View Full Version : quite a few problems
zuxtobeme
2009-03-02, 20:17
sister used my laptop and now its all screwed up. has tons of malware etc.
here is a HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:27 AM, on 3/2/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Windows\System32\ico.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?
tb_id=60314
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
http://dnl.crawler.com/support/sa_customize.aspx?TbId=60314
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?
tb_id=60314
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://dnl.crawler.com/support/sa_customize.aspx?TbId=60314
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!
\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: NetAssistantBHO Class - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\My.Freeze.com
Toolbar\NetAssistant.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!
\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0
\ActiveX\AcroIEHelper.dll
O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC
Confidential\PCCBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: NetAssistantBHO - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\My.Freeze.com
Toolbar\NetAssistant.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\My.Freeze.com Toolbar\freeze_us.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!
\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!
\Companion\Installs\cpn\yt.dll
O3 - Toolbar: My.Freeze.com Toolbar - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - C:\Program Files\My.Freeze.com
Toolbar\freeze_us.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -
Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL
SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: iWin Desktop Alerts.lnk = C:\ProgramData\iWin Games\DesktopAlerts\DesktopAlerts.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma
Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC
Confidential\PCConfidential.exe
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program
Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC
Confidential\PCConfidential.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot -
Search & Destroy\SDWinSec.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power
Saver\TosCoSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common
Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Wyyo Service - Unknown owner - C:\ProgramData\Wyyo\wyyo123.exe
--
End of file - 9716 bytes
help please
Hi
Make sure Notepad's word wrap is disabled before doing following:
Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
zuxtobeme
2009-03-04, 00:53
DDS (Ver_09-02-01.01) - NTFSx86
Run by Mike at 15:47:44.68 on Tue 03/03/2009
Internet Explorer: 7.0.6000.16809
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1406.788 [GMT -8:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\System32\ico.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\iWin Games\iWinGamesInstaller.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\ProgramData\Wyyo\wyyo123.exe
C:\Program Files\Wyyo\wyyo.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mike\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uStart Page = hxxp://www.yahoo.com/
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60314
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60314
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\my.freeze.com toolbar\NetAssistant.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: PCCBHO.CPCCBHO: {22fc6ce8-7d47-479f-b74a-bfbb04adb9af} - c:\program files\winferno\pc confidential\PCCBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\my.freeze.com toolbar\NetAssistant.dll
BHO: XBTBPos00 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\my.freeze.com toolbar\freeze_us.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: My.Freeze.com Toolbar: {d0523bb4-21e7-11dd-9ab7-415b56d89593} - c:\program files\my.freeze.com toolbar\freeze_us.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
StartupFolder: c:\users\mike\appdata\roaming\micros~1\windows\startm~1\programs\startup\iwinde~1.lnk - c:\programdata\iwin games\desktopalerts\DesktopAlerts.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - c:\program files\winferno\pc confidential\PCConfidential.exe
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA} - c:\program files\winferno\pc confidential\PCConfidential.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
================= FIREFOX ===================
FF - ProfilePath - c:\users\mike\appdata\roaming\mozilla\firefox\profiles\h5jijifk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://my.freeze.com/?AcquisitionID=27d7ff22-f03a-430d-9578-017bf79ae384&s=&ipc=&vintage=20090209
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMyWebS.dll
FF - plugin: c:\users\mike\appdata\roaming\mozilla\firefox\profiles\h5jijifk.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
============= SERVICES / DRIVERS ===============
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2006-7-10 42392]
R2 iWinGamesInstaller;iWinGamesInstaller;c:\program files\iwin games\iWinGamesInstaller.exe [2008-7-28 78104]
R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2009-2-6 78104]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-3-2 1153368]
R2 Wyyo Service;Wyyo Service;c:\programdata\wyyo\wyyo123.exe [2009-2-28 54752]
S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2007-7-19 16384]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\PELUSBlf.SYS [2007-7-19 12288]
============== File Associations ===============
regfile=regedit.exe "%1" %*
scrfile="%1" %*
=============== Created Last 30 ================
2009-03-02 11:12 <DIR> --d----- c:\program files\Trend Micro
2009-03-02 10:49 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-03-02 10:49 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-02 10:49 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-02-28 20:31 <DIR> --d----- c:\programdata\Winferno
2009-02-28 15:35 <DIR> --d----- c:\program files\Freeze.com
2009-02-28 15:34 <DIR> --d----- c:\program files\Free Offers from Freeze.com
2009-02-28 15:34 <DIR> --d----- c:\users\mike\appdata\roaming\MailWasherPro
2009-02-28 15:34 <DIR> --d----- c:\program files\FireTrust
2009-02-28 15:33 <DIR> --d----- c:\program files\common files\Winferno
2009-02-28 15:33 212,240 a------- c:\windows\system32\Richtx32.ocx
2009-02-28 15:33 495,616 a------- c:\windows\system32\WINUTIL5.DLL
2009-02-28 15:33 393,216 a------- c:\windows\system32\WINLCTL5.DLL
2009-02-28 15:33 835,584 a------- c:\windows\system32\WINCTL4.OCX
2009-02-28 15:33 <DIR> --d----- c:\program files\Winferno
2009-02-28 15:32 <DIR> --d----- c:\programdata\Wyyo
2009-02-28 15:32 <DIR> --d----- c:\program files\Wyyo
2009-02-28 15:32 <DIR> --d----- c:\progra~2\Wyyo
2009-02-28 15:32 <DIR> --d----- c:\program files\My.Freeze.com Toolbar
2009-02-23 19:27 <DIR> --d----- c:\programdata\Yahoo! Companion
==================== Find3M ====================
2009-02-11 10:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 10:19 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-14 20:16 826,368 a------- c:\windows\system32\wininet.dll
2009-01-14 20:16 56,320 a------- c:\windows\system32\iesetup.dll
2009-01-14 20:16 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-01-14 20:15 26,624 a------- c:\windows\system32\ieUnatt.exe
2008-12-11 03:14 174 a--sh--- c:\program files\desktop.ini
2008-08-05 14:29 86,016 a------- c:\windows\inf\infstrng.dat
2008-08-05 14:29 51,200 a------- c:\windows\inf\infpub.dat
2008-08-05 14:29 86,016 a------- c:\windows\inf\infstor.dat
2008-06-11 02:09 665,600 a------- c:\windows\inf\drvindex.dat
2007-06-05 21:10 3,098,056 a------- c:\users\mike\LimeWireWin.exe
2006-11-30 20:45 262,144 a------- c:\progra~2\ntuser.dat
2006-11-02 04:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 04:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 04:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 04:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-08-31 14:24 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2007-08-31 14:24 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2007-08-31 14:24 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
============= FINISH: 15:48:43.92 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-02-01.01)
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 1/29/2007 3:28:36 PM
System Uptime: 3/3/2009 1:14:57 PM (2 hours ago)
Motherboard: TOSHIBA | | IAYAA
Processor: Genuine Intel(R) CPU T2060 @ 1.60GHz | U1 | 1600/mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 73 GiB total, 34.064 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP469: 2/15/2009 9:44:18 AM - Windows Update
RP470: 2/16/2009 10:17:47 AM - Windows Update
RP471: 2/19/2009 8:03:30 AM - Windows Update
RP472: 2/22/2009 2:53:33 PM - Scheduled Checkpoint
RP473: 2/23/2009 8:57:31 AM - Windows Update
RP474: 2/25/2009 1:23:19 PM - Scheduled Checkpoint
RP475: 2/26/2009 7:53:23 PM - Windows Update
RP476: 3/1/2009 10:20:15 PM - Scheduled Checkpoint
RP477: 3/2/2009 8:56:12 AM - Windows Update
==== Installed Programs ======================
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 7.0
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
ATI Catalyst Control Center Ex
ATI Catalyst Install Manager
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator EX 1.0
Canon MP520 series
Canon MP520 series User Registration
Canon My Printer
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities Solution Menu
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CD/DVD Drive Acoustic Silencer
DVD MovieFactory for TOSHIBA
FTDI USB Serial Converter Drivers
HijackThis 2.0.2
HP Wireless Rechargeable Optical Mouse
iTunes
iWin Games (remove only)
Java(TM) SE Runtime Environment 6
Mah Jong Quest III (remove only)
Mahjong Quest 2 (remove only)
MailWasher Pro
Malwarebytes' Anti-Malware
MegaTune MS1-Extra 029t
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
Mozilla Firefox (3.0.6)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML4 Parser
My.Freeze.com Toolbar
nav-u tool
PC Confidential 2008
PIXMA Extended Survey Program
PL-2303 USB-to-Serial
QuickTime
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
ScanSoft OmniPage SE 4
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Tight Backgrounds
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Hardware Setup
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Utility Common Driver
Windows Media Player Firefox Plugin
WinDVD for TOSHIBA
Winferno Registry Power Cleaner
World of Warcraft
Wyyo 1.0 build 123
Yahoo! Messenger
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
2/24/2009 7:22:47 PM, Error: Microsoft-Windows-WPD-MTPClassDriver [15300] - MTP WPD Driver has failed to start. Error 0x8007001f.
2/24/2009 8:34:11 PM, Error: PlugPlayManager [12] - The device 'Atheros AR5006EG Wireless Network Adapter' (PCI\VEN_168C&DEV_001C&SUBSYS_7106144F&REV_01\4&130e7ba2&0&0030) disappeared from the system without first being prepared for removal.
2/24/2009 8:38:45 PM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 6, function 0. Please contact your system vendor for technical assistance.
2/24/2009 8:39:06 PM, Error: R300 [43015] - I2c return failed
2/27/2009 9:00:58 PM, Error: Microsoft-Windows-WPD-MTPClassDriver [15300] - MTP WPD Driver has failed to start. Error 0x80070002.
2/28/2009 3:35:04 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Mike-PC\Mike SID (S-1-5-21-1771572009-2143249529-537786000-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
==== End Of File ===========================
Hi again,
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds.txt log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
zuxtobeme
2009-03-05, 00:25
ComboFix 09-03-03.01 - Mike 2009-03-04 15:04:59.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1406.837 [GMT -8:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_iWinGamesInstaller
((((((((((((((((((((((((( Files Created from 2009-02-04 to 2009-03-04 )))))))))))))))))))))))))))))))
.
2009-03-02 11:12 . 2009-03-02 11:12 <DIR> d-------- c:\program files\Trend Micro
2009-03-02 10:49 . 2009-03-02 11:11 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2009-03-02 10:49 . 2009-03-02 11:11 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2009-03-02 10:49 . 2009-03-02 10:49 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-02-28 20:31 . 2009-02-28 20:31 <DIR> d-------- c:\users\All Users\Winferno
2009-02-28 20:31 . 2009-02-28 20:31 <DIR> d-------- c:\programdata\Winferno
2009-02-28 15:35 . 2009-02-28 15:35 <DIR> d-------- c:\program files\Freeze.com
2009-02-28 15:34 . 2009-02-28 20:31 <DIR> d-------- c:\users\Mike\AppData\Roaming\MailWasherPro
2009-02-28 15:34 . 2009-02-28 15:34 <DIR> d-------- c:\program files\Free Offers from Freeze.com
2009-02-28 15:34 . 2009-02-28 15:34 <DIR> d-------- c:\program files\FireTrust
2009-02-28 15:33 . 2009-02-28 15:33 <DIR> d-------- c:\program files\Winferno
2009-02-28 15:33 . 2009-02-28 15:33 <DIR> d-------- c:\program files\Common Files\Winferno
2009-02-28 15:33 . 2006-10-09 12:28 835,584 --a------ c:\windows\System32\WINCTL4.OCX
2009-02-28 15:33 . 2006-10-09 13:06 495,616 --a------ c:\windows\System32\WINUTIL5.DLL
2009-02-28 15:33 . 2006-05-17 08:40 393,216 --a------ c:\windows\System32\WINLCTL5.DLL
2009-02-28 15:33 . 2006-07-24 08:56 212,240 --a------ c:\windows\System32\Richtx32.ocx
2009-02-28 15:32 . 2009-02-28 15:35 <DIR> d-------- c:\users\All Users\Wyyo
2009-02-28 15:32 . 2009-02-28 15:35 <DIR> d-------- c:\programdata\Wyyo
2009-02-28 15:32 . 2009-03-01 04:47 <DIR> d-------- c:\program files\Wyyo
2009-02-28 15:32 . 2009-02-28 15:33 <DIR> d-------- c:\program files\My.Freeze.com Toolbar
2009-02-23 19:27 . 2009-02-23 19:27 <DIR> d-------- c:\users\All Users\Yahoo! Companion
2009-02-23 19:27 . 2009-02-23 19:27 <DIR> d-------- c:\programdata\Yahoo! Companion
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-01 04:42 --------- d---a-w c:\programdata\TEMP
2009-02-28 03:34 --------- d-----w c:\users\Mike\AppData\Roaming\ZoomBrowser EX
2009-02-28 02:30 --------- d-----w c:\users\Mike\AppData\Roaming\CameraWindowDC
2009-02-24 03:27 --------- d-----w c:\program files\Yahoo!
2009-02-24 03:26 --------- d-----w c:\programdata\Yahoo!
2009-02-17 00:35 --------- d-----w c:\programdata\ZoomBrowser
2009-02-14 02:42 --------- d-----w c:\program files\iWin Games
2009-02-14 01:09 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-12 11:00 --------- d-----w c:\program files\Windows Mail
2009-02-11 18:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 18:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-07 00:27 --------- d-----w c:\users\Mike\AppData\Roaming\iWin
2009-02-07 00:26 --------- d-----w c:\program files\iWin.com
2009-01-27 08:02 --------- d-----w c:\users\Mike\AppData\Roaming\MySpace
2009-01-15 04:16 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-12-11 11:14 174 --sha-w c:\program files\desktop.ini
2007-06-06 05:10 3,098,056 ----a-w c:\users\Mike\LimeWireWin.exe
2006-12-01 04:45 262,144 ----a-w c:\programdata\ntuser.dat
2007-08-31 22:24 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-08-31 22:24 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-08-31 22:24 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}"= "c:\program files\My.Freeze.com Toolbar\NetAssistant.dll" [2008-11-26 253048]
[HKEY_CLASSES_ROOT\clsid\{e38fa08e-f56a-4169-abf5-5c71e3c153a1}]
[HKEY_CLASSES_ROOT\NetAssistant.NetAssistantBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{1E8FC16F-4C51-49C4-BC9B-4FC24BDDCEE7}]
[HKEY_CLASSES_ROOT\NetAssistant.NetAssistantBHO]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]
2008-11-26 19:40 253048 --a------ c:\program files\My.Freeze.com Toolbar\NetAssistant.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D0523BB4-21E7-11DD-9AB7-415B56D89593}"= "c:\program files\My.Freeze.com Toolbar\freeze_us.dll" [2008-11-26 1916024]
[HKEY_CLASSES_ROOT\clsid\{d0523bb4-21e7-11dd-9ab7-415b56d89593}]
[HKEY_CLASSES_ROOT\TBSB00001.TBSB00001.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB00001.TBSB00001]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D0523BB4-21E7-11DD-9AB7-415B56D89593}"= "c:\program files\My.Freeze.com Toolbar\freeze_us.dll" [2008-11-26 1916024]
[HKEY_CLASSES_ROOT\clsid\{d0523bb4-21e7-11dd-9ab7-415b56d89593}]
[HKEY_CLASSES_ROOT\TBSB00001.TBSB00001.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB00001.TBSB00001]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-10 417792]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-03 1045800]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-12-16 188416]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-01-18 421888]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-11-22 409264]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-11-28 52912]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2006-11-20 446128]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-11-14 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-11-15 267048]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 c:\windows\RtHDVCpl.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"Mouse Suite 98 Daemon"="ICO.EXE" [2003-11-20 c:\windows\System32\ico.exe]
c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
iWin Desktop Alerts.lnk - c:\programdata\iWin Games\DesktopAlerts\DesktopAlerts.exe [2008-07-28 108544]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-06-05 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
--a------ 2006-11-28 20:05 523952 c:\program files\TOSHIBA\FlashCards\TCrdMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PINGER]
--a------ 2006-07-20 12:45 151552 c:\toshiba\IVP\ISM\pinger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{176E3F5C-CB30-4D47-A698-BE4652CC8BEC}c:\\program files\\world of warcraft\\wow-2.0.3-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.0.3-enus-downloader.exe:Blizzard Downloader
"UDP Query User{450049DC-C501-4AAD-BBEF-91F7F582F95D}c:\\program files\\world of warcraft\\wow-2.0.3-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.0.3-enus-downloader.exe:Blizzard Downloader
"TCP Query User{1260064F-2BE0-40C5-98B2-923BA6B1DD68}c:\\program files\\world of warcraft\\wow-2.0.3.6299-to-2.0.10.6448-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.0.3.6299-to-2.0.10.6448-enus-downloader.exe:Blizzard Downloader
"UDP Query User{4B6AE1A8-46E5-47FC-B439-9389CEEB5A46}c:\\program files\\world of warcraft\\wow-2.0.3.6299-to-2.0.10.6448-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.0.3.6299-to-2.0.10.6448-enus-downloader.exe:Blizzard Downloader
"{D056CEA9-30DB-411D-9E36-E514128AA8D0}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{34EA8DAF-815B-4A26-ABDA-80466AC51CB0}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{CCAE605D-63C2-414F-88B1-CB7069227E0F}c:\\stubinstaller.exe"= UDP:C:\stubinstaller.exe:LimeWire swarmed installer
"UDP Query User{7F46B916-7C9A-43DD-99C8-AE27314A759C}c:\\stubinstaller.exe"= TCP:C:\stubinstaller.exe:LimeWire swarmed installer
"TCP Query User{2B5B019D-78CB-4DE5-93AD-4E12FF0141FE}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{E11BEF0A-F713-4AA2-8BC9-A0238754D9CD}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{4C0AF536-42F6-4E66-8A1C-CF4EC6F47E7F}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{24E550B1-8C11-4365-B9C0-76AED1378A82}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{C5CCF8C8-BEAE-477B-95F9-EB5BE686F4A8}c:\\program files\\world of warcraft\\wow-2.0.10.6448-to-2.0.12.6546-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.0.10.6448-to-2.0.12.6546-enus-downloader.exe:Blizzard Downloader
"UDP Query User{9E1AEFFF-4981-493B-B77A-2C0E23068539}c:\\program files\\world of warcraft\\wow-2.0.10.6448-to-2.0.12.6546-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.0.10.6448-to-2.0.12.6546-enus-downloader.exe:Blizzard Downloader
"TCP Query User{A666DEC4-401B-49F1-A7B3-EB7C0A3B0378}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{4769773A-52C8-4BF6-B47B-42D605694FE8}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{DEB15429-903C-49CD-B705-3C963B0AFF6A}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= UDP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{3A61EB2B-8416-4579-AFF4-91CB0FF34F96}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= TCP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"TCP Query User{963ECF4C-0BE9-4D2A-AA3E-63EDB7045B86}c:\\program files\\world of warcraft\\wow-2.0.12.6546-to-2.1.0.6692-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.0.12.6546-to-2.1.0.6692-enus-downloader.exe:Blizzard Downloader
"UDP Query User{E7FBF28F-11D2-447A-AE53-CCE1D5D83187}c:\\program files\\world of warcraft\\wow-2.0.12.6546-to-2.1.0.6692-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.0.12.6546-to-2.1.0.6692-enus-downloader.exe:Blizzard Downloader
"{EFD8271A-AE69-4472-8E56-9F2078CF48FA}"= UDP:3724:Blizzard Downloader
"{3567B354-552B-4E2E-96F3-CA8A9EC20342}"= UDP:6112:Blizzard Downloader
"{365B6557-7394-4A6F-A592-4C6E3382B394}"= UDP:6881:Blizzard Downloader
"{D8801E4E-DA33-460D-B6FF-B49ADE1E7438}"= UDP:6882:Blizzard Downloader
"{21C1D7EA-ABC5-478C-A98B-C3ED84DC0D7A}"= UDP:6883:Blizzard Downloader
"{FCB617D5-110A-4960-AF76-505238F17CBF}"= UDP:6884:Blizzard Downloader
"{79A1B4FD-BD78-4E04-8359-D7BFC8577BC7}"= UDP:6885:Blizzard Downloader
"{7C17D73A-B8EE-4EB9-864C-6616131CA4BE}"= UDP:6886:Blizzard Downloader
"{C6BF5745-1DC2-4597-B7B7-A6A2C276406F}"= UDP:6887:Blizzard Downloader
"{0F9D28BF-CBF5-4A6F-9D29-86AF3BECBECB}"= UDP:6888:Blizzard Downloader
"{3DF7F278-3539-4792-BC92-733C3264BD42}"= UDP:6889:Blizzard Downloader
"{CAA20BA1-422C-49B2-8D2A-6C149C378E01}"= UDP:6890:Blizzard Downloader
"{12DACEAA-7E97-4B5B-8288-54CCD1C9BFE5}"= UDP:6891:Blizzard Downloader
"{DE74D82B-DDC4-4D2B-BCA2-8EDF7945EEB7}"= UDP:6892:Blizzard Downloader
"{E62F4DE1-BD5C-4CC1-B6BA-66006A0F41BF}"= UDP:6999:Blizzard Downloader
"{ECBB268B-DCA7-4972-BC3C-322C175BE352}"= UDP:6895:Blizzard Downloader
"{0761D84B-E4D0-47AA-BCFD-24148F0F6EC9}"= UDP:6900:Blizzard Downloader
"{EE81EF61-5195-4085-B0CC-E07049116313}"= UDP:6911:Blizzard Downloader
"{39B2E588-F996-437E-B52E-5D839C778C32}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{7C549BB5-B381-4E6D-99A6-70AB7530D976}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{1E0F8F6B-901D-48BA-B6AF-E973878B8BB1}c:\\program files\\turbine\\asheron's call - throne of destiny\\aclauncher.exe"= UDP:c:\program files\turbine\asheron's call - throne of destiny\aclauncher.exe:AC Launcher
"UDP Query User{F0465242-3019-4D08-B03E-F060D9D80DB3}c:\\program files\\turbine\\asheron's call - throne of destiny\\aclauncher.exe"= TCP:c:\program files\turbine\asheron's call - throne of destiny\aclauncher.exe:AC Launcher
"TCP Query User{9830F0B9-2BA2-4390-A7F6-3692242D0179}c:\\program files\\turbine\\asheron's call - throne of destiny\\acclient.exe"= UDP:c:\program files\turbine\asheron's call - throne of destiny\acclient.exe:acclient
"UDP Query User{05C538AD-8558-46F0-8739-C40117D5AC52}c:\\program files\\turbine\\asheron's call - throne of destiny\\acclient.exe"= TCP:c:\program files\turbine\asheron's call - throne of destiny\acclient.exe:acclient
"TCP Query User{35768FD3-CEF5-44AA-BEEF-DC7A264F5F38}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{1F6CC45D-26D9-485C-9F52-1FF568584B3B}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{6A4918ED-3B08-49A4-A820-C98B297972BB}c:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= UDP:c:\program files\ea games\battlefield vietnam\bfvietnam.exe:bfvietnam
"UDP Query User{A1C43DC4-4A69-4A1C-BA97-EFDA90F62703}c:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= TCP:c:\program files\ea games\battlefield vietnam\bfvietnam.exe:bfvietnam
"{2186CEC6-67AF-4996-81D6-BBEB08EDE0CC}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{362033F6-664A-4C8E-B57B-29D151C0674D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{B63151AA-36CF-4BE0-B9C0-8F3E1369C525}c:\\program files\\turbine\\asheron's call - throne of destiny\\aclauncher.exe"= UDP:c:\program files\turbine\asheron's call - throne of destiny\aclauncher.exe:AC Launcher
"UDP Query User{51141AD7-8126-4E9A-A1F0-ED1EADC71511}c:\\program files\\turbine\\asheron's call - throne of destiny\\aclauncher.exe"= TCP:c:\program files\turbine\asheron's call - throne of destiny\aclauncher.exe:AC Launcher
"TCP Query User{EF706AF2-B85E-455D-A35E-DC394BB14EAB}c:\\program files\\turbine\\asheron's call - throne of destiny\\acclient.exe"= UDP:c:\program files\turbine\asheron's call - throne of destiny\acclient.exe:acclient
"UDP Query User{53F0AC8D-385F-4B9B-91EB-C74C2D510049}c:\\program files\\turbine\\asheron's call - throne of destiny\\acclient.exe"= TCP:c:\program files\turbine\asheron's call - throne of destiny\acclient.exe:acclient
"TCP Query User{DD2D44E1-2D63-4C50-B923-17703FE86DC6}c:\\program files\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader
"UDP Query User{864245DE-2046-4FAF-BF77-9EB164EDA8DF}c:\\program files\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader
"TCP Query User{8D66B119-89C1-4E9E-961C-2024961AD054}c:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= UDP:c:\program files\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader
"UDP Query User{FBEEF2F0-CE4F-4D00-A40D-426044A40AD2}c:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= TCP:c:\program files\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader
"{5133EC71-6F2D-4E43-8B6D-70F251B2685C}"= UDP:c:\program files\World of Warcraft\WoW-2.3.0-enUS-downloader.exe:Blizzard Downloader
"{D1432487-78A6-4597-81C0-0F3C0B570BC6}"= TCP:c:\program files\World of Warcraft\WoW-2.3.0-enUS-downloader.exe:Blizzard Downloader
"{65D6F6B1-B5B5-49CA-A2B1-6266B2961CF0}"= UDP:3724:Blizzard Downloader: 3724
"{C6A81E91-151A-4376-A7A9-20AC8DF6398C}"= UDP:c:\program files\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{FF6C66F1-27D0-4D0D-A808-9BC0EAA91527}"= TCP:c:\program files\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{157B213E-2860-4C27-BDC3-91FBA6B9E7EB}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{A41C74E1-495C-43D0-96BF-1C140B1AB55B}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{4C80533F-04EC-45EF-8602-6450BB32DBF9}c:\\program files\\mozilla firefox\\firefox.exe"= Disabled:UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{B11AB2D7-3C66-4A85-ADBE-F5ADFF5C0853}c:\\program files\\mozilla firefox\\firefox.exe"= Disabled:TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{B5C904C4-3635-4BB0-80E7-031862D4202B}"= UDP:c:\program files\iWin Games\iWinGames.exe:iWin Games application.
"{69257608-C4E2-40DC-905D-4A0B00343CA8}"= TCP:c:\program files\iWin Games\iWinGames.exe:iWin Games application.
"{9771530A-DD03-43FC-AD7E-E32BC6DB1816}"= UDP:c:\program files\iWin Games\WebUpdater.exe:iWin Games updater.
"{AC159DA5-34EF-43F9-A924-E60574ADE417}"= TCP:c:\program files\iWin Games\WebUpdater.exe:iWin Games updater.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= c:\toshiba\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\toshiba\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\System32\drivers\sfsync03.sys [2006-07-10 42392]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [2009-02-06 78104]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-03-02 1153368]
R2 Wyyo Service;Wyyo Service;c:\programdata\Wyyo\wyyo123.exe [2009-02-28 54752]
S3 pelmouse;Mouse Suite Driver;c:\windows\System32\drivers\PELMOUSE.SYS [2007-07-19 16384]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\System32\drivers\PELUSBlf.SYS [2007-07-19 12288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
2009-03-04 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe [2008-04-01 14:10]
2009-03-04 c:\windows\Tasks\RegPowerClean.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2008-10-28 14:48]
2009-03-04 c:\windows\Tasks\RPCReminder.job
- c:\program files\Winferno\RegistryPowerCleaner\RPCReminder.exe [2008-10-28 14:34]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-55469787567017349186809156455368 - c:\program files\Antivirus 2009\av2009.exe
MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
MSConfigStartUp-ieupdate - c:\windows\system32\ieupdates.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\h5jijifk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://my.freeze.com/?AcquisitionID=27d7ff22-f03a-430d-9578-017bf79ae384&s=&ipc=&vintage=20090209
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\h5jijifk.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-04 15:11:25
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(2720)
c:\program files\Wyyo\wyyo.dll
c:\program files\Common Files\Winferno\wse2007.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Canon\IJPLM\ijplmsvc.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\windows\System32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Wyyo\wyyo.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
.
**************************************************************************
.
Completion time: 2009-03-04 15:17:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-04 23:17:03
Pre-Run: 36,412,223,488 bytes free
Post-Run: 37,369,380,864 bytes free
289 --- E O F --- 2009-03-02 16:56:52
DDS (Ver_09-02-01.01) - NTFSx86
Run by Mike at 15:20:37.19 on Wed 03/04/2009
Internet Explorer: 7.0.6000.16809
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1406.706 [GMT -8:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\ProgramData\Wyyo\wyyo123.exe
C:\Program Files\Wyyo\wyyo.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\System32\ico.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\ProgramData\iWin Games\DesktopAlerts\DesktopAlerts.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mike\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\my.freeze.com toolbar\NetAssistant.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: PCCBHO.CPCCBHO: {22fc6ce8-7d47-479f-b74a-bfbb04adb9af} - c:\program files\winferno\pc confidential\PCCBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\my.freeze.com toolbar\NetAssistant.dll
BHO: XBTBPos00 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\my.freeze.com toolbar\freeze_us.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: My.Freeze.com Toolbar: {d0523bb4-21e7-11dd-9ab7-415b56d89593} - c:\program files\my.freeze.com toolbar\freeze_us.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
StartupFolder: c:\users\mike\appdata\roaming\micros~1\windows\startm~1\programs\startup\iwinde~1.lnk - c:\programdata\iwin games\desktopalerts\DesktopAlerts.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - c:\program files\winferno\pc confidential\PCConfidential.exe
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA} - c:\program files\winferno\pc confidential\PCConfidential.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
================= FIREFOX ===================
FF - ProfilePath - c:\users\mike\appdata\roaming\mozilla\firefox\profiles\h5jijifk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://my.freeze.com/?AcquisitionID=27d7ff22-f03a-430d-9578-017bf79ae384&s=&ipc=&vintage=20090209
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMyWebS.dll
FF - plugin: c:\users\mike\appdata\roaming\mozilla\firefox\profiles\h5jijifk.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
============= SERVICES / DRIVERS ===============
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2006-7-10 42392]
R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2009-2-6 78104]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-3-2 1153368]
R2 Wyyo Service;Wyyo Service;c:\programdata\wyyo\wyyo123.exe [2009-2-28 54752]
S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2007-7-19 16384]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\PELUSBlf.SYS [2007-7-19 12288]
=============== Created Last 30 ================
2009-03-04 15:03 161,792 a------- c:\windows\SWREG.exe
2009-03-04 15:03 98,816 a------- c:\windows\sed.exe
2009-03-02 11:12 <DIR> --d----- c:\program files\Trend Micro
2009-03-02 10:49 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-03-02 10:49 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-02 10:49 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-02-28 20:31 <DIR> --d----- c:\programdata\Winferno
2009-02-28 15:35 <DIR> --d----- c:\program files\Freeze.com
2009-02-28 15:34 <DIR> --d----- c:\program files\Free Offers from Freeze.com
2009-02-28 15:34 <DIR> --d----- c:\users\mike\appdata\roaming\MailWasherPro
2009-02-28 15:34 <DIR> --d----- c:\program files\FireTrust
2009-02-28 15:33 <DIR> --d----- c:\program files\common files\Winferno
2009-02-28 15:33 212,240 a------- c:\windows\system32\Richtx32.ocx
2009-02-28 15:33 495,616 a------- c:\windows\system32\WINUTIL5.DLL
2009-02-28 15:33 393,216 a------- c:\windows\system32\WINLCTL5.DLL
2009-02-28 15:33 835,584 a------- c:\windows\system32\WINCTL4.OCX
2009-02-28 15:33 <DIR> --d----- c:\program files\Winferno
2009-02-28 15:32 <DIR> --d----- c:\programdata\Wyyo
2009-02-28 15:32 <DIR> --d----- c:\program files\Wyyo
2009-02-28 15:32 <DIR> --d----- c:\progra~2\Wyyo
2009-02-28 15:32 <DIR> --d----- c:\program files\My.Freeze.com Toolbar
2009-02-23 19:27 <DIR> --d----- c:\programdata\Yahoo! Companion
==================== Find3M ====================
2009-02-11 10:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 10:19 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-14 20:16 826,368 a------- c:\windows\system32\wininet.dll
2009-01-14 20:16 56,320 a------- c:\windows\system32\iesetup.dll
2009-01-14 20:16 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-01-14 20:15 26,624 a------- c:\windows\system32\ieUnatt.exe
2008-12-11 03:14 174 a--sh--- c:\program files\desktop.ini
2008-08-05 14:29 86,016 a------- c:\windows\inf\infstrng.dat
2008-08-05 14:29 51,200 a------- c:\windows\inf\infpub.dat
2008-08-05 14:29 86,016 a------- c:\windows\inf\infstor.dat
2008-06-11 02:09 665,600 a------- c:\windows\inf\drvindex.dat
2007-06-05 21:10 3,098,056 a------- c:\users\mike\LimeWireWin.exe
2006-11-30 20:45 262,144 a------- c:\progra~2\ntuser.dat
2006-11-02 04:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 04:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 04:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 04:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-08-31 14:24 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2007-08-31 14:24 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2007-08-31 14:24 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
============= FINISH: 15:21:03.88 ===============
Hi again,
Uninstall these thru add/remove programs:
iWin Games (remove only)
My.Freeze.com Toolbar
Wyyo 1.0 build 123
Open notepad and copy/paste the text in the quotebox below into it:
Driver::
iWinTrusted
"Wyyo Service"
File::
c:\users\Mike\LimeWireWin.exe
c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
Folder::
c:\users\All Users\Wyyo
c:\programdata\Wyyo
c:\program files\Wyyo
c:\program files\My.Freeze.com Toolbar
c:\programdata\iWin Games
c:\program files\iWin Games
c:\users\Mike\AppData\Roaming\iWin
c:\program files\iWin.com
DDS::
uURLSearchHooks: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\my.freeze.com toolbar\NetAssistant.dll
BHO: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\my.freeze.com toolbar\NetAssistant.dll
BHO: XBTBPos00 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\my.freeze.com toolbar\freeze_us.dll
TB: My.Freeze.com Toolbar: {d0523bb4-21e7-11dd-9ab7-415b56d89593} - c:\program files\my.freeze.com toolbar\freeze_us.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} -
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{CCAE605D-63C2-414F-88B1-CB7069227E0F}c:\\stubinstaller.exe"=-
"UDP Query User{7F46B916-7C9A-43DD-99C8-AE27314A759C}c:\\stubinstaller.exe"=-
"TCP Query User{2B5B019D-78CB-4DE5-93AD-4E12FF0141FE}c:\\program files\\limewire\\limewire.exe"=-
"UDP Query User{E11BEF0A-F713-4AA2-8BC9-A0238754D9CD}c:\\program files\\limewire\\limewire.exe"=-
"{39B2E588-F996-437E-B52E-5D839C778C32}"=-
"{7C549BB5-B381-4E6D-99A6-70AB7530D976}"=-
"{B5C904C4-3635-4BB0-80E7-031862D4202B}"=-
"{69257608-C4E2-40DC-905D-4A0B00343CA8}"=-
"{9771530A-DD03-43FC-AD7E-E32BC6DB1816}"=-
"{AC159DA5-34EF-43F9-A924-E60574ADE417}"=-
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
Uninstall old Adobe Reader versions and get the latest one here (http://www.filehippo.com/download_adobe_reader/) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader!
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 Update 12 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u12-windows-i586-p.exe to install the newest version. Uncheck MSN toolbar if it's offered there.
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif). If you get a message that latest Java must be installed "enable" the Java add-ons in IE7. Do that using "manage add-ons" from the IE7 toolbar.
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
zuxtobeme
2009-03-06, 14:11
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, March 6, 2009
Operating System: Microsoft Windows Vista Home Basic Edition, 32-bit (build 6000)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, March 06, 2009 04:43:17
Records in database: 1873082
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Files scanned: 101323
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:25:33
File name / Threat name / Threats count
C:\Users\Mike\Downloads\AV2009Install_880167.exe Infected: Packed.Win32.PolyCrypt.m 1
The selected area was scanned.
DDS (Ver_09-02-01.01) - NTFSx86
Run by Mike at 5:01:57.65 on Fri 03/06/2009
Internet Explorer: 7.0.6000.16809 BrowserJavaVersion: 1.6.0_12
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1406.689 [GMT -8:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\System32\ico.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Users\Mike\AppData\Local\Temp\jkos-Mike\binaries\ScanningProcess.exe
C:\Users\Mike\AppData\Local\Temp\jkos-Mike\binaries\ScanningProcess.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mike\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PCCBHO.CPCCBHO: {22fc6ce8-7d47-479f-b74a-bfbb04adb9af} - c:\program files\winferno\pc confidential\PCCBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - c:\program files\winferno\pc confidential\PCConfidential.exe
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA} - c:\program files\winferno\pc confidential\PCConfidential.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
================= FIREFOX ===================
FF - ProfilePath - c:\users\mike\appdata\roaming\mozilla\firefox\profiles\h5jijifk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://my.freeze.com/?AcquisitionID=27d7ff22-f03a-430d-9578-017bf79ae384&s=&ipc=&vintage=20090209
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - plugin: c:\program files\mozilla firefox\plugins\NPMyWebS.dll
FF - plugin: c:\users\mike\appdata\roaming\mozilla\firefox\profiles\h5jijifk.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
============= SERVICES / DRIVERS ===============
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2006-7-10 42392]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-3-2 1153368]
S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2007-7-19 16384]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\PELUSBlf.SYS [2007-7-19 12288]
=============== Created Last 30 ================
2009-03-05 20:09 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-05 19:53 <DIR> --d----- c:\programdata\Adobe
2009-03-04 15:03 161,792 a------- c:\windows\SWREG.exe
2009-03-04 15:03 98,816 a------- c:\windows\sed.exe
2009-03-02 11:12 <DIR> --d----- c:\program files\Trend Micro
2009-03-02 10:49 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-03-02 10:49 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-02 10:49 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-02-28 20:31 <DIR> --d----- c:\programdata\Winferno
2009-02-28 15:35 <DIR> --d----- c:\program files\Freeze.com
2009-02-28 15:34 <DIR> --d----- c:\program files\Free Offers from Freeze.com
2009-02-28 15:34 <DIR> --d----- c:\users\mike\appdata\roaming\MailWasherPro
2009-02-28 15:34 <DIR> --d----- c:\program files\FireTrust
2009-02-28 15:33 <DIR> --d----- c:\program files\common files\Winferno
2009-02-28 15:33 212,240 a------- c:\windows\system32\Richtx32.ocx
2009-02-28 15:33 495,616 a------- c:\windows\system32\WINUTIL5.DLL
2009-02-28 15:33 393,216 a------- c:\windows\system32\WINLCTL5.DLL
2009-02-28 15:33 835,584 a------- c:\windows\system32\WINCTL4.OCX
2009-02-28 15:33 <DIR> --d----- c:\program files\Winferno
2009-02-23 19:27 <DIR> --d----- c:\programdata\Yahoo! Companion
==================== Find3M ====================
2009-02-11 10:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 10:19 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-14 20:16 826,368 a------- c:\windows\system32\wininet.dll
2009-01-14 20:16 56,320 a------- c:\windows\system32\iesetup.dll
2009-01-14 20:16 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-01-14 20:15 26,624 a------- c:\windows\system32\ieUnatt.exe
2008-12-11 03:14 174 a--sh--- c:\program files\desktop.ini
2008-08-05 14:29 86,016 a------- c:\windows\inf\infstrng.dat
2008-08-05 14:29 51,200 a------- c:\windows\inf\infpub.dat
2008-08-05 14:29 86,016 a------- c:\windows\inf\infstor.dat
2008-06-11 02:09 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-30 20:45 262,144 a------- c:\progra~2\ntuser.dat
2006-11-02 04:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 04:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 04:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 04:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-08-31 14:24 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2007-08-31 14:24 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2007-08-31 14:24 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
============= FINISH: 5:02:43.54 ===============
zuxtobeme
2009-03-06, 14:13
combo fix logg is to long to post. what should I do
Hi
Please post ComboFix log in smaller parts with separate posts :)
zuxtobeme
2009-03-06, 23:54
ComboFix 09-03-03.01 - Mike 2009-03-05 19:33:25.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1406.680 [GMT -8:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
Command switches used :: c:\users\Mike\Desktop\CFScript.txt
* Created a new restore point
FILE ::
c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
c:\users\Mike\LimeWireWin.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\iWin.com
c:\program files\iWin.com\Mah Jong Quest III\audio\BalloonBlowUp FlyAway.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\BalloonBlowUp.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\Bounce.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\Butterfly Flap.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\ButterflyFlapTwice.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\EarthQuakeCrack.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\Fire Crackling 1.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\Fire Crackling 2.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\Fire Crackling 3.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\Hi Pitch Ugh X23.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\M_ActionMusic.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\M_ClearedBoard.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\M_Clone.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\M_Down.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\M_EarthquakeTile.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\M_Explode.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\M_Fuse.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\M_HelpBallTile.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\M_IceMeltTile3.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\M_MagicWand.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\M_Magnet.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\M_Mallet1.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\M_MenuSelections.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\M_MonkeyLand.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\M_Monkeyland03.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\M_MonsterCry1.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\M_MonsterGong.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\M_MonsterTaunt1.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\M_MonsterYawn1.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\M_OpeningScroll.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\M_Quad.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\M_Select.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\M_Swapper.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\M_TileShuffle.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\M_TilesMatched.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\M_TilesMatchedBamboo.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\M_TilesMatchedCircle.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\M_TilesMatchedCoins.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\M_TilesMatchedCrack.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\M_TilesNotMatched.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\M_Time'sUp.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\M_Typhoon.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\M_Undo.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\M_Up.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\Mag Glass 2 Loop.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\Mag Glass Background Loop.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\Mag Glass Loop 2.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\Map.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\MQ2MenuMusic.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\music\FinalSong.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\music\MJIIIAsia1.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\music\MJIIIAsia2.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\music\MJIIIAsia3.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\music\MJIIIAsia4.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\music\MJIIIAsia5.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\music\MJIIIAsia6.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\music\MJIIITourament_1.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\music\MQ2MenuMusic.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\music\Tournament.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\SCrystalAttach.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\SingleUgh.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\SMirror3.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\TilesIn.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\Tournament.ogg
c:\program files\iWin.com\Mah Jong Quest III\audio\WindShortGust.wav
c:\program files\iWin.com\Mah Jong Quest III\cfg\ChooseBookFreeplay.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\ChooseBookVariations.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\ddelname.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\defaultfont.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\dentername.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\dhighdetail.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\doptions.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\dplayas.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\drules.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\drulesclassic.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\druleskwazi.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\drulestourney.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\dtellfriend.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\fonts.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\FreePlay.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\images.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\indexcards.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\kwazi.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\Land1.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\Land10.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\Land11.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\Land12.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\Land2.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\Land3.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\Land4.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\Land5.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\Land6.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\Land7.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\Land8.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\Land9.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\Map.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\menu.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\menudialog.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\modes.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\movie.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\Music.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\MyFonts.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\MySounds.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\oldmap.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\popup.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\puzzles0.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\puzzles1.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\puzzles2.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\pz0.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\pz1.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\pz13.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\pz14.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\pz15.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\pz16.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\pz2.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\pz3.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\pz4.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\pz5.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\pz6.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\pz7.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\pz8.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\Quest.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\radio.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\scenes.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\skin.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\SpiritMap.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\splash.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\splashanim.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\Story.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\strings.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\text.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\TextStyles.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\tile.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\Tourney.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\Variations.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\vendor.cfge
c:\program files\iWin.com\Mah Jong Quest III\cfg\vendor.sav
c:\program files\iWin.com\Mah Jong Quest III\cfg\vendordetails.cfge
c:\program files\iWin.com\Mah Jong Quest III\detours.dll
c:\program files\iWin.com\Mah Jong Quest III\dinput.dll
c:\program files\iWin.com\Mah Jong Quest III\Flash9b.ocx
c:\program files\iWin.com\Mah Jong Quest III\FlashPlayerControl.dll
c:\program files\iWin.com\Mah Jong Quest III\fonts\BANKGBTL.TTF
c:\program files\iWin.com\Mah Jong Quest III\fonts\bankgbtm.ttf
c:\program files\iWin.com\Mah Jong Quest III\fonts\bnkgothm.ttf
c:\program files\iWin.com\Mah Jong Quest III\fonts\HOBON.TTF
c:\program files\iWin.com\Mah Jong Quest III\fonts\HoboStd.otf
c:\program files\iWin.com\Mah Jong Quest III\fonts\MahJongCamb.ttf
c:\program files\iWin.com\Mah Jong Quest III\fonts\MahJongNum.ttf
c:\program files\iWin.com\Mah Jong Quest III\GameLauncher.exe
c:\program files\iWin.com\Mah Jong Quest III\gamepage\buynow.html
c:\program files\iWin.com\Mah Jong Quest III\gamepage\common.js
c:\program files\iWin.com\Mah Jong Quest III\gamepage\css\offline.css
c:\program files\iWin.com\Mah Jong Quest III\gamepage\end.html
c:\program files\iWin.com\Mah Jong Quest III\gamepage\expired.html
c:\program files\iWin.com\Mah Jong Quest III\gamepage\images\alert32x32.gif
c:\program files\iWin.com\Mah Jong Quest III\gamepage\images\bg_header.gif
c:\program files\iWin.com\Mah Jong Quest III\gamepage\images\continuefreetrial-32.gif
c:\program files\iWin.com\Mah Jong Quest III\gamepage\images\logo.jpg
c:\program files\iWin.com\Mah Jong Quest III\gamepage\images\product\feature.jpg
c:\program files\iWin.com\Mah Jong Quest III\gamepage\open.html
c:\program files\iWin.com\Mah Jong Quest III\gamepage\operationfailed.html
c:\program files\iWin.com\Mah Jong Quest III\gamepage\success.html
c:\program files\iWin.com\Mah Jong Quest III\gas.dll
c:\program files\iWin.com\Mah Jong Quest III\gas_game.zip
c:\program files\iWin.com\Mah Jong Quest III\gas_shared.zip
c:\program files\iWin.com\Mah Jong Quest III\glcfg.date
c:\program files\iWin.com\Mah Jong Quest III\GLWorker.exe
c:\program files\iWin.com\Mah Jong Quest III\icon.ico
c:\program files\iWin.com\Mah Jong Quest III\images\3rdtile_overlay.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\3rdtile_puz.JPGe
c:\program files\iWin.com\Mah Jong Quest III\images\ArrowCursor.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\ashes.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\autodtile.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\autodtrim.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\backgrounds\Land01.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\backgrounds\Land02.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\backgrounds\Land03.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\backgrounds\Land04.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\backgrounds\Land05.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\backgrounds\Land06.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\backgrounds\Land07.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\backgrounds\Land08.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\backgrounds\Land09.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\backgrounds\Land10.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\backgrounds\Land11.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\backgrounds\Land12.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\bamboo-rim.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\bgfourseasons.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\bgpristine.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\bgpuzzclass_01.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\bgpuzzclass_02.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\bgpuzzclass_03.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\bgpuzzclass_04.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\BlackBack.PNGe
c:\program files\iWin.com\Mah Jong Quest III\images\bonus.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\buttonize.PNGe
c:\program files\iWin.com\Mah Jong Quest III\images\choose_background.JPGe
c:\program files\iWin.com\Mah Jong Quest III\images\chooseboard\addtofavorites.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\chooseboard\fp_close.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\chooseboard\fp_frame.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\chooseboard\fp_label.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\chooseboard\fp_larrow.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\chooseboard\fp_menu.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\chooseboard\fp_modes.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\chooseboard\fp_next_arrow.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\chooseboard\fp_next_garrow.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\chooseboard\fp_popup.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\chooseboard\fp_popup_title.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\chooseboard\fp_prev_arrow.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\chooseboard\fp_prev_garrow.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\chooseboard\fp_prevtabs.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\chooseboard\fp_tab_left.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\chooseboard\fp_tab_right.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\chooseboard\fp_themes.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\chooseboard\fp_tilesets.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\chooseboard\freeplay.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\chooseboard\freeplay8.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\chooseboard\freeplay9.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\chooseboard\Larrow.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\chooseboard\Rarrow.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\chooseboard\removefromfavorites.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\chooseboard\seals.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\chooseboard\var_label.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\chooseboard\variations.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\choosecheck.PNGe
c:\program files\iWin.com\Mah Jong Quest III\images\coin_perfect_bonus500.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\DarkLight.PNGe
c:\program files\iWin.com\Mah Jong Quest III\images\dmenurestart.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\dragon.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\dragon_nostril_smoke_strip.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\dragon_smoke_strip.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\east.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\ember.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\empty_bg.PNGe
c:\program files\iWin.com\Mah Jong Quest III\images\freeplay_top.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\Gong.PNGe
c:\program files\iWin.com\Mah Jong Quest III\images\HandCursor.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\HighLight.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\hint.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\hostbtn.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\BlankPage.PNGe
c:\program files\iWin.com\Mah Jong Quest III\images\interface\connectanim.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\dcancel.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\dcancel_small.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\dcheck.gife
c:\program files\iWin.com\Mah Jong Quest III\images\interface\dcheck.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\ddelete.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\ddone.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\ddown.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\dicon.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\dknob.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\dleft.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\dmenu.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\dmenuchooseboard.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\dmenuchoosescene.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\dmenuchoosescene_small.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\dmenuclose.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\dmenumain.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\dmenuoptions.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\dmenuplayboard.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\dmenuplayboard_small.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\dmenuquit.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\dmenureplayany.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\dmenurestart.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\dmenuresume.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\dmenurules.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\dnext.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\dnext_small.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\dno.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\dok.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\dplay.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\dprev.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\dprev_small.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\dradio.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\dright.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\dsliderl.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\dsliderr.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\dup.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\dyes.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\menu_quest_vortex.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\menuskin.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\meter.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\meter_balance.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\meter_happiness.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\meter_wealth.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\mj_freeplay_btn.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\mj_kwazi_btn.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\mj_logo.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\mj_menu.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\mj_tournament_btn.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\mj_variations_btn.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\mm_btn_options.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\mm_btn_players.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\mm_btn_quit.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\mm_btn_rules.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\rulesclassic.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\ruleskwazi.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\rulesmenu.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\rulesTourney.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\scroll.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\SkinMahJong.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\thisbook.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\interface\updatebtn.gife
c:\program files\iWin.com\Mah Jong Quest III\images\interface\yinyang_base.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\list_button.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\mahjong.gif
c:\program files\iWin.com\Mah Jong Quest III\images\map\Choice.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\map\ChoiceButtons_Green.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\map\ChoiceButtons_Red.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\map\ChoiceButtons_Yellow.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\map\endreplay.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\map\frame.PNGe
c:\program files\iWin.com\Mah Jong Quest III\images\map\frame_boar.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\map\frame_dog.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\map\frame_dragon.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\map\frame_dragon_NEW.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\map\frame_horse.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\map\frame_monkey.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\map\frame_next.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\map\frame_ox.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\map\frame_previous.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\map\frame_rabbit.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\map\frame_rat.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\map\frame_rooster.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\map\frame_sheep.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\map\frame_snake.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\map\frame_tiger.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\map\gem.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\map\gemsmall.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\map\hidelayout.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\map\meter1.PNGe
c:\program files\iWin.com\Mah Jong Quest III\images\map\meter2.PNGe
c:\program files\iWin.com\Mah Jong Quest III\images\map\meter3.PNGe
c:\program files\iWin.com\Mah Jong Quest III\images\map\replay.PNGe
c:\program files\iWin.com\Mah Jong Quest III\images\map\showlayout.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\map\TitleBar.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\menu.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\MiniTimerBonus.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\monster\Gong.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\monster\GongA.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\monster\GongB-joined.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\monster\GongSupport.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\monster\Hammer.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\monster\TapCycle.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\monster\Transition.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\monster\WalkCycle.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\monster\Yawn.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\NoMoreMoves.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\NoMoreMovesMini.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\north.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\note_card.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\BridgeOverlay.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\door_1_4_UP.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\door_BUSTED.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L1_C001.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L1_C002.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L1_C003.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L1_C004.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L1_C005.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L1_c006.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L1_c011.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L1_C019.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L1_c020_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L1_cradel.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L1_Cradle_OVLY_R.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L1_p007.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L1_p008.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L1_p009.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L1_p010.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L1_p016.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L1_p017.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L1_p018.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L1_p021.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L1_p021_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L1_p022.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L1_p023_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L1_p024_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L1_p025_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L1_pChest.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L10_p228_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L10_p229_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L10_p230_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L10_p231_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L10_p232_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L11_c245_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L11_p242_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L11_p243_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L11_p244_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L11_p246_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L11_p247_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L11_p248_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L11_p249_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L11_p250_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L11_p251_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L11_p252_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L11_p253_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L11_p254_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L11_p255_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L11_p256_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L11_p257_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L11_p258_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L11_Top.PNGe
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L12_BG_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L12_c259_1_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L12_c259_2_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L12_c259_3_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L12_c260_1_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L12_c260_2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L12_c260_2_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L12_c261_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L12_c262_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L12_c263_1_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L12_c263_2_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L12_c263_3_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L12_c265_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L12_c266_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L12_c267_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L12_c268_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L12_c269_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L12_c270_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L12_c271_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L2_c033.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L2_p034.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L2_p036.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L2_p038.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L2_p040_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L2_p041_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L2_p042.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L2_p043.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L2_p044.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L2_p045.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L2_p046.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L2_p047.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L3_5_1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L3_5_2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L3_c051_1_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L3_c051_2_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L3_c055_1_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L3_c056_1_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L3_c057_1_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L3_c058_1_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L3_c059_1_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L3_c060_1_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L3_c061_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L3_c070_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L3_c071_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L3_c072_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L3_c073_ol.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L4_c073.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L4_c077.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L4_c078.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L4_c079.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L4_c080.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L4_c081.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L4_c082.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L4_overlay.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L4_p083_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L4_p084.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_c092.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_c093.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_c094.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_c095.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_c096.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_c097.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_c098.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_c099.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_c100.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_c101.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_c102.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_c103_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_c104_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_c105.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_c106_1_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_c106_2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_c107_1_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_c107_2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_c108_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_c109_1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_c111.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_c112.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_c114.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_c115_1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_c115_2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_c116.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_c117.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_c119.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_c120.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_c121.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_c122.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_c123.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_c124.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_c125.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_c126.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_p109_2_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_p110.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_p113.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_p118_1_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_p118_2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_p127.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_p128.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_p128_2_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_p128_3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L5_p129_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L6_BG.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L6_c130.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L6_c131.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L6_c131_1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L6_c132.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L6_c133.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L6_c134.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L6_c135.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L6_c136.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L6_c137.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L6_c138.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L6_c139.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L6_c140.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L6_c141.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L6_c144.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L6_Lp149.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L6_p141.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L6_p142.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L6_p143.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L6_p145.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L6_p146.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L6_p147.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L6_p148.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L6_p149.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L7_c150.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L7_c151.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L7_c156.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L7_c157.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L7_c158.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L7_c159.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L7_c160.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L7_c161.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L7_c162.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L7_c163.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L7_c164.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L7_c165_1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L7_c165_2_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L7_c166.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L7_c167.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L7_c168.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L7_c169.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L7_c170.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L7_p153_1_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L7_p153_2_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L7_p154.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L7_p155_1_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L7_p155_2_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L8_BG_sky_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L8_c171.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L8_c172.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L8_c173.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L8_p174_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L8_p175_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L8_p176_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L8_p177.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L8_p178.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L8_p179.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L8_p180.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L8_p181.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L8_p183_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L8_p183_ul_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L8_p184_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L8_p184_ul_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L8_p185_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L8_p185_ul_r.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L8_p186.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L8_p187.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L8_p188.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L8_p189.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L8_p190.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L8_p191.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L9_c192.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L9_c193.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L9_c194.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L9_c195.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L9_c196.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L9_c198.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L9_c199.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L9_c200.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L9_c201.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L9_c201_1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L9_c202.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L9_c203_1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L9_c203_2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L9_c203_3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L9_c204.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L9_c205.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L9_c208.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L9_c208_1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L9_c209.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L9_c210.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L9_c211.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L9_c212.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L9_c213.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L9_c214.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L9_c214_1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L9_c215.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L9_c215_1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L9_c216.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L9_c217.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L9_c218.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L9_c219.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L9_c220.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L9_c221.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L9_c222.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L9_c223.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L9_p224.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\L9_p225.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P13\O1C0.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P13\O1C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P13\O1C2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P13\O1C3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P13\O2C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P13\O2C2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P13\O2C3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P13\O3C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P13\O3C2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P13\O3C3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P13\O4C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P13\O4C2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P13\O4C3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P13\O5C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P13\O5C2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P13\O5C3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P13\O6C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P13\O6C2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P13\O6C3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P16\O1C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P16\O1C2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P16\O1C3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P19\O1C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P19\O1C2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P19\O1C3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P19\O2C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P19\O2C2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P19\O2C3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P19\O3C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P19\O3C2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P19\O3C3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P19\O4C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P19\O4C2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P19\O4C3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P23\O12C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P23\O12C2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P23\O12C3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P23\O13C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P23\O13C2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P23\O13C3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P23\O1C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P23\O1C2.cfge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P23\O1C3.cfge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P23\O22C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P23\O22C2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P23\O22C3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P23\O23C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P23\O23C2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P23\O23C3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P23\O2C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P23\O2C2.cfge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P23\O2C3.cfge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P23\O32C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P23\O32C2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P23\O32C3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P23\O33C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P23\O33C2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P23\O33C3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P23\O3C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P23\O3C2.cfge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P23\O3C3.cfge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P23\O42C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P23\O42C2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P23\O42C3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P23\O43C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P23\O43C2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P23\O43C3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P23\O4C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P23\O4C2.cfge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P23\O4C3.cfge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P3\O1C0.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P3\O1C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P3\O1C2.cfge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P3\O1C2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P3\O1C3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P38\O1C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P38\O2C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P38\O2C2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P38\O3C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P55\O1C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P55\O1C2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P55\O1C3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P58\O1C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P58\O1C2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P58\O1C3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P59\O1C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P59\O1C2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P59\O1C3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P60\O1C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P60\O1C2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P60\O1C3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P61\O1C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P61\O1C2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P61\O1C3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P62\O1C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P62\O1C2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P62\O1C3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P63\O1C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P63\O1C2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P63\O1C3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P66\O1C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P66\O1C2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P7\O1C0.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P7\O1C1.cfge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P7\O1C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P7\O1C2.cfge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P7\O1C2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P7\O1C3.cfge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P7\O1C3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P8\O1C0.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P8\O1C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P8\O1C2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P8\O1C3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P8\O2C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P8\O2C2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P8\O2C3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P8\O3C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P8\O3C2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P8\O3C3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P8\O4C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P8\O4C2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P8\O4C3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P8\O5C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P8\O5C2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P8\O5C3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P8\O6C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P8\O6C2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P8\O6C3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P8\O7C1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P8\O7C2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\P8\O7C3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\objects\Tile_Box.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\quest_top_strip.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\QuestPause.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\restart.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\rice_paper.PNGe
c:\program files\iWin.com\Mah Jong Quest III\images\scoreplate.PNGe
c:\program files\iWin.com\Mah Jong Quest III\images\smoke.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\smoke_sparkle.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\south.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\spacer.gife
c:\program files\iWin.com\Mah Jong Quest III\images\story\Afterword.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\story\closing.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\story\land01.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\story\land02.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\story\land03.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\story\land04.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\story\land05.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\story\land06.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\story\land07.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\story\land08.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\story\land09.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\story\land10.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\story\land11.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\story\land12.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\story\opening01.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\story\opening02.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\story\opening03.jpge
c:\program files\iWin.com\Mah Jong Quest III\images\story\TitleShot.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\Tckj9j17c57.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\AlphabetTiles.pnge
zuxtobeme
2009-03-06, 23:55
c:\program files\iWin.com\Mah Jong Quest III\images\tile\BallBounce.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\balloon_alpha.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\balloonblowup.PNGe
c:\program files\iWin.com\Mah Jong Quest III\images\tile\balloons.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\BigMagnifyFocal.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\BigMagnifyingGlass.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\blackice.PNGe
c:\program files\iWin.com\Mah Jong Quest III\images\tile\BudhaTiles.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\butterfly.PNGe
c:\program files\iWin.com\Mah Jong Quest III\images\tile\butterfly_w_alpha.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\classic_tiles.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\classic_tiles_dark.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\clone.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\coin_bronze.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\coin_bronze_strip.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\coin_gold.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\coin_gold_strip.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\coin_silver.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\coin_silver_strip.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\DarkMask.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\DominoTiles.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\down.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\earthquake.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\fireball.PNGe
c:\program files\iWin.com\Mah Jong Quest III\images\tile\fireball_mid_air.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\firecracker_1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\firecracker_blue_1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\firecracker_blue_2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\firecracker_blue_3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\firecracker_green_1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\firecracker_green_2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\firecracker_green_3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\firecracker_red_1.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\firecracker_red_2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\firecracker_red_3.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\Hourglass.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\hourglass2.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\IceCube.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\kwazi_tiles.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\kwazi_tiles_dark.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\magnet.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\magnifyingglass.PNGe
c:\program files\iWin.com\Mah Jong Quest III\images\tile\mini_classic_tiles.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\mini_kwazi_tiles.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\mini_one_tile.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\mini_one_tile2.PNGe
c:\program files\iWin.com\Mah Jong Quest III\images\tile\mini_regular.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\mini_special.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\miniblank.PNGe
c:\program files\iWin.com\Mah Jong Quest III\images\tile\one_tile.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\SmileyTiles.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\special_tiles.PNGe
c:\program files\iWin.com\Mah Jong Quest III\images\tile\swapper.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\tile_line_h.bmp
c:\program files\iWin.com\Mah Jong Quest III\images\tile\tile_line_v.bmp
c:\program files\iWin.com\Mah Jong Quest III\images\tile\tourney_tiles.PNGe
c:\program files\iWin.com\Mah Jong Quest III\images\tile\typhoon.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\typhoon_grow_TEST.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\up.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\wand.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\xrayspecs.PNGe
c:\program files\iWin.com\Mah Jong Quest III\images\tile\yang.gife
c:\program files\iWin.com\Mah Jong Quest III\images\tile\yang.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\yin.gife
c:\program files\iWin.com\Mah Jong Quest III\images\tile\yin.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile\yin_yang.gife
c:\program files\iWin.com\Mah Jong Quest III\images\tile\yin_yang_tiles.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile_hole_stone.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tile_hole_wood.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\timer.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\timer_classic.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\timer_incense.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\TimerTrick.GIFe
c:\program files\iWin.com\Mah Jong Quest III\images\tourney_cover.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tourney_menu.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tourney_messages.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tourney_quit.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\tourney_top.PNGe
c:\program files\iWin.com\Mah Jong Quest III\images\tresults_winner.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\undo.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\undo_tile_area.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\WaitCursor.pnge
c:\program files\iWin.com\Mah Jong Quest III\images\west.pnge
c:\program files\iWin.com\Mah Jong Quest III\iWin Games.url
c:\program files\iWin.com\Mah Jong Quest III\iwin.ico
c:\program files\iWin.com\Mah Jong Quest III\iWin_GDF.dll
c:\program files\iWin.com\Mah Jong Quest III\jpeg.dll
c:\program files\iWin.com\Mah Jong Quest III\libpng13.dll
c:\program files\iWin.com\Mah Jong Quest III\license.rtf
c:\program files\iWin.com\Mah Jong Quest III\MahjongQuest3.ico
c:\program files\iWin.com\Mah Jong Quest III\MahjongQuest3.ifn
c:\program files\iWin.com\Mah Jong Quest III\Microsoft.VC80.CRT.manifest
c:\program files\iWin.com\Mah Jong Quest III\msvcp80.dll
c:\program files\iWin.com\Mah Jong Quest III\msvcr80.dll
c:\program files\iWin.com\Mah Jong Quest III\puzzles\18_hidden_tiles.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\3d.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\a_bridge_too_far.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\abundance.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\AfterTheEarthquake.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\all_seeing.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\angry_dragon.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\assembly.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\BalloonsOne.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\base_camp.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\BaseOfThePyramid.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\BathtubNoShower.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\BathtubWithShower.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\battle_lines.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\BeforeTheEarthquake.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Bifocals.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\bowtie.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\BoxesOfTrouble.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\bridge_design.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\BunkBeds.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Butterfly.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\byzantium.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\calm_dragon.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\canals.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\center_of_the_universe.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\chinese_beetle.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\classic.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\classic3000.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\coliseum.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Congestion.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\congrats1.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\congrats2.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\congrats3.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\congrats4.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\congrats5.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\congrats6.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\congrats7.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\congrats8.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\connectors.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\courtyard.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\crates.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\CrissCross.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\CrookedBoxCars.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\CrookedDice.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\curls.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\dead_eye.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\descendant.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Dns01.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Dns02.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Dns03.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Dns04.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Dns05.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Dns06.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Dns07.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Dns08.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\DNSMiniClassic.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\dragons_eye.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\DragonsMaze.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\DragonsTail.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\EasyCrates.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\empty.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\EmptyPedestals.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\encryption.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\face_off.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\FiveDiamonds.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Flip.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\FlipAndFlop.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\floorplan.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Foundation.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\four_winds.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\frame_spring.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Gauntlet.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\goggles.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\guarded_town.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\HardCrates.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\HardTimes.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\HH_ClassicParted.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\HH_ClassicSplit.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\HH_FlatLands.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\HH_FlatLandsII.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\HH_New_Classic_I.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\HH_PairOfJacks.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\HH_SeeingEyeToEye.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\HH_UsVsThem.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\HI.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\hidden_foundation.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\hint_of_trouble.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\HollowCubes.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\IceCubeTest.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\igloo.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\intersection.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Interwoven.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\JoesLayoutForAna.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Joetest10.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\joetest1001.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\JoeTest1002.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Joetest11.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\JoeTest4.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\JoeTestAll.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\justplaintrouble.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\key_to_the_city.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\KnockoutPunch.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\KnotEasy.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\kwabandonedbuilding.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\KwAllTogether.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\KwBangYourHead.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\KwBoxedIn2.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\kwbrick20.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\kwbrick33.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\kwbrick50.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\kwbrick52.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\KwBrickedEagle.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\kwcanals.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\KwClassic.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\KwClawTrip.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\kwclone2.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\kwclone3.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\kwclonetutorial.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\kwcoliseum.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\kwcricket.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\KwDouble103.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\KwDouble104.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\KwDouble2.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\kwdouble5.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\KwFinal1.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\KwFinal2.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\KwFinal3.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\KwFinal4.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\KwFinal5.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\kwfinaljoe.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\KwFortress2.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\kwfourwinds.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\kwfreecell.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\KwFreedom3.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\KwHideSeek.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\KwInFormation2.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\KwIntersection3.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\KwJimBeHappy.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\KwKingTut.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\kwlast1.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\kwlatticework.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\KwMagnet102.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\kwmagnet4.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\kwmath2.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\kwmonument.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\kwneedhelp.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\kwnoescape.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\KwNumbers1.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\KwNumbers2.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\kwobstacletrip3.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\kwOnthebalancebeam.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\KwPerserverance3.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\kwpriorities.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\kwsnowblindness3.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\KwSwapMeet101.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\KwSwapTyphoon.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\kwthreematch.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\KwThreeTowers.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\KwTrouble2.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\KwTyphoon101.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\KwWharehouse.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\KwWild8.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\KwYinAndYangFinal.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\leaning_towers.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\lookingglass.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\MahJingDoubleFour.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\MahJingDoubleOne.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\MahJingDoubleThree.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\MahJingDoubleTwo.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\MahJingSmall.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\MahJingStackChallenge.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\mark_the_spot.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\masquerade.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\mirror_image.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj24DGoggles.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2Assembly.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2BalloonMagic.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2BalloonParty.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2BeetleBully.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2BoxesOfTrouble.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2BrickedEagle.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2Byzantium.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2Classic.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2Classic3000.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2ClassicCovers.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2ClassicWithHelp.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2CloneSwap.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2CoinsFountain.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2CourtyardDemolition.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2CrisisIntervention.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2Decisions.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2DemolitionTime.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2DoubleDeckFreeCell.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2DoubleTimes.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2DoubleTripleFinal.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2DoubleTripleTowers.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2EarthquakesAndBalloons.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2EarthquakeTest.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2EasyEmpathy.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2EveOfDestruction.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2FlipFlop.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2FloorPlan.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2FreedomPlaza.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2FriendlyHelpers.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2FrozenBifocals.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2FrozenFountain.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2FrozenReservoir.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2FullHouses.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2FunnyBalloons.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2GongMonster.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2HalfwayRestStop.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2HardTimes.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2IceBreaker.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2IceCubes.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2KnockoutPunch.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2KnotEasy.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2LastGongurai.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2LookingGlass.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2LotsOfHelp.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2LotsOfSurprises.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2MessOfTrouble.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2MishMash.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2OneTyphoon.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2PrioritiesRevisited.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2ReturnToThunderDome.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2SecondHalfFun.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2SwapTastic.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2ThroughAGlassDarkly.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2TriChallenge.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2TripleFortress.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2TripleTriumph.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2TripleTrouble.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2TryingTimes.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2TwoHouses.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2TwoOnTheBeam.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2TyphoonFun.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2TyphoonsAndBalloons.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2WatchYourStep.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2WaterBalloons.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2WhatsYourViewpoint.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2WiseChoices.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Mj2Zipper.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\moated_castle.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\ModernClassic.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\mosaic.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\mouse_trap.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\MouseTraps.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\NeedsAName1.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\NeedsName2.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\noescape.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\nuts_and_bolts.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\obstacle_course.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\odometer.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\over_and_under.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\perfection.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\platformer.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\PrincesOfMaine.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Priorities.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\prongs.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pulsar.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzafoot.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzauditorium.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzbalance2.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzbrick1.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzbrick2.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzbrick5.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzbugreport.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzClimber.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzcubik.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzdbchoiceaplenty.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzDeathBlock.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzdiamond_bracelet.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzdouble_trouble.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzDoubleDoom.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzdrunkenpig.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzEncased.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\PzEz1.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzez2.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzflatland.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzfortress.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzFourWinds.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzfree_cell.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzfreecell2.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzghost_elvis.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzgoldpan.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzguardedtown.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzhandle.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzhardbrick1.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzHelpMe.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzhollowpyramid2.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzinsane.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzjoes_life_eh.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzkingtut.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzlattice2.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzlittleknowledge.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzmonument.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzonetwothree2.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzopera.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzparking_garage.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzpercentage.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzpriorities.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzpriorities2.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzprop.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzpyramids_of_doom.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzsherlock1.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzshovel.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzsimply_staggering.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzskyscraper.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzsleepingdog.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzsoma.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzSpeedTest.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzspider.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzstacksoftrouble.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzsuper2.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pztetrahedron.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pztheend.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzthree.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzThreeTowers.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzToughOne.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pztwinstairs.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzvenus_fly_trap.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzzBrick1.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzzBrick11.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzzBuriedTreasure.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzzChessGreen.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzzClone1.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzzMagnet0.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzzMagnet1.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzzMath1.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzzMath3.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzzMath4.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzzOneTwo3.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzzSwapTutorial.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzzTempSetBack.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzzVortex1.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\pzzVortex1b.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Q3_Cradle2.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Q3_CradleOfLife.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\QuatroChallenge.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\QuickPlayCheat.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\rays_of_hope.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\reactor.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\sand_block.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\scales.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\scarecrow.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\scenic_pathway.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\secret_passage.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\ShakespearInThePark.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\shredder.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\simple.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\simple_wedge.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\SolidBlocks.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\SolidDice.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\SpiralStaircase.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\stability.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\staircase.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\starburst.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\SteepleChase.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\stepping_stones.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\steps_of_knowledge.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\stereoscopic.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\storehouse.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\StraightAndNarrow.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\struts.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\temple.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\tentacles.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\testjoe1.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\that_a_way.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\the_three_towers.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\TheFox.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\TheThreeWisdoms.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\ThreeChairs.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\ThroneRoom.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\ThroughAGlassDarkly.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\TicTacTower.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\tigers_eye.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\time_warp.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\TimeForMahJong.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\ToughObstacleCourse.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\town_square.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\tri_guard.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Tribute.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\TripleFortress.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\TriTriAgain.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\TwinBeds.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\ultraviolet.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\vertebra.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\visible_means_of_support.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\waves.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\wedges.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\where_genius_starts.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\WildMushrooms.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\wings.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\work.scfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\xo.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\YangYinsanity.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_BouncyHelp.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_BrokenHeart.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_BurningKnowledge.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_BurningQuestions.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_ButterflysInIce.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_CalculatingDragons.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_ChildsPlaything.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_ChooseWisely.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_ClearingTheFoundation.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_CloneRangers.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_CradleOfLife.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_DejaVu.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_DiamondBracelet.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_Directionless.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_DoubleVisionFlashback.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_DragonsMaze.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_DragonsOnTheBridge.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_DragonsPatch.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_DragonsPerch.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_EarthquakeTime.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_EmptyHouse.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_EmptyLot.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_FamiliarFriend.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_FinalGift.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_FlipAndFlop.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_FrozenFriend.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_FunnyBalloons.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_GiftBox.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_GiftOfLife.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_HalfwayForReal.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_HauntinglyFamiliar.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_HeartsAfire.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_HomeAndGarage.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_IceBlock.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_IntoTheWorld.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_JoeWork.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_KnotEasy.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_LandscapeProblems.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_LawsOfAttraction.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_LotsOfHelp.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_LotsOfSurprises.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_MahJing.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_MendedHeart.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_MessOfTrouble.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_MishMash.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_NewFloorPlan.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_NightAtTheOpera.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_NotHalfWayYet.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_ObstacleCourse.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_OneLastLook.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_OneLastLook2.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_PicketFence.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_PictureFrame.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_PicturePerfect.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_PlaceForEverything.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_RememberanceOfThingsPast.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_SimplePerfection.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_SoFamiliar.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_StuckZipper.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_SwaptasticII.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_ThreeBowls.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_ThunderDomeIII.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_TimeTunnel.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_TotalMadness.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_TwelveButterflies.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_TwoHeartsAsOne.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_TwoJoinedAsOne.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_Variation1.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_War.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_WaterCelebration.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_WharehouseWork.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_WhereDidThatRoofGo.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_WiseChoices.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_WorkVsLife.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Z_XRayHelpers.cfg
c:\program files\iWin.com\Mah Jong Quest III\puzzles\Zipper.cfg
c:\program files\iWin.com\Mah Jong Quest III\readme.rtf
c:\program files\iWin.com\Mah Jong Quest III\SDL.dll
c:\program files\iWin.com\Mah Jong Quest III\SDL_gbase.dll
c:\program files\iWin.com\Mah Jong Quest III\SDL_gfx.dll
c:\program files\iWin.com\Mah Jong Quest III\SDL_image.dll
c:\program files\iWin.com\Mah Jong Quest III\SDL_mixer.dll
c:\program files\iWin.com\Mah Jong Quest III\sdl_sound.dll
c:\program files\iWin.com\Mah Jong Quest III\SDL_ttf.dll
c:\program files\iWin.com\Mah Jong Quest III\splash\splashscreen.jpge
c:\program files\iWin.com\Mah Jong Quest III\stdat.dat
c:\program files\iWin.com\Mah Jong Quest III\Uninstall.exe
c:\program files\iWin.com\Mah Jong Quest III\vorbis.dll
c:\program files\iWin.com\Mah Jong Quest III\vorbisfile.dll
c:\program files\iWin.com\Mah Jong Quest III\WebUpdater.bmp
c:\program files\iWin.com\Mah Jong Quest III\WebUpdater.exe
c:\program files\iWin.com\Mah Jong Quest III\zlib1.dll
c:\program files\My.Freeze.com Toolbar
c:\program files\Wyyo
c:\program files\Wyyo\Wyyo_deleted_\wyyo.dll
c:\program files\Wyyo\Wyyo_deleted_\wyyo.exe
c:\programdata\iWin Games
c:\programdata\iWin Games\drm\data\{17333768-0154-0324-7263-42450F0FF0EB}.dta
c:\programdata\iWin Games\drm\data\{17336666-0417-0847-5353-75270F0FF2GS}.dta
c:\programdata\iWin Games\drm\drm_1736664178475357527_MahjongQuest3.ifn.stdat
c:\programdata\iWin Games\firefox\chrome.manifest
c:\programdata\iWin Games\firefox\chrome\iwinarcade.jar
c:\programdata\iWin Games\firefox\install.rdf
c:\programdata\iWin Games\firefox\iWinArcadeLauncher.exe
c:\programdata\iWin Games\firefox\version
c:\users\Mike\AppData\Roaming\iWin
c:\users\Mike\AppData\Roaming\iWin\MahjongQuest2\crash.txt
c:\users\Mike\AppData\Roaming\iWin\MahjongQuest2\Debbie.plr02e
c:\users\Mike\AppData\Roaming\iWin\MahjongQuest2\Debbie.plr0e
c:\users\Mike\AppData\Roaming\iWin\MahjongQuest2\Debbie.plr2e
c:\users\Mike\AppData\Roaming\iWin\MahjongQuest2\debug.txt
c:\users\Mike\AppData\Roaming\iWin\MahjongQuest2\HighScores.cfge
c:\users\Mike\AppData\Roaming\iWin\MahjongQuest2\players.cfge
c:\users\Mike\LimeWireWin.exe
zuxtobeme
2009-03-06, 23:56
((((((((((((((((((((((((( Files Created from 2009-02-06 to 2009-03-06 )))))))))))))))))))))))))))))))
.
2009-03-02 11:12 . 2009-03-02 11:12 <DIR> d-------- c:\program files\Trend Micro
2009-03-02 10:49 . 2009-03-02 11:11 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2009-03-02 10:49 . 2009-03-02 11:11 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2009-03-02 10:49 . 2009-03-02 10:49 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-02-28 20:31 . 2009-02-28 20:31 <DIR> d-------- c:\users\All Users\Winferno
2009-02-28 20:31 . 2009-02-28 20:31 <DIR> d-------- c:\programdata\Winferno
2009-02-28 15:35 . 2009-02-28 15:35 <DIR> d-------- c:\program files\Freeze.com
2009-02-28 15:34 . 2009-02-28 20:31 <DIR> d-------- c:\users\Mike\AppData\Roaming\MailWasherPro
2009-02-28 15:34 . 2009-02-28 15:34 <DIR> d-------- c:\program files\Free Offers from Freeze.com
2009-02-28 15:34 . 2009-02-28 15:34 <DIR> d-------- c:\program files\FireTrust
2009-02-28 15:33 . 2009-02-28 15:33 <DIR> d-------- c:\program files\Winferno
2009-02-28 15:33 . 2009-02-28 15:33 <DIR> d-------- c:\program files\Common Files\Winferno
2009-02-28 15:33 . 2006-10-09 12:28 835,584 --a------ c:\windows\System32\WINCTL4.OCX
2009-02-28 15:33 . 2006-10-09 13:06 495,616 --a------ c:\windows\System32\WINUTIL5.DLL
2009-02-28 15:33 . 2006-05-17 08:40 393,216 --a------ c:\windows\System32\WINLCTL5.DLL
2009-02-28 15:33 . 2006-07-24 08:56 212,240 --a------ c:\windows\System32\Richtx32.ocx
2009-02-23 19:27 . 2009-03-05 19:28 <DIR> d-------- c:\users\All Users\Yahoo! Companion
2009-02-23 19:27 . 2009-03-05 19:28 <DIR> d-------- c:\programdata\Yahoo! Companion
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-01 04:42 --------- d---a-w c:\programdata\TEMP
2009-02-28 03:34 --------- d-----w c:\users\Mike\AppData\Roaming\ZoomBrowser EX
2009-02-28 02:30 --------- d-----w c:\users\Mike\AppData\Roaming\CameraWindowDC
2009-02-24 03:27 --------- d-----w c:\program files\Yahoo!
2009-02-24 03:26 --------- d-----w c:\programdata\Yahoo!
2009-02-17 00:35 --------- d-----w c:\programdata\ZoomBrowser
2009-02-14 01:09 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-12 11:00 --------- d-----w c:\program files\Windows Mail
2009-02-11 18:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 18:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-27 08:02 --------- d-----w c:\users\Mike\AppData\Roaming\MySpace
2009-01-15 04:16 826,368 ----a-w c:\windows\System32\wininet.dll
2009-01-15 04:16 56,320 ----a-w c:\windows\System32\iesetup.dll
2009-01-15 04:16 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-15 04:15 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2008-12-11 11:14 174 --sha-w c:\program files\desktop.ini
2006-12-01 04:45 262,144 ----a-w c:\programdata\ntuser.dat
2007-08-31 22:24 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-08-31 22:24 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-08-31 22:24 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-03-04_15.15.21.89 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-04 23:10:20 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-03-04 23:10:20 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-03-04 23:11:22 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-04 23:12:29 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2009-03-03 01:23:04 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-06 03:27:16 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-03-03 01:23:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-06 03:27:16 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-03 01:23:04 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-06 03:27:16 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-03 01:29:21 104,654 ----a-w c:\windows\System32\perfc009.dat
+ 2009-03-04 23:16:42 104,654 ----a-w c:\windows\System32\perfc009.dat
- 2009-03-03 01:29:21 621,234 ----a-w c:\windows\System32\perfh009.dat
+ 2009-03-04 23:16:42 621,234 ----a-w c:\windows\System32\perfh009.dat
- 2009-03-03 01:25:40 11,952 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1771572009-2143249529-537786000-1000_UserData.bin
+ 2009-03-04 23:12:58 12,324 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1771572009-2143249529-537786000-1000_UserData.bin
- 2009-03-03 01:25:39 55,886 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-04 23:12:58 55,972 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-03-04 22:54:59 260,092 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-03-06 03:20:42 260,894 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-10 417792]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-03 1045800]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-12-16 188416]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-01-18 421888]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-11-22 409264]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-11-28 52912]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2006-11-20 446128]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-11-14 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-11-15 267048]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 c:\windows\RtHDVCpl.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"Mouse Suite 98 Daemon"="ICO.EXE" [2003-11-20 c:\windows\System32\ico.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-06-05 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
--a------ 2006-11-28 20:05 523952 c:\program files\TOSHIBA\FlashCards\TCrdMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PINGER]
--a------ 2006-07-20 12:45 151552 c:\toshiba\IVP\ISM\pinger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{176E3F5C-CB30-4D47-A698-BE4652CC8BEC}c:\\program files\\world of warcraft\\wow-2.0.3-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.0.3-enus-downloader.exe:Blizzard Downloader
"UDP Query User{450049DC-C501-4AAD-BBEF-91F7F582F95D}c:\\program files\\world of warcraft\\wow-2.0.3-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.0.3-enus-downloader.exe:Blizzard Downloader
"TCP Query User{1260064F-2BE0-40C5-98B2-923BA6B1DD68}c:\\program files\\world of warcraft\\wow-2.0.3.6299-to-2.0.10.6448-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.0.3.6299-to-2.0.10.6448-enus-downloader.exe:Blizzard Downloader
"UDP Query User{4B6AE1A8-46E5-47FC-B439-9389CEEB5A46}c:\\program files\\world of warcraft\\wow-2.0.3.6299-to-2.0.10.6448-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.0.3.6299-to-2.0.10.6448-enus-downloader.exe:Blizzard Downloader
"{D056CEA9-30DB-411D-9E36-E514128AA8D0}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{34EA8DAF-815B-4A26-ABDA-80466AC51CB0}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{4C0AF536-42F6-4E66-8A1C-CF4EC6F47E7F}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{24E550B1-8C11-4365-B9C0-76AED1378A82}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{C5CCF8C8-BEAE-477B-95F9-EB5BE686F4A8}c:\\program files\\world of warcraft\\wow-2.0.10.6448-to-2.0.12.6546-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.0.10.6448-to-2.0.12.6546-enus-downloader.exe:Blizzard Downloader
"UDP Query User{9E1AEFFF-4981-493B-B77A-2C0E23068539}c:\\program files\\world of warcraft\\wow-2.0.10.6448-to-2.0.12.6546-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.0.10.6448-to-2.0.12.6546-enus-downloader.exe:Blizzard Downloader
"TCP Query User{A666DEC4-401B-49F1-A7B3-EB7C0A3B0378}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{4769773A-52C8-4BF6-B47B-42D605694FE8}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{DEB15429-903C-49CD-B705-3C963B0AFF6A}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= UDP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{3A61EB2B-8416-4579-AFF4-91CB0FF34F96}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= TCP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"TCP Query User{963ECF4C-0BE9-4D2A-AA3E-63EDB7045B86}c:\\program files\\world of warcraft\\wow-2.0.12.6546-to-2.1.0.6692-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.0.12.6546-to-2.1.0.6692-enus-downloader.exe:Blizzard Downloader
"UDP Query User{E7FBF28F-11D2-447A-AE53-CCE1D5D83187}c:\\program files\\world of warcraft\\wow-2.0.12.6546-to-2.1.0.6692-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.0.12.6546-to-2.1.0.6692-enus-downloader.exe:Blizzard Downloader
"{EFD8271A-AE69-4472-8E56-9F2078CF48FA}"= UDP:3724:Blizzard Downloader
"{3567B354-552B-4E2E-96F3-CA8A9EC20342}"= UDP:6112:Blizzard Downloader
"{365B6557-7394-4A6F-A592-4C6E3382B394}"= UDP:6881:Blizzard Downloader
"{D8801E4E-DA33-460D-B6FF-B49ADE1E7438}"= UDP:6882:Blizzard Downloader
"{21C1D7EA-ABC5-478C-A98B-C3ED84DC0D7A}"= UDP:6883:Blizzard Downloader
"{FCB617D5-110A-4960-AF76-505238F17CBF}"= UDP:6884:Blizzard Downloader
"{79A1B4FD-BD78-4E04-8359-D7BFC8577BC7}"= UDP:6885:Blizzard Downloader
"{7C17D73A-B8EE-4EB9-864C-6616131CA4BE}"= UDP:6886:Blizzard Downloader
"{C6BF5745-1DC2-4597-B7B7-A6A2C276406F}"= UDP:6887:Blizzard Downloader
"{0F9D28BF-CBF5-4A6F-9D29-86AF3BECBECB}"= UDP:6888:Blizzard Downloader
"{3DF7F278-3539-4792-BC92-733C3264BD42}"= UDP:6889:Blizzard Downloader
"{CAA20BA1-422C-49B2-8D2A-6C149C378E01}"= UDP:6890:Blizzard Downloader
"{12DACEAA-7E97-4B5B-8288-54CCD1C9BFE5}"= UDP:6891:Blizzard Downloader
"{DE74D82B-DDC4-4D2B-BCA2-8EDF7945EEB7}"= UDP:6892:Blizzard Downloader
"{E62F4DE1-BD5C-4CC1-B6BA-66006A0F41BF}"= UDP:6999:Blizzard Downloader
"{ECBB268B-DCA7-4972-BC3C-322C175BE352}"= UDP:6895:Blizzard Downloader
"{0761D84B-E4D0-47AA-BCFD-24148F0F6EC9}"= UDP:6900:Blizzard Downloader
"{EE81EF61-5195-4085-B0CC-E07049116313}"= UDP:6911:Blizzard Downloader
"TCP Query User{1E0F8F6B-901D-48BA-B6AF-E973878B8BB1}c:\\program files\\turbine\\asheron's call - throne of destiny\\aclauncher.exe"= UDP:c:\program files\turbine\asheron's call - throne of destiny\aclauncher.exe:AC Launcher
"UDP Query User{F0465242-3019-4D08-B03E-F060D9D80DB3}c:\\program files\\turbine\\asheron's call - throne of destiny\\aclauncher.exe"= TCP:c:\program files\turbine\asheron's call - throne of destiny\aclauncher.exe:AC Launcher
"TCP Query User{9830F0B9-2BA2-4390-A7F6-3692242D0179}c:\\program files\\turbine\\asheron's call - throne of destiny\\acclient.exe"= UDP:c:\program files\turbine\asheron's call - throne of destiny\acclient.exe:acclient
"UDP Query User{05C538AD-8558-46F0-8739-C40117D5AC52}c:\\program files\\turbine\\asheron's call - throne of destiny\\acclient.exe"= TCP:c:\program files\turbine\asheron's call - throne of destiny\acclient.exe:acclient
"TCP Query User{35768FD3-CEF5-44AA-BEEF-DC7A264F5F38}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{1F6CC45D-26D9-485C-9F52-1FF568584B3B}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{6A4918ED-3B08-49A4-A820-C98B297972BB}c:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= UDP:c:\program files\ea games\battlefield vietnam\bfvietnam.exe:bfvietnam
"UDP Query User{A1C43DC4-4A69-4A1C-BA97-EFDA90F62703}c:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= TCP:c:\program files\ea games\battlefield vietnam\bfvietnam.exe:bfvietnam
"{2186CEC6-67AF-4996-81D6-BBEB08EDE0CC}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{362033F6-664A-4C8E-B57B-29D151C0674D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{B63151AA-36CF-4BE0-B9C0-8F3E1369C525}c:\\program files\\turbine\\asheron's call - throne of destiny\\aclauncher.exe"= UDP:c:\program files\turbine\asheron's call - throne of destiny\aclauncher.exe:AC Launcher
"UDP Query User{51141AD7-8126-4E9A-A1F0-ED1EADC71511}c:\\program files\\turbine\\asheron's call - throne of destiny\\aclauncher.exe"= TCP:c:\program files\turbine\asheron's call - throne of destiny\aclauncher.exe:AC Launcher
"TCP Query User{EF706AF2-B85E-455D-A35E-DC394BB14EAB}c:\\program files\\turbine\\asheron's call - throne of destiny\\acclient.exe"= UDP:c:\program files\turbine\asheron's call - throne of destiny\acclient.exe:acclient
"UDP Query User{53F0AC8D-385F-4B9B-91EB-C74C2D510049}c:\\program files\\turbine\\asheron's call - throne of destiny\\acclient.exe"= TCP:c:\program files\turbine\asheron's call - throne of destiny\acclient.exe:acclient
"TCP Query User{DD2D44E1-2D63-4C50-B923-17703FE86DC6}c:\\program files\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader
"UDP Query User{864245DE-2046-4FAF-BF77-9EB164EDA8DF}c:\\program files\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader
"TCP Query User{8D66B119-89C1-4E9E-961C-2024961AD054}c:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= UDP:c:\program files\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader
"UDP Query User{FBEEF2F0-CE4F-4D00-A40D-426044A40AD2}c:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= TCP:c:\program files\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader
"{5133EC71-6F2D-4E43-8B6D-70F251B2685C}"= UDP:c:\program files\World of Warcraft\WoW-2.3.0-enUS-downloader.exe:Blizzard Downloader
"{D1432487-78A6-4597-81C0-0F3C0B570BC6}"= TCP:c:\program files\World of Warcraft\WoW-2.3.0-enUS-downloader.exe:Blizzard Downloader
"{65D6F6B1-B5B5-49CA-A2B1-6266B2961CF0}"= UDP:3724:Blizzard Downloader: 3724
"{C6A81E91-151A-4376-A7A9-20AC8DF6398C}"= UDP:c:\program files\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{FF6C66F1-27D0-4D0D-A808-9BC0EAA91527}"= TCP:c:\program files\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{157B213E-2860-4C27-BDC3-91FBA6B9E7EB}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{A41C74E1-495C-43D0-96BF-1C140B1AB55B}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{4C80533F-04EC-45EF-8602-6450BB32DBF9}c:\\program files\\mozilla firefox\\firefox.exe"= Disabled:UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{B11AB2D7-3C66-4A85-ADBE-F5ADFF5C0853}c:\\program files\\mozilla firefox\\firefox.exe"= Disabled:TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= c:\toshiba\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\toshiba\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\System32\drivers\sfsync03.sys [2006-07-10 42392]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-03-02 1153368]
S3 pelmouse;Mouse Suite Driver;c:\windows\System32\drivers\PELMOUSE.SYS [2007-07-19 16384]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\System32\drivers\PELUSBlf.SYS [2007-07-19 12288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
2009-03-04 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe [2008-04-01 14:10]
2009-03-04 c:\windows\Tasks\RegPowerClean.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2008-10-28 14:48]
2009-03-04 c:\windows\Tasks\RPCReminder.job
- c:\program files\Winferno\RegistryPowerCleaner\RPCReminder.exe [2008-10-28 14:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\h5jijifk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://my.freeze.com/?AcquisitionID=27d7ff22-f03a-430d-9578-017bf79ae384&s=&ipc=&vintage=20090209
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\h5jijifk.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-05 19:39:44
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-03-05 19:41:55
ComboFix-quarantined-files.txt 2009-03-06 03:41:52
ComboFix2.txt 2009-03-04 23:17:22
Pre-Run: 36,793,716,736 bytes free
Post-Run: 36,345,901,056 bytes free
1617 --- E O F --- 2009-03-06 00:00:32
zuxtobeme
2009-03-06, 23:57
hope that works for you.
Hi
Delete C:\Users\Mike\Downloads\AV2009Install_880167.exe file and post a fresh dds.txt log. How's the system running?
zuxtobeme
2009-03-07, 04:47
good, I am still concerned with a few desktop items that showed up randomly..
one by the name of Winferno software, another by the name of PC Confidential
also another item that shares the same icon as PC Confidential that is named Check PC for Errors.
and the last one is just called Shredder. ive noticed when I go to empty recycle bin. there is an option to shred items with PC Confidential. all these things are things that just showed up and was not installed by me.
also my homepage on my internet is still that freeze.com when default is set to yahoo.com
thank you for all your help on these issues.
zuxtobeme
2009-03-07, 04:50
here is the new log
DDS (Ver_09-02-01.01) - NTFSx86
Run by Mike at 19:44:32.88 on Fri 03/06/2009
Internet Explorer: 7.0.6000.16809 BrowserJavaVersion: 1.6.0_12
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1406.827 [GMT -8:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\System32\ico.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mike\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PCCBHO.CPCCBHO: {22fc6ce8-7d47-479f-b74a-bfbb04adb9af} - c:\program files\winferno\pc confidential\PCCBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - c:\program files\winferno\pc confidential\PCConfidential.exe
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA} - c:\program files\winferno\pc confidential\PCConfidential.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
================= FIREFOX ===================
FF - ProfilePath - c:\users\mike\appdata\roaming\mozilla\firefox\profiles\h5jijifk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://my.freeze.com/?AcquisitionID=27d7ff22-f03a-430d-9578-017bf79ae384&s=&ipc=&vintage=20090209
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - plugin: c:\program files\mozilla firefox\plugins\NPMyWebS.dll
FF - plugin: c:\users\mike\appdata\roaming\mozilla\firefox\profiles\h5jijifk.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
============= SERVICES / DRIVERS ===============
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2006-7-10 42392]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-3-2 1153368]
S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2007-7-19 16384]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\PELUSBlf.SYS [2007-7-19 12288]
=============== Created Last 30 ================
2009-03-05 20:09 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-05 19:53 <DIR> --d----- c:\programdata\Adobe
2009-03-04 15:03 161,792 a------- c:\windows\SWREG.exe
2009-03-04 15:03 98,816 a------- c:\windows\sed.exe
2009-03-02 11:12 <DIR> --d----- c:\program files\Trend Micro
2009-03-02 10:49 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-03-02 10:49 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-02 10:49 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-02-28 20:31 <DIR> --d----- c:\programdata\Winferno
2009-02-28 15:35 <DIR> --d----- c:\program files\Freeze.com
2009-02-28 15:34 <DIR> --d----- c:\program files\Free Offers from Freeze.com
2009-02-28 15:34 <DIR> --d----- c:\users\mike\appdata\roaming\MailWasherPro
2009-02-28 15:34 <DIR> --d----- c:\program files\FireTrust
2009-02-28 15:33 <DIR> --d----- c:\program files\common files\Winferno
2009-02-28 15:33 212,240 a------- c:\windows\system32\Richtx32.ocx
2009-02-28 15:33 495,616 a------- c:\windows\system32\WINUTIL5.DLL
2009-02-28 15:33 393,216 a------- c:\windows\system32\WINLCTL5.DLL
2009-02-28 15:33 835,584 a------- c:\windows\system32\WINCTL4.OCX
2009-02-28 15:33 <DIR> --d----- c:\program files\Winferno
2009-02-23 19:27 <DIR> --d----- c:\programdata\Yahoo! Companion
==================== Find3M ====================
2009-02-11 10:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 10:19 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-14 20:16 826,368 a------- c:\windows\system32\wininet.dll
2009-01-14 20:16 56,320 a------- c:\windows\system32\iesetup.dll
2009-01-14 20:16 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-01-14 20:15 26,624 a------- c:\windows\system32\ieUnatt.exe
2008-12-11 03:14 174 a--sh--- c:\program files\desktop.ini
2008-08-05 14:29 86,016 a------- c:\windows\inf\infstrng.dat
2008-08-05 14:29 51,200 a------- c:\windows\inf\infpub.dat
2008-08-05 14:29 86,016 a------- c:\windows\inf\infstor.dat
2008-06-11 02:09 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-30 20:45 262,144 a------- c:\progra~2\ntuser.dat
2006-11-02 04:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 04:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 04:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 04:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-08-31 14:24 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2007-08-31 14:24 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2007-08-31 14:24 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
============= FINISH: 19:44:58.97 ===============
Hi
You can uninstall PC Confidential 2008 and My.Freeze.com Toolbar and after that manually change homepage back to original one.
You might want to ask your sister if she has installed those programs there.
Post a fresh dds.txt log after taking action above and let me know if it helped.
zuxtobeme
2009-03-07, 17:39
she said she did not install them. but she is prolly just saying that so I dont get mad. haha
anyway here is the new dds logg
DDS (Ver_09-02-01.01) - NTFSx86
Run by Mike at 8:32:36.13 on Sat 03/07/2009
Internet Explorer: 7.0.6000.16809 BrowserJavaVersion: 1.6.0_12
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1406.864 [GMT -8:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Windows\System32\ico.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mike\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
================= FIREFOX ===================
FF - ProfilePath - c:\users\mike\appdata\roaming\mozilla\firefox\profiles\h5jijifk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - plugin: c:\program files\mozilla firefox\plugins\NPMyWebS.dll
FF - plugin: c:\users\mike\appdata\roaming\mozilla\firefox\profiles\h5jijifk.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
============= SERVICES / DRIVERS ===============
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2006-7-10 42392]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-3-2 1153368]
S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2007-7-19 16384]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\PELUSBlf.SYS [2007-7-19 12288]
=============== Created Last 30 ================
2009-03-05 20:09 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-05 19:53 <DIR> --d----- c:\programdata\Adobe
2009-03-04 15:03 161,792 a------- c:\windows\SWREG.exe
2009-03-04 15:03 98,816 a------- c:\windows\sed.exe
2009-03-02 11:12 <DIR> --d----- c:\program files\Trend Micro
2009-03-02 10:49 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-03-02 10:49 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-02 10:49 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-02-28 20:31 <DIR> --d----- c:\programdata\Winferno
2009-02-28 15:34 <DIR> --d----- c:\users\mike\appdata\roaming\MailWasherPro
2009-02-28 15:33 212,240 a------- c:\windows\system32\Richtx32.ocx
2009-02-23 19:27 <DIR> --d----- c:\programdata\Yahoo! Companion
==================== Find3M ====================
2009-02-11 10:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 10:19 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-14 20:16 826,368 a------- c:\windows\system32\wininet.dll
2009-01-14 20:16 56,320 a------- c:\windows\system32\iesetup.dll
2009-01-14 20:16 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-01-14 20:15 26,624 a------- c:\windows\system32\ieUnatt.exe
2008-12-11 03:14 174 a--sh--- c:\program files\desktop.ini
2008-08-05 14:29 86,016 a------- c:\windows\inf\infstrng.dat
2008-08-05 14:29 51,200 a------- c:\windows\inf\infpub.dat
2008-08-05 14:29 86,016 a------- c:\windows\inf\infstor.dat
2008-06-11 02:09 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-30 20:45 262,144 a------- c:\progra~2\ntuser.dat
2006-11-02 04:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 04:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 04:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 04:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-08-31 14:24 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2007-08-31 14:24 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2007-08-31 14:24 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
============= FINISH: 8:33:03.84 ===============
zuxtobeme
2009-03-07, 17:41
also do you reconmend any free antivirus, or 3rd party firewalls that will work with my system, I just currently use the microsoft apps. like windows defender etc.
Hi
Delete c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll file. Assuming that your system is now running properly we can remove used tools :)
Now lets uninstall ComboFix:
Click START then RUN (if command is not visible press Window button + R)
Now type Combofix /u in the runbox and click OK
Delete dds.scr file and related logs too.
also do you reconmend any free antivirus, or 3rd party firewalls that will work with my system
Good free antivirus programs are:
Antivir (http://free-av.com/en/download/1/download_avira_antivir_personal__free_antivirus.html)
Avast! (http://www.avast.com/eng/download-avast-home.html) and
AVG Free Antivirus (http://free.grisoft.com/ww.download-avg-anti-virus-free-edition)
For firewall I recommend either Online Armor Free (http://www.tallemu.com/free-firewall-protection-software.html) or Comodo Firewall Pro (http://www.personalfirewall.comodo.com/download_firewall.html#fw3.0) (If you choose Comodo: Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and install firewall ONLY!).
zuxtobeme
2009-03-08, 19:18
thank you for all your help, I got antivir and commodo installed now. and everything looks good!
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.