34 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\gmer.zip
[2010/02/11 18:03:03 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\The Cook's\Desktop\RootRepeal.exe
[2010/02/11 16:23:27 | 003,856,004 | R--- | M] () -- C:\Documents and Settings\The Cook's\Desktop\ComboFix.exe
[2010/02/11 14:36:32 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/02/11 12:52:53 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\HiJackThis.lnk
[2010/02/11 02:07:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/10 09:14:03 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/10 09:10:08 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/10 09:07:52 | 000,001,936 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/10 09:07:52 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/02/09 17:03:41 | 000,000,130 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\United States Post Office.url
[2010/02/06 22:18:05 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/02/04 14:00:58 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/02/02 16:08:45 | 000,001,677 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mah Jong Quest.lnk
[2010/02/01 23:59:57 | 000,001,843 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Jewel Quest Mysteries Curse of the Emerald Tear.lnk
[2010/02/01 23:58:18 | 000,001,715 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Jewel Quest III.lnk
[2010/01/31 14:11:55 | 000,001,146 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\Frontier Games.lnk
[2010/01/31 14:11:47 | 000,001,803 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\Enchanted Cavern.lnk
[2010/01/23 20:38:52 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\Treasure Masters, Inc..lnk
[2010/01/22 20:10:04 | 000,000,919 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\Magic Encyclopedia. First Story.lnk
[2010/01/22 20:09:43 | 000,000,872 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\Scepter of Ra.lnk
[2010/01/20 01:42:32 | 000,000,930 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\The Curse Of Montezuma.lnk
[2010/01/19 23:13:49 | 000,413,696 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010/01/19 23:13:48 | 000,110,592 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[258 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]


----------



## human_error (Feb 5, 2010)

and here is the balance of OTL.txt

========== Files Created - No Company Name ==========

[2010/02/12 08:38:31 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\gmer.zip
[2010/02/11 14:36:31 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/02/11 14:36:24 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/11 14:34:00 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/11 14:34:00 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/11 14:34:00 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/11 14:34:00 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/11 14:34:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/11 14:28:33 | 003,856,004 | R--- | C] () -- C:\Documents and Settings\The Cook's\Desktop\ComboFix.exe
[2010/02/10 09:14:03 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/10 09:10:08 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/09 17:51:36 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\HiJackThis.lnk
[2010/02/04 14:00:57 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/02/02 16:08:45 | 000,001,677 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mah Jong Quest.lnk
[2010/02/01 23:59:57 | 000,001,843 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Jewel Quest Mysteries Curse of the Emerald Tear.lnk
[2010/02/01 23:58:18 | 000,001,715 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Jewel Quest III.lnk
[2010/01/31 14:11:55 | 000,001,146 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\Frontier Games.lnk
[2010/01/31 14:11:45 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\Enchanted Cavern.lnk
[2010/01/23 20:38:52 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\Treasure Masters, Inc..lnk
[2010/01/22 20:10:04 | 000,000,919 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\Magic Encyclopedia. First Story.lnk
[2010/01/22 20:09:43 | 000,000,872 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\Scepter of Ra.lnk
[2010/01/21 20:23:21 | 000,000,432 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E44811A9-3D4A-4673-864C-58B0C09CE97C}.job
[2010/01/20 01:42:32 | 000,000,930 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\The Curse Of Montezuma.lnk
[2009/10/17 22:51:36 | 000,049,292 | ---- | C] () -- C:\Documents and Settings\The Cook's\Local Settings\Application Data\c4u.log
[2009/10/17 15:20:56 | 000,016,130 | ---- | C] () -- C:\Documents and Settings\The Cook's\Local Settings\Application Data\clear.log
[2009/09/23 10:12:38 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\The Cook's\Application Data\PFP120JPR.{PB
[2009/09/23 10:12:38 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\The Cook's\Application Data\PFP120JCM.{PB
[2009/02/24 16:40:37 | 000,182,130 | ---- | C] () -- C:\Documents and Settings\The Cook's\Local Settings\Application Data\installer.log
[2008/03/16 19:53:13 | 000,000,041 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2007/10/16 18:38:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\MVPWORD.INI
[2007/07/22 17:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/22 17:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/22 17:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/22 17:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/22 17:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/22 17:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/22 17:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/22 17:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/22 17:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/06/25 20:34:26 | 000,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007/03/30 13:02:17 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/02/03 11:48:54 | 000,000,076 | ---- | C] () -- C:\WINDOWS\TwainUI.INI
[2006/10/26 17:38:42 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/10/26 17:38:42 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/10/19 19:03:33 | 000,001,300 | ---- | C] () -- C:\WINDOWS\bizpub32.INI
[2006/07/25 00:04:39 | 000,005,815 | ---- | C] () -- C:\Documents and Settings\The Cook's\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/07/25 00:04:39 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/07/20 18:49:33 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2006/06/19 18:52:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RussSqr.INI
[2006/04/15 15:45:40 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/04/15 15:45:40 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/02/20 21:23:06 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\The Cook's\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/15 08:33:52 | 000,017,746 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/09/07 13:52:26 | 000,000,053 | ---- | C] () -- C:\WINDOWS\lcjd.dll
[2005/09/07 13:52:26 | 000,000,026 | ---- | C] () -- C:\WINDOWS\timejd.dll
[2005/03/28 20:47:45 | 000,001,315 | ---- | C] () -- C:\Documents and Settings\The Cook's\Application Data\C.wcm
[2005/02/24 13:08:56 | 000,004,981 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/10/21 14:56:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TV4PC.INI
[2004/10/12 11:33:25 | 000,345,088 | ---- | C] () -- C:\WINDOWS\System32\ShrLk21.dll
[2004/05/20 12:10:32 | 000,000,054 | ---- | C] () -- C:\WINDOWS\TwUI215.INI
[2004/03/27 13:16:11 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\The Cook's\Application Data\PFP110JPR.{PB
[2004/03/27 13:16:11 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\The Cook's\Application Data\PFP110JCM.{PB
[2004/03/27 12:41:55 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\wh2robo.dll
[2004/03/26 18:53:10 | 000,000,032 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2004/03/26 18:23:15 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/03/26 17:50:55 | 000,000,377 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/03/26 17:34:27 | 000,001,613 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INI
[2004/03/26 17:20:44 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2003/10/06 13:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/08/14 01:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/07/16 15:35:28 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2003/07/16 15:26:42 | 000,051,712 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2003/05/13 10:28:52 | 001,132,032 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2003/04/04 11:59:08 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ACNePlayer.dll

========== LOP Check ==========

[2009/03/26 23:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1
[2010/02/03 21:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2008/04/23 06:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eAcceleration
[2009/11/19 10:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2009/03/30 11:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fitn17
[2009/04/10 16:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2008/09/03 18:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2009/04/05 17:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009/07/15 12:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii Games
[2006/11/02 02:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HSLAB
[2009/03/29 14:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2009/03/07 15:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2007/10/01 19:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2009/11/19 10:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2006/10/17 19:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/08/13 23:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2007/10/02 23:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2009/08/18 19:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeptunesAdve
[2009/05/20 16:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/03/03 23:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/01/15 21:19:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2006/11/15 19:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayTime
[2009/04/12 01:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2007/12/06 01:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/01/18 16:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScreenSeven
[2007/10/07 22:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SonyPicturesGames
[2010/01/31 15:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/01 20:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheRace_dev
[2009/09/03 21:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2006/10/31 17:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/04/12 14:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2008/01/22 19:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/06/09 13:00:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
[2006/10/31 17:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Aim
[2009/07/04 20:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\AlwaysNeat
[2009/07/07 23:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\cerasus.media
[2004/03/26 18:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Earthlink
[2010/01/31 14:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\EnchantedCavern
[2008/09/03 19:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Eyeblaster
[2009/05/21 01:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\FairyTale
[2010/02/08 15:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\FileZilla
[2006/09/28 06:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\FilmLoop
[2010/01/15 21:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Friday's games
[2009/08/19 15:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\funkitron
[2009/03/13 10:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\GameHouse
[2008/01/13 21:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\GetRightToGo
[2009/07/15 12:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Gogii Games
[2008/01/13 18:23:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\gtk-2.0
[2006/11/02 02:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\HSLAB
[2009/04/04 14:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Jetsetter
[2009/03/10 19:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\JewelMatch2
[2004/03/28 06:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Leadertech
[2008/10/15 19:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\LTOA
[2009/04/18 17:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Meridian93
[2006/08/30 03:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Netscape
[2008/10/19 19:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Pi Eye Games
[2009/03/03 23:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\PlayFirst
[2009/04/12 01:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\PoBros
[2009/05/26 03:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\PreCast
[2004/10/07 17:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\RhinoSoft.com
[2009/07/01 21:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\StoneLoopsRL
[2009/12/24 18:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Temp
[2006/06/19 07:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\The Labyrinth Plus! Edition
[2010/01/23 20:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\TMInc
[2009/09/03 21:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\TomTom
[2009/05/24 15:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Total Eclipse
[2006/10/03 18:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Ulead Systems
[2009/06/30 03:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\URSE Games
[2009/04/12 14:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Valusoft
[2006/11/05 00:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Wildfire
[2010/02/15 15:26:46 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E44811A9-3D4A-4673-864C-58B0C09CE97C}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA4AE5FC
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26B71D30
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP16E7091
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6426C0E9
< End of report >


----------



## human_error (Feb 5, 2010)

first 1/2 of extras.txt

OTL Extras logfile created on: 2/15/2010 4:40:52 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\The Cook's\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 213.00 Mb Available Physical Memory | 42.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4095 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 52.60 Gb Free Space | 70.61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VICKIS4600
Current User Name: The Cook's
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9323:TCP" = 9323:TCP:*:Enabled:EKDiscovery
"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. -- (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" = C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe:*:Enabled:Kodak.AiO.HomeCenter -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe" = C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe:*:Enabled:Kodak.AiO.Statistics -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe" = C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe:*:Enabled:Kodak.AiO.SetupUtility -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe" = C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe:*:Enabled:Kodak.AiO.FwUpdater -- (Eastman Kodak Company)
"C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe" = C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe:*:Enabled:Kodak.AiO.Installer -- (KODAK)


----------



## human_error (Feb 5, 2010)

balance of extras.txt

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{218F4044-888B-4D2B-9536-654E412C8F53}" = Design & Print, Business Edition
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 18
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{32A72502-BC2C-4C39-ACEA-BC3D463F0697}" = EN
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{369B36BE-3D64-4641-9AEA-808D436FE132}" = Microsoft Picture It! Photo 7.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{54DD126C-E5F5-404C-B4B7-66DF7FD4F2FF}" = MSSoap
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}" = Norton Utilities
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115313460}" = Enchanted Cavern
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B910DD1A-49B1-4068-9C08-E3C3AEC0C30A}" = Wireless Keyboard & Mouse Driver
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3C97899-3890-43DB-AA0C-D91A84FA7787}" = Avery Wizard 3.1
"{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}" = Works Suite OS Pack
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Center
"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! for Windows XP
"{EFC1B35C-FFF2-41D8-A70A-CE6037F8040B}" = AGEIA PhysX v7.07.24
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F91E1833-2D7C-4725-B98A-C779FEC41946}" = EarthLink MDAC
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"040a_5005" = USB MassStorage CardReader
"3D Windows XP" = 3D Windows XP Screen Saver
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"amg-bricksofegypt" = Bricks of Egypt
"Annabel" = Annabel
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"BFGC" = Big Fish Games Client
"Bookworm Deluxe 1.13" = Bookworm Deluxe 1.13
"Brain Games Brain Teasers" = Brain Games Brain Teasers 
"Call of Atlantis" = Call of Atlantis
"CNXT_MODEM_PCI_VEN_14F1&DEV_2702" = Conexant SmartHSFi V.9x 56K DF PCI Modem
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Cornice_is1" = Cornice 0.6.1
"Cubis Gold 2" = Cubis Gold 2
"Diamond Detective" = Diamond Detective
"eGames GameButler" = eGames GameButler
"ExtractNow_is1" = ExtractNow
"Farm Frenzy - Pizza Party!" = Farm Frenzy - Pizza Party!
"FileZilla Client" = FileZilla Client 3.1.0.1
"FilmLoopPlayer" = FilmLoop Player
"FTR Gold" = FTR Gold
"FTR Log Notes" = FTR Log Notes
"GameHouse" = GameHouse
"getPlus(R)_dll" = getPlus(R)_dll
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Insider Tales - The stolen Venus" = Insider Tales - The stolen Venus
"InstallShield_{B910DD1A-49B1-4068-9C08-E3C3AEC0C30A}" = Wireless Keyboard & Mouse Driver
"InstallShield_{D3C97899-3890-43DB-AA0C-D91A84FA7787}" = Avery Wizard 3.1
"iWinArcade" = iWin Games (remove only)
"Jewel Quest III" = Jewel Quest III (remove only)
"Jewel Quest Mysteries: Curse of the Emerald Tear" = Jewel Quest Mysteries: Curse of the Emerald Tear (remove only)
"JRE 1.3.1_02" = Java 2 Runtime Environment Standard Edition v1.3.1_02
"Lexicon" = Lexicon
"Lexicon Special Edition" = Lexicon Special Edition
"Magic Encyclopedia. First Story" = Magic Encyclopedia. First Story
"Mah Jong Quest" = Mah Jong Quest (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monitor Calibration Wizard" = Monitor Calibration Wizard 1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Display Driver" = NVIDIA Display Driver
"OpenAL" = OpenAL
"PreCast" = Ocucom PreCast 1.6
"RealPlayer 6.0" = RealPlayer
"Rightdown SoftwareRightdown Software SearchBar" = Rightdown Software - Toolbar
"SCRABBLE" = SCRABBLE
"The Curse Of Montezuma" = The Curse Of Montezuma
"Treasure Masters, Inc." = Treasure Masters, Inc.
"TruVoice" = Lernout & Hauspie TruVoice for Microsoft Agent
"VIVAGplayer" = VIVA MEDIA GAME CENTER
"Web Games Player Plugin" = Web Games Player Plugin
"WebIQ" = WebIQ Client Software
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2003Setup" = Microsoft Works 2003 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Yahoo! SiteBuilder" = Yahoo! SiteBuilder

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/13/2010 3:03:53 AM | Computer Name = VICKIS4600 | Source = .NET Runtime Optimization Service | ID = 1110
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Service Manager returned a fatal error (0x80004002). Will stop service

Error - 2/14/2010 3:00:56 AM | Computer Name = VICKIS4600 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb958481,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10 
0.

Error - 2/14/2010 3:02:03 AM | Computer Name = VICKIS4600 | Source = .NET Runtime Optimization Service | ID = 1110
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Service Manager returned a fatal error (0x80004002). Will stop service

Error - 2/14/2010 7:24:39 PM | Computer Name = VICKIS4600 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/14/2010 7:25:05 PM | Computer Name = VICKIS4600 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 2/14/2010 8:04:57 PM | Computer Name = VICKIS4600 | Source = Application Hang | ID = 1002
Description = Hanging application iWinGames.exe, version 2.83.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/15/2010 3:01:57 AM | Computer Name = VICKIS4600 | Source = MsiInstaller | ID = 1023
Description =

Error - 2/15/2010 3:01:59 AM | Computer Name = VICKIS4600 | Source = NativeWrapper | ID = 5000
Description =

Error - 2/15/2010 3:02:17 AM | Computer Name = VICKIS4600 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb958481,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10 
0.

Error - 2/15/2010 3:03:33 AM | Computer Name = VICKIS4600 | Source = .NET Runtime Optimization Service | ID = 1110
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Service Manager returned a fatal error (0x80004002). Will stop service

[ System Events ]
Error - 2/12/2010 2:11:57 PM | Computer Name = VICKIS4600 | Source = Service Control Manager | ID = 7023
Description = The eAcceleration Product Manager Service service terminated with 
the following error: %%2147500037

Error - 2/12/2010 4:11:09 PM | Computer Name = VICKIS4600 | Source = Service Control Manager | ID = 7023
Description = The eAcceleration Product Manager Service service terminated with 
the following error: %%2147500037

Error - 2/12/2010 11:34:49 PM | Computer Name = VICKIS4600 | Source = Service Control Manager | ID = 7034
Description = The eAcceleration Notification Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/12/2010 11:35:40 PM | Computer Name = VICKIS4600 | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_ROOTREPEAL\0000 disappeared from the system
without first being prepared for removal.

Error - 2/13/2010 3:02:26 AM | Computer Name = VICKIS4600 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1 Security Update
for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and
Windows Server 2008 R2 (KB953297).

Error - 2/13/2010 3:02:59 AM | Computer Name = VICKIS4600 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

Error - 2/14/2010 3:00:31 AM | Computer Name = VICKIS4600 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80246007: Microsoft .NET Framework 1.1 Service Pack 1 Security Update
for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and
Windows Server 2008 R2 (KB953297).

Error - 2/14/2010 3:01:14 AM | Computer Name = VICKIS4600 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

Error - 2/15/2010 3:02:05 AM | Computer Name = VICKIS4600 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1 Security Update
for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and
Windows Server 2008 R2 (KB953297).

Error - 2/15/2010 3:02:37 AM | Computer Name = VICKIS4600 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Please run OTL.exe

Under the *Custom Scans/Fixes* box at the bottom, paste in the following


```
:OTL
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
:Files
C:\Documents and Settings\The Cook's\Application Data\PFP120JPR.{PB
C:\Documents and Settings\The Cook's\Application Data\PFP120JCM.{PB
C:\Documents and Settings\All Users\Application Data\eAcceleration
C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
C:\Documents and Settings\All Users\Application Data\TEMP:BA4AE5FC
C:\Documents and Settings\All Users\Application Data\TEMP:26B71D30
C:\Documents and Settings\All Users\Application Data\TEMP16E7091
C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1
C:\Documents and Settings\All Users\Application Data\TEMP:6426C0E9
:Commands
[purity]
[emptytemp]
[Reboot]
```

Then click the *Run Fix* button at the top
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply.

eddie


----------



## human_error (Feb 5, 2010)

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
========== FILES ==========
C:\Documents and Settings\The Cook's\Application Data\PFP120JPR.{PB moved successfully.
C:\Documents and Settings\The Cook's\Application Data\PFP120JCM.{PB moved successfully.
C:\Documents and Settings\All Users\Application Data\eAcceleration\resources\xml folder moved successfully.
C:\Documents and Settings\All Users\Application Data\eAcceleration\resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\eAcceleration\Notifications\files folder moved successfully.
C:\Documents and Settings\All Users\Application Data\eAcceleration\Notifications folder moved successfully.
C:\Documents and Settings\All Users\Application Data\eAcceleration folder moved successfully.
File\Folder C:\Documents and Settings\All Users\Application Data\TEMP:260575F1 not found.
File\Folder C:\Documents and Settings\All Users\Application Data\TEMP:BA4AE5FC not found.
File\Folder C:\Documents and Settings\All Users\Application Data\TEMP:26B71D30 not found.
File\Folder C:\Documents and Settings\All Users\Application Data\TEMP16E7091 not found.
File\Folder C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1 not found.
File\Folder C:\Documents and Settings\All Users\Application Data\TEMP:6426C0E9 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 98371 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: The Cook's
->Temp folder emptied: 65 bytes
->Temporary Internet Files folder emptied: 25309219 bytes
->Java cache emptied: 130967629 bytes
->FireFox cache emptied: 114366634 bytes
->Google Chrome cache emptied: 38496222 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4235424 bytes
%systemroot%\System32 .tmp files removed: 72128081 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4559887 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 548050 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 17 bytes

Total Files Cleaned = 373.00 mb

OTL by OldTimer - Version 3.1.28.0 log created on 02162010_141718
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...


----------



## eddie5659 (Mar 19, 2001)

Please click *here* to download AVP Tool by Kaspersky.

Save it to your desktop. 
Reboot your computer into SafeMode. 
_You can do this by restarting your computer and continually tapping the *F8* key until a menu appears.
Use your up arrow key to highlight SafeMode then hit *enter*_*.*​
Double click the setup file to run it.
Click Next to continue.
It will by default install it to your desktop folder.Click Next.
Hit ok at the prompt for scanning in Safe Mode.
It will then open a box There will be a tab that says Automatic scan.
Under Automatic scan make sure these are checked.

 System Memory
Startup Objects
Disk Boot Sectors.
My Computer.
Also any other drives (Removable that you may have) 

After that click on *Security level* then choose *Customize* then click on the tab that says *Heuristic Analyzer* then choose *Enable Deep rootkit search* then choose *ok*.
Then choose OK again then you are back to the main screen.


Then click on Scan at the to right hand Corner.
It will automatically Neutralize any objects found.
If some objects are left un-neutralized then click the button that says Neutralize all
If it says it cannot be Neutralized then chooose The delete option when prompted.
After that is done click on the reports button at the bottom and save it to file name it *Kas*.
Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under *Detected* post those results in your next reply.

*Note: This tool will self uninstall when you close it so please save the log before closing it.​*
*​*


----------



## human_error (Feb 5, 2010)

I ran the scan as you instructed. It found several virus which I have deleted (neutralizing didn't show as an option). When I tried to save, I discovered that running in safe mode is keeping my monitor at 600x800, which means I can't get to the bottom of the screen to hit the save button. I've even tried a second monitor (I normally use a wide screen) but that doesn't allow me to get to the save button either. I'll sit tight until I hear from you. Perhaps there is a workaround I'm unaware of. Thanks so much.


----------



## human_error (Feb 5, 2010)

Using the tab key, I was finally able to reach the "reports" key. Once on the reports page, though, I couldn't find a way to save. I created screen prints instead. Because they were wider than my screen could accommodate, I did a print of the left side, then the right side. Hopefully this will show you the information you need.


----------



## human_error (Feb 5, 2010)

In looking at the attachment in my previous post, I see that only the left side screen print actually appears. I've created a notepad doc below to reflect all of the information that should have been included in my attachment:

AUTOSCAN: completed 22 hrs ago (events: 6, objects: 234626, time: 03:55:19
2/16/2010 3:18:43 PM Task started
2/16/2010 5:58:05 PM Detected: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore {22894B24-AA34-4B7C-8560-8192ABCA3FF3}\rp2221/a0256639.exe
2/16/2020 5:58:05 PM Untreated: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore {22894B24-AA34-4B7C-8560-8192ABCA3FF3}\rp2221/a0256639.exe Postponed
2/16/2010 6:59:08 PM Detected: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore {22894B24-AA34-4B7C-8560-8192ABCA3FF3}\rp2221/a0256639.exe
2/16/2010 7:14:03 PM Deleted: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore {22894B24-AA34-4B7C-8560-8192ABCA3FF3}\rp2221/a0256639.exe
2/16/2010 7:14:03 PM Task Completed


----------



## eddie5659 (Mar 19, 2001)

Okay, there's not that much removed, which is sometimes a good sign 

Now, I want to scan a few files:


Please go to  VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the *"Suspicious files to scan"*box on the top of the page:

*C:\Documents and Settings\The Cook's\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini*

 Click on the *Upload* button
 Once the Scan is completed, click on the "*Copy to Clipboard*" button. This will copy the link of the report into the Clipboard.
 Paste the contents of the Clipboard in your next reply.

Do the same with these files as well:

*C:\WINDOWS\lcjd.dll
C:\WINDOWS\timejd.dll
C:\WINDOWS\system32\conime.exe*

eddie


----------



## human_error (Feb 5, 2010)

When I go into VirSCAN.org, the box is greyed out and I am unable to paste anything into it. I'm unable to type into it either. I'll try to search for the file by using the browse feature and will c&p that log as well if I find the file.

Here are the results for C:/WINDOWS/lcjd.dll

VirSCAN.org Scanned Report :
Scanned time : 2010/02/18 16:35:32 (EST)
Scanner results: Scanners did not find malware!
File Name : lcjd.dll
File Size : 53 byte
File Type : ASCII text, with CRLF line terminators
MD5 : 242d4905948f5a03540f0493df8f842b
SHA1 : 00a1045a823ae0c96345e02d84965abb23dbf1da
Online report : http://virscan.org/report/9f5893b50405ff8db8eac95d206e4721.html
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100219053126 2010-02-19 4.33 -
AhnLab V3 2010.02.19.00 2010.02.19 2010-02-19 1.02 -
AntiVir 8.2.1.170 7.10.4.98 2010-02-18 0.06 -
Antiy 2.0.18 20100218.3856333 2010-02-18 0.12 -
Arcavir 2009 201002181830 2010-02-18 0.02 -
Authentium 5.1.1 201002181115 2010-02-18 1.27 -
AVAST! 4.7.4 100218-1 2010-02-18 0.00 -
AVG 8.5.720 271.1.1/2696 2010-02-19 0.22 -
BitDefender 7.81008.5162331 7.30444 2010-02-19 5.21 -
ClamAV 0.95.3 10407 2010-02-18 0.00 -
Comodo 3.13.579 3409 2010-02-18 0.89 -
CP Secure 1.3.0.5 2010.02.19 2010-02-19 0.00 -
Dr.Web 5.0.1.12222 2010.02.19 2010-02-19 7.38 -
F-Prot 4.4.4.56 20100218 2010-02-18 1.25 -
F-Secure 7.02.73807 2010.02.18.14 2010-02-18 9.76 -
Fortinet 11.511- 11.511 2010-02-18 0.16 -
GData 19.10575/19.763 20100218 2010-02-18 6.14 -
ViRobot 20100218 2010.02.18 2010-02-18 0.41 -
Ikarus T3.1.01.80 2010.02.18.75227 2010-02-18 4.56 -
JiangMin 13.0.900 2010.02.08 2010-02-08 4.66 -
Kaspersky 5.5.10 2010.02.18 2010-02-18 0.03 -
KingSoft 2009.2.5.15 2010.2.18.7 2010-02-18 0.54 -
McAfee 5.3.00 5896 2010-02-18 3.53 -
Microsoft 1.5406 2010.02.18 2010-02-18 6.88 -
Norman 6.01.09 6.01.00 2010-02-10 4.00 -
Panda 9.05.01 2010.02.18 2010-02-18 1.90 -
Trend Micro 9.120-1004 6.856.07 2010-02-18 0.02 -
Quick Heal 10.00 2010.02.18 2010-02-18 1.32 -
Rising 20.0 22.34.01.03 2010-02-09 0.24 -
Sophos 3.04.1 4.50 2010-02-19 3.32 -
Sunbelt 3.9.2405.2 5684 2010-02-17 2.66 -
Symantec 1.3.0.24 20100218.016 2010-02-18 0.25 -
nProtect 20100218.01 7275921 2010-02-18 4.27 -
The Hacker 6.5.1.4 v00199 2010-02-18 0.36 -
VBA32 3.12.12.2 20100216.0919 2010-02-16 2.55 -
VirusBuster 4.5.11.10 10.119.63/2030955 2010-02-18 2.35 -

here are the results of C:\WINDOSW\timejd.dll
VirSCAN.org Scanned Report :
Scanned time : 2010/02/18 16:38:41 (EST)
Scanner results: Scanners did not find malware!
File Name : timejd.dll
File Size : 26 byte
File Type : ASCII text, with CRLF line terminators
MD5 : 0c49cef5364dd5eaef302666655ddb73
SHA1 : e6f8e503cb00a7c0d58f11afb22b6bd192af3b75
Online report : http://virscan.org/report/6d1050cace9dcb1a4aa89a8b17cfd8d9.html
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100219053126 2010-02-19 4.24 -
AhnLab V3 2010.02.19.00 2010.02.19 2010-02-19 1.02 -
AntiVir 8.2.1.170 7.10.4.98 2010-02-18 0.11 -
Antiy 2.0.18 20100218.3856333 2010-02-18 0.12 -
Arcavir 2009 201002181830 2010-02-18 0.01 -
Authentium 5.1.1 201002181115 2010-02-18 1.25 -
AVAST! 4.7.4 100218-1 2010-02-18 0.00 -
AVG 8.5.720 271.1.1/2696 2010-02-19 0.21 -
BitDefender 7.81008.5162331 7.30444 2010-02-19 5.16 -
ClamAV 0.95.3 10407 2010-02-18 0.00 -
Comodo 3.13.579 3409 2010-02-18 0.90 -
CP Secure 1.3.0.5 2010.02.19 2010-02-19 0.00 -
Dr.Web 5.0.1.12222 2010.02.19 2010-02-19 5.49 -
F-Prot 4.4.4.56 20100218 2010-02-18 1.25 -
F-Secure 7.02.73807 2010.02.18.14 2010-02-18 0.08 -
Fortinet 11.511- 11.511 2010-02-18 0.23 -
GData 19.10575/19.763 20100218 2010-02-18 6.09 -
ViRobot 20100218 2010.02.18 2010-02-18 0.41 -
Ikarus T3.1.01.80 2010.02.18.75227 2010-02-18 4.57 -
JiangMin 13.0.900 2010.02.08 2010-02-08 6.28 -
Kaspersky 5.5.10 2010.02.18 2010-02-18 0.03 -
KingSoft 2009.2.5.15 2010.2.18.7 2010-02-18 0.57 -
McAfee 5.3.00 5896 2010-02-18 3.53 -
Microsoft 1.5406 2010.02.18 2010-02-18 6.91 -
Norman 6.01.09 6.01.00 2010-02-10 4.01 -
Panda 9.05.01 2010.02.18 2010-02-18 1.94 -
Trend Micro 9.120-1004 6.856.07 2010-02-18 0.02 -
Quick Heal 10.00 2010.02.18 2010-02-18 1.38 -
Rising 20.0 22.34.01.03 2010-02-09 0.24 -
Sophos 3.04.1 4.50 2010-02-19 3.32 -
Sunbelt 3.9.2405.2 5684 2010-02-17 2.84 -
Symantec 1.3.0.24 20100218.016 2010-02-18 0.16 -
nProtect 20100218.01 7275921 2010-02-18 5.01 -
The Hacker 6.5.1.4 v00199 2010-02-18 1.12 -
VBA32 3.12.12.2 20100216.0919 2010-02-16 2.57 -
VirusBuster 4.5.11.10 10.119.63/2030955 2010-02-18 2.33 -

and for C:WINDOWS/system32/conime.exe

VirSCAN.org Scanned Report :
Scanned time : 2010/02/18 16:42:26 (EST)
Scanner results: Scanners did not find malware!
File Name : conime.exe
File Size : 27648 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : abc9002269e569538901109441660dd2
SHA1 : 7ef33a2fe818bea3d8b32061369d6ae615aeacb9
Online report : http://virscan.org/report/0b5d8b3fbab6fc9b46d088e35b547bb3.html
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100219053126 2010-02-19 4.46 -
AhnLab V3 2010.02.19.00 2010.02.19 2010-02-19 1.12 -
AntiVir 8.2.1.170 7.10.4.98 2010-02-18 0.33 -
Antiy 2.0.18 20100218.3856333 2010-02-18 0.12 -
Arcavir 2009 201002181830 2010-02-18 0.03 -
Authentium 5.1.1 201002181115 2010-02-18 1.26 -
AVAST! 4.7.4 100218-1 2010-02-18 0.01 -
AVG 8.5.720 271.1.1/2696 2010-02-19 0.28 -
BitDefender 7.81008.5162331 7.30444 2010-02-19 5.19 -
ClamAV 0.95.3 10407 2010-02-18 0.01 -
Comodo 3.13.579 3409 2010-02-18 0.91 -
CP Secure 1.3.0.5  2010.02.19 2010-02-19 0.04 -
Dr.Web 5.0.1.12222 2010.02.19 2010-02-19 5.38 -
F-Prot 4.4.4.56 20100218 2010-02-18 1.24 -
F-Secure 7.02.73807 2010.02.18.14 2010-02-18 10.02 -
Fortinet 11.511- 11.511 2010-02-18 0.29 -
GData 19.10575/19.763 20100218 2010-02-18 7.25 -
ViRobot 20100218 2010.02.18 2010-02-18 0.43 -
Ikarus T3.1.01.80 2010.02.18.75227 2010-02-18 4.62 -
JiangMin 13.0.900 2010.02.08 2010-02-08 9.15 -
Kaspersky 5.5.10 2010.02.18 2010-02-18 0.12 -
KingSoft 2009.2.5.15 2010.2.18.7 2010-02-18 0.71 -
McAfee 5.3.00 5896 2010-02-18 3.71 -
Microsoft 1.5406 2010.02.18 2010-02-18 8.05 -
Norman 6.01.09 6.01.00 2010-02-10 4.40 -
Panda 9.05.01 2010.02.18 2010-02-18 1.71 -
Trend Micro 9.120-1004 6.856.07 2010-02-18 0.03 -
Quick Heal 10.00 2010.02.18 2010-02-18 1.40 -
Rising 20.0 22.34.01.03 2010-02-09 0.96 -
Sophos 3.04.1 4.50 2010-02-19 3.35 -
Sunbelt 3.9.2405.2 5684 2010-02-17 3.54 -
Symantec 1.3.0.24 20100218.016 2010-02-18 0.06 -
nProtect 20100218.01 7275921 2010-02-18 4.95 -
The Hacker 6.5.1.4 v00199 2010-02-18 0.38 -
VBA32 3.12.12.2 20100216.0919 2010-02-16 2.69 -
VirusBuster 4.5.11.10 10.119.63/2030955 2010-02-18 2.35 -


----------



## human_error (Feb 5, 2010)

ah hah, found it

VirSCAN.org Scanned Report :
Scanned time : 2010/02/18 16:52:18 (EST)
Scanner results: Scanners did not find malware!
File Name : DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
File Size : 6144 byte
File Type : Microsoft Office Document
MD5 : de7af2825136c4cc1d9c2dd481f6fdf0
SHA1 : 8569f7b2cd2a0d31e20d2325d8ce2f6e15b106a2
Online report : http://virscan.org/report/b7b2aa62da26689fc9a901e734ba25dc.html
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100219053126 2010-02-19 4.24 -
AhnLab V3 2010.02.19.00 2010.02.19 2010-02-19 1.02 -
AntiVir 8.2.1.170 7.10.4.98 2010-02-18 0.41 -
Antiy 2.0.18 20100218.3856333 2010-02-18 0.12 -
Arcavir 2009 201002181830 2010-02-18 0.01 -
Authentium 5.1.1 201002181956 2010-02-18 1.26 -
AVAST! 4.7.4 100218-1 2010-02-18 0.00 -
AVG 8.5.720 271.1.1/2696 2010-02-19 0.22 -
BitDefender 7.81008.5162331 7.30444 2010-02-19 5.17 -
ClamAV 0.95.3 10407 2010-02-18 0.01 -
Comodo 3.13.579 3409 2010-02-18 0.93 -
CP Secure 1.3.0.5 2010.02.19 2010-02-19 0.01 -
Dr.Web 5.0.1.12222 2010.02.19 2010-02-19 5.39 -
F-Prot 4.4.4.56 20100218 2010-02-18 1.24 -
F-Secure 7.02.73807 2010.02.18.14 2010-02-18 9.76 -
Fortinet 11.511- 11.511 2010-02-18 0.21 -
GData 19.10576/19.763 20100218 2010-02-18 5.97 -
ViRobot 20100218 2010.02.18 2010-02-18 0.41 -
Ikarus T3.1.01.80 2010.02.18.75227 2010-02-18 4.59 -
JiangMin 13.0.900 2010.02.08 2010-02-08 4.63 -
Kaspersky 5.5.10 2010.02.18 2010-02-18 0.03 -
KingSoft 2009.2.5.15 2010.2.18.7 2010-02-18 0.54 -
McAfee 5.3.00 5896 2010-02-18 3.54 -
Microsoft 1.5406 2010.02.18 2010-02-18 6.84 -
Norman 6.01.09 6.01.00 2010-02-10 4.01 -
Panda 9.05.01 2010.02.18 2010-02-18 1.76 -
Trend Micro 9.120-1004 6.856.07 2010-02-18 0.02 -
Quick Heal 10.00 2010.02.18 2010-02-18 1.32 -
Rising 20.0 22.34.01.03 2010-02-09 0.28 -
Sophos 3.04.1 4.50 2010-02-19 3.33 -
Sunbelt 3.9.2405.2 5684 2010-02-17 2.68 -
Symantec 1.3.0.24 20100218.016 2010-02-18 0.17 -
nProtect 20100218.01 7275921 2010-02-18 4.36 -
The Hacker 6.5.1.4 v00199 2010-02-18 0.36 -
VBA32 3.12.12.2 20100216.0919 2010-02-16 3.15 -
VirusBuster 4.5.11.10 10.119.63/2030955 2010-02-18 2.35 -


----------



## eddie5659 (Mar 19, 2001)

That looks good to me 

Do you know what this folder is:

*C:\Documents and Settings\The Cook's\Application Data\C.wcm*

If not, can you do this for me:

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:dir
C:\Documents and Settings\The Cook's\Application Data\C.wcm
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

eddie


----------



## human_error (Feb 5, 2010)

I believe it is a wordperfect macro that probably got stored in the wrong directory. In case I'm wrong though, I'm going to follow your other instructions just to be sure. I'll post those results directly.


----------



## human_error (Feb 5, 2010)

here are the results:

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 13:21 on 19/02/2010 by The Cook's (Administrator - Elevation successful)
========== dir ==========
C:\Documents and Settings\The Cook's\Application Data\C.wcm - Unable to find folder.
-=End Of File=-


----------



## eddie5659 (Mar 19, 2001)

That's fine, it was just as it had a strange folder name, just wanted to be safe 

Please download *Runscanner* to your desktop and run it.

When the first page comes up select *Beginner Mode*
On the next page select *Save a binary .Run file (Recommended)* then click *Start full scan* at the top.
At this time Runscanner.exe may request *access to the Internet* through your firewall please allow it to do so, it will then run for two or three minutes.
On completion it will ask for a location to save the file and a name. It will do this for both the *.run file* and the *log file*
Call the .run file *"RSReport"* and save it to your desktop. You will see the *RSReport.run* file on your desktop. Rightclick on it and select *Send To* then select *Compressed (zipped) Folder * and upload that zip here. Click on the *Go Advanced* button for the uploading options at the bottom of this page (in the picture below  )











In there, at the bottom, click on the button *Manage Attachments* (in the picture below  .
A window will appear, and then Browse to *RSReport.zip* on your Desktop.
Click Upload, and when uploaded click *Close this Window*
Then, in the previous window, click on *Add Reply*










eddie


----------



## human_error (Feb 5, 2010)

here is the file


----------



## eddie5659 (Mar 19, 2001)

Download the attachment at the end of this post. This will be your *RSReport* file, with the fixes I need you to do.


Save it to your desktop, then extract the *RSReport.run* file to your Desktop, overwriting the existing one.
Open the runscanner folder and double click on the *runscanner.exe* file.
This time select the *Expert Mode*
click the *Item Fixer* tab
Click the button at the top called *Fix selected items*
Accept the warning(s) and repeat until they are all gone.
Reboot your PC
Post a fresh HijackThis log

eddie


----------



## human_error (Feb 5, 2010)

I must be doing something wrong. I extracted the RSReport.run file, opened the runscanner folder and double clicked on the runscanner.exe file, selected export mode, clicked the item fixer tab. At that point, the window says <no data to display> and the fix selected items tab is greyed out. Not sure what to do at this point.


----------



## human_error (Feb 5, 2010)

Wait, tried it again, now it seems to have worked (fingers crossed). I'm rebooting now and will post the hjt log shortly.


----------



## human_error (Feb 5, 2010)

here is the latest HJT file:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 2:14:30 PM, on 2/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.usahc.com
O15 - Trusted Zone: http://www.usateamcorp.com
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224829979531
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://www.gamehouse.com/games/gamehouse/ghplayer.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://www.gamehouse.com/games/DreamChronicles.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.gamehouse.com/games/mjolauncher.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.gamehouse.com/games/zylom/zylomplayer.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://frontier.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://kodak.webex.com/client/T26L10NSP49EP10/support/ieatgpc.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://www.gamehouse.com/games/mjescape/PTLauncher.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Windows CardSpace (idsvc) - Macrovision Corporation - (no file)
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
--
End of file - 8520 bytes


----------



## eddie5659 (Mar 19, 2001)

Yep, I see now that it doesn't work that way, but opening the run file in RunScanner does, so I'll amend my speech now 

btw, is that the way you did it? Open RunScanner in Advanced, click to open a Run file, and open it, then Fixed the entries?


----------



## eddie5659 (Mar 19, 2001)

That's looking a lot better, how's the computer running now?

If its okay, we have a few things to do, like sort the Java out, then we'll remove the programs we've used 

Also, if you can let me know about the RunScanner, that would be great 

eddie


----------



## human_error (Feb 5, 2010)

Had to go back and recreate what I did...lol...alzheimer's is rearing its ugly head...

Saved the new RSReport RUN file to my desktop
Opened Runscanner
Clicked expert mode
Double clicked on the new RSReport RUN file you created
Clicked item fixer
Cliked Fis Selected Items

Computer is quiet as a mouse! I barely hear it running at all. And best of all, it is much, much faster than it has been in a very long time. Still a few glitches now and then such as being unable to install/run Microsoft Silverlight to watch Olympic videos but that's such a small problem, it's not even worth mentioning.

All and all, you've done an INCREDIBLE job of helping me, including staying patient while I fumble along.


----------



## eddie5659 (Mar 19, 2001)

Not worked for me, had to go via the Open Run File.

No worries, I'll amend that this evening 

Great to hear about the computer. I have the patience of a saint, but believe me, when you hear me gaming online, I can be a bit vocal, if you catch my drift 

Getting shot from nowhere drives me mad..............until I find him, of course, then its payback 

What we'll do now is sort out the Java:








Your *Java* is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of *Java* components and upgrade the application. *NOT supported for use in 9x or ME*

*Upgrading Java*:

Download the latest version of *Java SE Runtime Environment (JRE)JRE 6 Update 18*.
Click the "*Download*" button to the right.
Select your Platform and check the box that says: "*I agree to the Java SE Runtime Environment 6 License Agreement.*".
Click on *Continue*.
Click on the link to download Windows Offline Installation (jre-6u18-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to *Start* > *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.
Check any item with Java Runtime Environment *(JRE or J2SE)* in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the *jre-6u18-windows-i586.exe* and select "Run as an Administrator.")

The one you should have listed are:

*J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 2*

----------

Then, we'll remove the programs afterwards, so let me know when that's done 

Oh, and just in case anyone was curious, this file:

%windir%\system32\conime.exe

Is legit. As its running from the system32 folder, this is the normal Windows one.

If it was from the Temp folder, then its the baddie 

Scanned it anyway, just to be sure, and its fine.

eddie


----------



## human_error (Feb 5, 2010)

I might have gotten too vigorous with my remove programs -- I also deleted a program called Java 2 Runtime Environment Standard Edition v1.3.1_02 and Java (TM) 6 Update 18. Now when I double click on the update file I saved on the desktop, I get a windows file association error.


----------



## human_error (Feb 5, 2010)

I went back and redownloaded the java update and it installed fine this time.

Just one question now, when I boot up, Windows XP behaves a little differently than before. Prior to the changes I've made, the first screen that appeared on boot up was the black Windows XP screen with the status crawler. Then the desktop opened and the task bar became populated.

Now on boot up, I first see a black DOS-type screen that gives me an option to run recovery. Almost immediately the black Windows XP screen with crawler pops up. Next a blue screen with Windows XP in the top right-hand corner pops up with the words "A program not found. Autoskip" in white. Then it goes to the desktop as in the past.

Is this program not found anything to be worried about?


----------



## eddie5659 (Mar 19, 2001)

Okay, the option to run the recovery is normal. That was installed when you ran ComboFix.

This is an essential thing to have installed, as this is the recovery console. This is all about it:

http://support.microsoft.com/kb/307654

Ah, wiki has it, if you want to have a look:

http://en.wikipedia.org/wiki/Recovery_Console

Now, the other thing you're seeing.



> Next a blue screen with Windows XP in the top right-hand corner pops up with the words "A program not found. Autoskip" in white.


I have to go out in a few mins, but I'll have a good look at this as soon as I can.


----------



## TheOutcaste (Aug 8, 2007)

human_error said:


> Next a blue screen with Windows XP in the top right-hand corner pops up with the words "A program not found. Autoskip" in white.


Are you sure that doesn't say:
*autochk program not found. skipping AUTOCHECK*

The first word may be different, or missing.
You should be able to press the *Pause/Break* key (above the Numeric Keypad) to freeze the screen at that point to make it easier to read. Press the spacebar to continue.


----------



## human_error (Feb 5, 2010)

I couldn't get the screen to freeze but rebooted several times. The exact wording is shown below:

"a program not found -- skipping AUTOCHECK" -- not sure if the 'a' at the beginning might stand for autochk -- it's a phrase I've never seen before. The computer is acting normal, seemingly no problems at all at boot up.


----------



## eddie5659 (Mar 19, 2001)

I'll let TheOutcaste work on this one with you, and when I get home tomorrow night, we'll remove the tools we've used for the malware stuff


----------



## TheOutcaste (Aug 8, 2007)

Should be an easy fix, usually just some text in one key that didn't get removed.

Open a Command Prompt:

Click *Start | Run* (or press *WinKey+R* to open the Run box)
type *cmd*, press *Enter* 
Copy the line of text from the following code box:

```
reg query "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager" /V BootExecute >"%Userprofile%\Desktop\RegQuery.txt"
```
Right click on the Title bar of the Command Prompt window
Point to *Edit*, then click *Paste* to paste the line into the Command Prompt
Press *Enter*.
This will create a text file on your desktop named *RegQuery.txt*
Double click that file to open it, and copy and paste the contents in your next reply.


----------



## human_error (Feb 5, 2010)

! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute REG_MULTI_SZ autocheck a


----------



## TheOutcaste (Aug 8, 2007)

That last part should be *autocheck autochk *\0\0*
The part in Red is missing, and that's the culprit.

Open the Command Prompt again, then copy and paste this line into the *command prompt* and press *Enter*.


```
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager" /V BootExecute /T REG_MULTI_SZ /D "autocheck autochk *" /F
```
If you want you can run the previous command again to check the entry, or just reboot. The "a program not found -- skipping AUTOCHECK" message should not appear.

You can then delete the *RegQuery.txt* file from your desktop.


----------



## human_error (Feb 5, 2010)

That worked PERFECTLY--those words no longer appear on boot up.

Now that so much has been fixed with the computer and the hard drive is no longer running constantly, I now notice that the only time the hard drive seems to chug is when I'm using IE. I used to run Firefox but found that I had a lot of freezes. I deleted that and went back and installed IE8 and began using that exclusively. Now it seems like whenever I have more than one window open, IE stops responding and the task has to be ended via task manager. I notice that there are a significant number of times that svchost.exe is listed as a process in task manager when this problem occurs. Not sure if there is any correlation but I'm wondering if there is a way to stop the IE hangups once and for all.

Thanks so VERY much. I don't have the words to adequately thank everyone at techguy.com for all the help you've already given me.


----------



## eddie5659 (Mar 19, 2001)

Sorry for the lateness, its very busy at home for the past few days.

Okay, lets remove the programs we've used 

Please run OTL. 

Click *Clean Up* button. 
Accept any prompts. 
This will remove any tools we used, including OTL, and will require a reboot.

If after rebooting, any of the following are still installed, do the following:

---------

*Follow these steps to uninstall Combofix and tools used in the removal of malware*


Click *START* then *RUN*
Now type *Combofix /u* in the runbox and click *OK*. Note the *space* between the *X* and the *U*, it needs to be there










---------

Also, you may see the *Runscanner* program on your Desktop. This, along with the *RSReport* file can be deleted.

-----------

You can delete the *RootRepeal* program off your Desktop.

-------

You can delete the *SystemLook* program off your Desktop.

---------

*GMER*


*Copy the entire contents of the Quote Box * below to *Notepad*. 
Name the file as *gmer_uninstall.bat * 
Change the *Save as Type* to *All Files * 
and *Save* it in the folder*GMER* was saved 
 Once saved, double click on the *gmer_uninstall.bat* file. the MSDOS window will be displayed. That is normal.



> @echo off
> sc stop gmer
> sc delete gmer
> if exist %SystemRoot%\System32\drivers\gmer.sys del /f /q %SystemRoot%\System32\drivers\gmer.sys
> ...


-------


----------



## eddie5659 (Mar 19, 2001)

Go to Control Panel and open the *Internet Options*. Click on the *Advanced tab* and do the follwing:

 Tick Empty Temporary Internet Files When Browser is Closed under Security. Apply
Then, click on the *Security tab* and do the following:

 Make sure the Internet icon is selected.
 Select *Custom Settings*.
 From the drop down menu, select *Medium*, and press *Reset* and select Yes. If its already on *Medium*, still click on the Reset button.
 Apply and OK.

Secondly, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.
* Click *Start*.
* Open *My Computer*.
* Select the *Tools menu* and click *Folder Options*.
* Select the *View* tab.
* Under the *Hidden files and folders* heading *UNSELECT Show hidden files and folders*.
* *CHECK* the *Hide protected operating system files (recommended)* option.
* Click *Yes* to confirm.
* Click *OK*.
Next, let's clean your restore points and set a new one:

*Reset and Re-enable your System Restore* to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
*1. Turn off System Restore.*
On the Desktop, right-click *My Computer*.
Click *Properties*.
Click the *System Restore* tab.
Check *Turn off System Restore*.
Click *Apply*, and then click *OK*.
*2. Restart your computer.*

*3. Turn ON System Restore.*
On the Desktop, right-click *My Computer*.
Click *Properties*.
Click the *System Restore* tab.
UN-Check *Turn off System Restore*.
Click *Apply*, and then click *OK*.

*System Restore will now be active again.*

Now that you are clean, to help protect your computer in the future I recommend that you get the following free program: 
*SpywareBlaster* to help prevent spyware from installing in the first place.
You should also have a good firewall. Here are 2 free ones available for personal use:
*Sunbelt Personal Firewall*
*ZoneAlarm*
and a good antivirus (these are also free for personal use):
*AVG Anti-Virus*
*Avast Home Edition*
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit 
*Microsoft Windows Update*
monthly. And to keep your system clean run this free malware scanner

*Malwarebytes' Anti-Malware*

weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this about Security online: *General Security Information, How to tighten Security Settings and Warnings *

Have a safe and happy computing day!


----------



## eddie5659 (Mar 19, 2001)

As for the web slowness, normally I would try and work on them in here, but there is one big problem with that:

If anyone has any ideas, they can't post. Only Moderators, Gold Shield's (trained to remove malware) and Trusted, like TheOutcaste and flavallee, who you met here, can reply.

As the malware is now gone, can you post a new thread in the Web and Email forum? Also, I can take a look at it for you, if you want to send me the link 

Its just that others may have ideas that normally don't look in this forum 

I'll mark this one as Solved for you

eddie


----------



## eddie5659 (Mar 19, 2001)

Normally, I don't have SuperAntispyware running at startup, so lets see if that is causing the problems.

Go to Start | Run and type MSCONFIG, and press OK.

Untick the box that says *SUPERAntiSpyware*, apply and restart.

See if that helps.

Nuts, there I go again, working on the thread again. I can never stop doing it, so we can try in here for now, but if it gets to the point where I'm not sure, or the other 2 don't know, post in Web and email 

I've left it Unsolved for now, want the web sorted 

eddie


----------



## TheOutcaste (Aug 8, 2007)

If the above steps don't improve things, only thing that comes to mind for me is if you installed IE before you were infected, you may want to uninstall it, see if the previous version (IE6 or IE7) has the same issue. If not, re-install IE8 and see if it re-appears.


----------



## eddie5659 (Mar 19, 2001)

I'm going to mark this one Solved, as the actual malware has gone and a new thread is over here:

http://forums.techguy.org/web-email/909456-need-ie8-help-constantly-hangs.html

eddie


----------

