Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Java/Byte Verify + Possible Other Infections [RESOLVED]

Started by Lauren C. , Jul 17 2008 10:01 AM

  • This topic is locked This topic is locked

#1
Lauren C.
Posted 17 July 2008 - 10:01 AM

Lauren C.

    Member

  • Member
  • PipPip
  • 18 posts
Hello. My AVG Free found several threats which I wrote down as Java/Byte Verify. I ran AVG Free and Ad-Aware until they stopped finding anything. I then found your site and ran the suggested programs:

ATF Cleaner
Malawarebyte's Anti-Malware (log below)
Super AntiSpyware (log below)
Panda ActiveScan (log below)
Hijack This (log below)

I am not sure if my computer still has viruses or not, I was worried because each scan I ran seemed to find something new.

Thanks you very much,
Lauren C.


Malwarebytes' Anti-Malware 1.20
Database version: 942
Windows 5.1.2600 Service Pack 2

12:59:55 PM 7/12/2008
mbam-log-7-12-2008 (12-59-55).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 169448
Time elapsed: 45 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\netquartz ez-platform 2\ez-pad\ide21201.vxd (Adware.Winad) -> Quarantined and deleted successfully.




SUPERAntiSpyware Scan Log
Generated 07/14/2008 at 11:50 AM

Application Version : 3.6.1000

Core Rules Database Version : 3503
Trace Rules Database Version: 1494

Scan type : Complete Scan
Total Scan Time : 00:51:40

Memory items scanned : 375
Memory threats detected : 0
Registry items scanned : 8321
Registry threats detected : 0
File items scanned : 71998
File threats detected : 22

Adware.Tracking Cookie
C:\Documents and Settings\Clark\Cookies\clark@atwola[1].txt
C:\Documents and Settings\Clark\Cookies\clark@realmedia[1].txt
C:\Documents and Settings\Clark\Cookies\clark@collective-media[2].txt
C:\Documents and Settings\Clark\Cookies\clark@adinterax[2].txt
C:\Documents and Settings\Clark\Cookies\[email protected][1].txt
C:\Documents and Settings\Clark\Cookies\clark@crackle[2].txt
C:\Documents and Settings\Clark\Cookies\clark@revsci[1].txt
C:\Documents and Settings\Clark\Cookies\[email protected][2].txt
C:\Documents and Settings\Clark\Cookies\[email protected][2].txt
C:\Documents and Settings\Clark\Cookies\clark@adserver[1].txt
C:\Documents and Settings\Clark\Cookies\[email protected][2].txt
C:\Documents and Settings\Clark\Cookies\clark@adbrite[2].txt
C:\Documents and Settings\Clark\Cookies\clark@tacoda[2].txt
C:\Deckard\System Scanner\20080711181723\backup\DOCUME~1\Clark\LOCALS~1\Temp\Cookies\[email protected][2].txt
C:\Deckard\System Scanner\20080711181723\backup\DOCUME~1\Clark\LOCALS~1\Temp\Cookies\[email protected][1].txt
C:\Deckard\System Scanner\20080711181723\backup\DOCUME~1\Clark\LOCALS~1\Temp\Cookies\clark@atwola[1].txt
C:\Deckard\System Scanner\20080711181723\backup\DOCUME~1\Clark\LOCALS~1\Temp\Cookies\[email protected][1].txt
C:\Deckard\System Scanner\20080711181723\backup\DOCUME~1\Clark\LOCALS~1\Temp\Cookies\clark@revsci[2].txt
C:\Deckard\System Scanner\20080711181723\backup\DOCUME~1\Clark\LOCALS~1\Temp\Cookies\clark@tacoda[1].txt

Adware.IWinGames
C:\PROGRAM FILES\EXPLORETITANIC\IWINGAMESHOOKIE.DLL
C:\PROGRAM FILES\IWIN GAMES\IWINGAMESHOOKIE.DLL

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\MCRH.TMP





;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-07-16 21:06:30
PROTECTIONS: 1
MALWARE: 11
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
AVG 7.5.516 7.5.516 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00034347 dialer.su Dialers No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\switch
00101555 Application/KillApp.B HackTools No 0 Yes No C:\hp\bin\KillIt.exe
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Clark\Cookies\[email protected][2].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Clark\Cookies\[email protected][2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Clark\Cookies\clark@realmedia[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Clark\Cookies\clark@atwola[1].txt
00521370 Spyware/Iehelp Spyware No 1 No No C:\Documents and Settings\Clark\Desktop\SOFTWARE\Games\hidden-expedition-titanic-setup.exe[iWinGamesHookIE.dll]
00521370 Spyware/Iehelp Spyware No 1 Yes No C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP266\A0079640.dll
00521370 Spyware/Iehelp Spyware No 1 No No C:\Documents and Settings\Clark\Desktop\SOFTWARE\Games\magic-academy-setup.exe[iWinGamesHookIE.dll]
00521370 Spyware/Iehelp Spyware No 1 Yes No C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP266\A0079639.dll
00521370 Spyware/Iehelp Spyware No 1 No No C:\Documents and Settings\Clark\Desktop\SOFTWARE\Games\mystery-case-files-ravenhearst-setup.exe[iWinGamesHookIE.dll]
01662104 W32/Sdbot.LBC.worm Virus/Worm No 1 Yes No C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\ac.ifn
02893773 Spyware/Iehelp Spyware No 1 Yes No C:\Program Files\iWin Games\AdminWorker.exe
02893775 Spyware/Iehelp Spyware No 1 No No C:\Documents and Settings\Clark\Desktop\SOFTWARE\Games\hidden-expedition-titanic-setup.exe[iWinArcadeLauncher.exe]
02893775 Spyware/Iehelp Spyware No 1 Yes No C:\Program Files\iWin Games\firefox\iWinArcadeLauncher.exe
02893775 Spyware/Iehelp Spyware No 1 Yes No C:\Program Files\ExploreTitanic\firefox\iWinArcadeLauncher.exe
02893775 Spyware/Iehelp Spyware No 1 No No C:\Documents and Settings\Clark\Desktop\SOFTWARE\Games\magic-academy-setup.exe[iWinArcadeLauncher.exe]
02893775 Spyware/Iehelp Spyware No 1 No No C:\Documents and Settings\Clark\Desktop\SOFTWARE\Games\mystery-case-files-ravenhearst-setup.exe[iWinArcadeLauncher.exe]
02990320 Application/BoontyGames HackTools No 0 Yes No C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location i
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description i
;===============================================================================
=================================================================================
===================
182048 HIGH MS07-069 i
176382 HIGH MS07-057 i
170906 HIGH MS07-045 i
170904 HIGH MS07-043 i
164913 HIGH MS07-033 i
160623 HIGH MS07-027 i
150253 HIGH MS07-016 i
141030 HIGH MS06-072 i
137568 HIGH MS06-067 i
126083 HIGH MS06-042 i
120815 HIGH MS06-022 i
120814 HIGH MS06-021 i
114664 HIGH MS06-013 i
;===============================================================================
=================================================================================
===================




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:29 AM, on 7/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Clark\Desktop\SOFTWARE\Virus REmoval STuff\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpeechExec Startup] C:\Program Files\Common Files\Philips Speech Shared\Components\PSP.SpeechExec.StartupApp.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE /FU "C:\WINDOWS\TEMP\E_SA6.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://www.ritzpix.c...PUploader45.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.clarkcolo...larkActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.corddigit...ploadClient.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

--
End of file - 7270 bytes
  • 0

Advertisements

#2
greyknight17
Posted 17 July 2008 - 10:27 AM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

You might want to uninstall those iWin games as it seems to contain spyware/adware software in them.

Download OTMoveIt2 at http://download.blee...r/OTMoveIt2.exe
* Save it to your desktop.
* Double-click OTMoveIt2.exe to run it. (Vista users, right click on OTMoveIt2.exe and select Run as an Administrator).
* Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

hkey_local_machine\software\microsoft\windows\currentversion\uninstall\switch
C:\Documents and Settings\Clark\Desktop\SOFTWARE\Games\hidden-expedition-titanic-setup.exe
C:\Program Files\iWin.com
C:\Program Files\iWin Games
C:\Program Files\ExploreTitanic
C:\Documents and Settings\Clark\Desktop\SOFTWARE\Games\magic-academy-setup.exe
C:\Documents and Settings\Clark\Desktop\SOFTWARE\Games\mystery-case-files-ravenhearst-setup.exe

* Return to OTMoveIt2. Right click in the Paste List of Files/Folders to Move window (under the Yellow bar) and choose Paste.
* Click the red Moveit! button.
* A log of files and folders moved will be created in the C:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
* Close OTMoveIt2.

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Go to http://www.java.com/.../5000020300.xml and see how to clear your Java cache or follow the instructions below:

Go into the Control Panel and double-click the Java icon (looks like a coffee cup).

- Under Temporary Internet Files, click the Delete Files button.
- There are three options in the window to clear the cache - Leave ALL 3 Checked
- Downloaded Applets
- Downloaded Applications
- Other Files
- Click OK on Delete Temporary Files window (Note: This deletes ALL the Downloaded Java Applications and Applets from the CACHE.)
- Click OK to leave the Java Control Panel.

Go to http://www.bleepingc...to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.
  • 0

#3
Lauren C.
Posted 17 July 2008 - 02:00 PM

Lauren C.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Thank you for such a quick response. I really appreciate this site!

I used Add/Remove Programs to uninstall the iwin games.

I ran the MoveIt program, see log below.

I cleared the Java Cache using your directions.

I ran Combofix and the log is attached. I wasn't sure I did the combofix/recovery thing right however, but the program did run and produce a log, so I hope that is correct.

Thank you very much for your assistance.

Lauren C.

< hkey_local_machine\software\microsoft\windows\currentversion\uninstall\switch >
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\switch\\ deleted successfully.
C:\Documents and Settings\Clark\Desktop\SOFTWARE\Games\hidden-expedition-titanic-setup.exe moved successfully.
C:\Program Files\iWin.com\The Scruffs\lang moved successfully.
C:\Program Files\iWin.com\The Scruffs\gamepage\images\product moved successfully.
C:\Program Files\iWin.com\The Scruffs\gamepage\images moved successfully.
C:\Program Files\iWin.com\The Scruffs\gamepage\css moved successfully.
C:\Program Files\iWin.com\The Scruffs\gamepage moved successfully.
C:\Program Files\iWin.com\The Scruffs\data moved successfully.
C:\Program Files\iWin.com\The Scruffs moved successfully.
C:\Program Files\iWin.com\Pirateville moved successfully.
C:\Program Files\iWin.com\Hidden Relics moved successfully.
C:\Program Files\iWin.com\Heroes of Hellas\lang_data\english\graphics\w moved successfully.
C:\Program Files\iWin.com\Heroes of Hellas\lang_data\english\graphics\myths moved successfully.
C:\Program Files\iWin.com\Heroes of Hellas\lang_data\english\graphics\logo moved successfully.
C:\Program Files\iWin.com\Heroes of Hellas\lang_data\english\graphics\fonts moved successfully.
C:\Program Files\iWin.com\Heroes of Hellas\lang_data\english\graphics\comics moved successfully.
C:\Program Files\iWin.com\Heroes of Hellas\lang_data\english\graphics moved successfully.
C:\Program Files\iWin.com\Heroes of Hellas\lang_data\english\config\fonts moved successfully.
C:\Program Files\iWin.com\Heroes of Hellas\lang_data\english\config moved successfully.
C:\Program Files\iWin.com\Heroes of Hellas\lang_data\english moved successfully.
C:\Program Files\iWin.com\Heroes of Hellas\lang_data moved successfully.
C:\Program Files\iWin.com\Heroes of Hellas\gamepage\images\product moved successfully.
C:\Program Files\iWin.com\Heroes of Hellas\gamepage\images moved successfully.
C:\Program Files\iWin.com\Heroes of Hellas\gamepage\css moved successfully.
C:\Program Files\iWin.com\Heroes of Hellas\gamepage moved successfully.
C:\Program Files\iWin.com\Heroes of Hellas\data\sounds moved successfully.
C:\Program Files\iWin.com\Heroes of Hellas\data\ps moved successfully.
C:\Program Files\iWin.com\Heroes of Hellas\data\graphics\trophies moved successfully.
C:\Program Files\iWin.com\Heroes of Hellas\data\graphics\mosaic moved successfully.
C:\Program Files\iWin.com\Heroes of Hellas\data\graphics\heroes moved successfully.
C:\Program Files\iWin.com\Heroes of Hellas\data\graphics\castle moved successfully.
C:\Program Files\iWin.com\Heroes of Hellas\data\graphics\back moved successfully.
C:\Program Files\iWin.com\Heroes of Hellas\data\graphics moved successfully.
C:\Program Files\iWin.com\Heroes of Hellas\data\config\sprites moved successfully.
C:\Program Files\iWin.com\Heroes of Hellas\data\config\levels moved successfully.
C:\Program Files\iWin.com\Heroes of Hellas\data\config\gamedata moved successfully.
C:\Program Files\iWin.com\Heroes of Hellas\data\config\fx moved successfully.
C:\Program Files\iWin.com\Heroes of Hellas\data\config moved successfully.
C:\Program Files\iWin.com\Heroes of Hellas\data moved successfully.
C:\Program Files\iWin.com\Heroes of Hellas moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\players moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\media\wordlists moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\media\properties\minigames moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\media\properties moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\media\images\tower moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\media\images\misc\titlescreen moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\media\images\misc\loadingscreen moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\media\images\misc\highscorescreen moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\media\images\misc\gamescreen moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\media\images\misc\gameoverview moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\media\images\misc moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\media\images\minigames\wordlink moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\media\images\minigames\vowelmatch moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\media\images\minigames\typewriter moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\media\images\minigames\slotmachine moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\media\images\minigames\orderorder moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\media\images\minigames\lettermutant moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\media\images\minigames\lettermemory moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\media\images\minigames\findtheword moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\media\images\minigames\crosswords moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\media\images\minigames\crackthecode moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\media\images\minigames\changeisgood moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\media\images\minigames\ceasargame moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\media\images\minigames\atobe moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\media\images\minigames moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\media\images\minigameobjects moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\media\images\gui\tempdialog moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\media\images\gui\highscorescreen moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\media\images\gui\buttons moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\media\images\gui moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\media\images\backgrounds moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\media\images moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\media\fonts moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\media\audio\sounds moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\media\audio\music moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\media\audio\effects moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\media\audio moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\media moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\log moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\gamepage\images\product moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\gamepage\images moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\gamepage\css moved successfully.
C:\Program Files\iWin.com\Babel Deluxe\gamepage moved successfully.
C:\Program Files\iWin.com\Babel Deluxe moved successfully.
C:\Program Files\iWin.com\Are You Smarter Than A 5th Grader moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Sound\VO moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Sound\SFX moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Sound\Music moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Sound\Interface moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Sound moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\wargrave moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\unknown moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\trogers moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\raven02 moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\raven moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\narracott moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\marston moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\mackenzie moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\lombard moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\gull moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\goat02 moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\goat moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\erogers moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\claythorne moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\chickenwhite moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\chicken02 moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\chicken moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\brent moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\blore moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People\armstrong moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\People moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Windingpath\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Windingpath\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Windingpath\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Windingpath moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Westbalcony\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Westbalcony\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Westbalcony\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Westbalcony moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Wargravesroom\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Wargravesroom\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Wargravesroom\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Wargravesroom moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Wararmbath\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Wararmbath\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Wararmbath\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Wararmbath\Act05a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Wararmbath\Act04b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Wararmbath\Act01b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Wararmbath moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Verasroom\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Verasroom\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Verasroom\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Verasroom\Act10a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Verasroom\Act08a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Verasroom\Act04c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Verasroom\Act01b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Verasroom moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Upstairsbalcony\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Upstairsbalcony\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Upstairsbalcony\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Upstairsbalcony\Act10a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Upstairsbalcony\Act09a\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Upstairsbalcony\Act09a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Upstairsbalcony\Act08a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Upstairsbalcony\Act07b\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Upstairsbalcony\Act07b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Upstairsbalcony\Act06c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Upstairsbalcony\Act06b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Upstairsbalcony\Act05a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Upstairsbalcony\Act04c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Upstairsbalcony\Act02a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Upstairsbalcony\Act01d moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Upstairsbalcony\Act01b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Upstairsbalcony moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Undergroundpassage\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Undergroundpassage\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Undergroundpassage\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Undergroundpassage moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Storeroom\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Storeroom\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Storeroom moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Shiprock\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Shiprock\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Shiprock\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Shiprock\Act05a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Shiprock\Act03a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Shiprock moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Shed\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Shed\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Shed\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Shed\Act06c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Shed\Act05a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Shed\Act04d moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Shed\Act03a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Shed moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Servantsq\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Servantsq\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Servantsq\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Servantsq\Act04b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Servantsq\Act01d moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Servantsq moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Secludedbeach\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Secludedbeach\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Secludedbeach\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Secludedbeach\Act08a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Secludedbeach\Act03a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Secludedbeach moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Screeningroom\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Screeningroom\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Screeningroom\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Screeningroom\Act08a\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Screeningroom\Act08a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Screeningroom\Act04b\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Screeningroom\Act04b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Screeningroom moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Sandypath\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Sandypath\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Sandypath\Act06c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Sandypath moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Saferoom\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Saferoom\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Saferoom\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Saferoom moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Ruinedvillageb\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Ruinedvillageb\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Ruinedvillageb\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Ruinedvillageb moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Ruinedvillagea\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Ruinedvillagea\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Ruinedvillagea\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Ruinedvillagea moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Protectedcove\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Protectedcove\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Protectedcove\Base\Animations moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Protectedcove\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Protectedcove moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Parlor\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Parlor\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Parlor\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Parlor\Act07a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Parlor\Act06a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Parlor\Act05c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Parlor\Act04b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Parlor\Act03a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Parlor\Act01e\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Parlor\Act01e moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Parlor\Act01d moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Parlor\Act01b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Parlor moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Orchard\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Orchard\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Orchard\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Orchard\act06c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Orchard moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Marstonsroom\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Marstonsroom\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Marstonsroom\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Marstonsroom\Act04c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Marstonsroom\Act02a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Marstonsroom moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Marmacbath\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Marmacbath\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Marmacbath\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Marmacbath\Act04c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Marmacbath\Act02a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Marmacbath\Act01b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Marmacbath moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mainstair\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mainstair\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mainstair\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mainstair\Act10b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mainstair\Act06b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mainstair\Act03a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mainstair\Act01b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mainstair moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mainmenu\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mainmenu\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mainmenu moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mackenziesroom\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mackenziesroom\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mackenziesroom\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mackenziesroom\Act04c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mackenziesroom\Act04b\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mackenziesroom\Act04b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mackenziesroom\Act02a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Mackenziesroom moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Lombardsroom\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Lombardsroom\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Lombardsroom\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Lombardsroom\Act06a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Lombardsroom\Act02a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Lombardsroom\Act01b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Lombardsroom moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Linenhall\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Linenhall\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Linenhall\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Linenhall\Act04c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Linenhall\Act02a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Linenhall\Act01b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Linenhall moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Library\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Library\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Library\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Library\Act05c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Library moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Kitchen\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Kitchen\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Kitchen\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Kitchen\Act04b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Kitchen\Act04a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Kitchen\Act03a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Kitchen\Act02b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Kitchen\Act01c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Kitchen\Act01b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Kitchen moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Jetty\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Jetty\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Jetty\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Jetty moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Grotto\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Grotto\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Grotto\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Grotto moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Goatpen\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Goatpen\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Goatpen\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Goatpen moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Garden\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Garden\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Garden\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Garden\Act06c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Garden\Act05c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Garden\Act04d moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Garden\Act01b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Garden moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Gameroom\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Gameroom\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Gameroom\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Gameroom\Act10b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Gameroom\Act06a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Gameroom\Act05a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Gameroom\Act04b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Gameroom\Act03a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Gameroom\Act01d moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Gameroom\Act01b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Gameroom moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontentry\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontentry\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontentry\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontentry\Act06c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontentry\Act05c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontentry\Act05b\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontentry\Act05b\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontentry\Act05b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontentry\Act05a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontentry\Act04d\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontentry\Act04d moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontentry\Act03a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontentry\Act01a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontentry moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontbalcony\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontbalcony\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontbalcony\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontbalcony\Act05c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Frontbalcony moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Entryway\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Entryway\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Entryway\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Entryway\Act10b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Entryway\Act08a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Entryway\Act07b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Entryway\Act06c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Entryway\Act06b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Entryway\Act05a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Entryway\Act04b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Entryway\Act02b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Entryway\Act01d moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Entryway\Act01c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Entryway\Act01b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Entryway moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Emiverbath\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Emiverbath\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Emiverbath\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Emiverbath\Act09a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Emiverbath moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Emilysroom\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Emilysroom\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Emilysroom\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Emilysroom\Act02a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Emilysroom\Act01b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Emilysroom moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastporch\Base\cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastporch\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastporch\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastporch\Act08a\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastporch\Act08a\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastporch\Act08a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastporch\Act06c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastporch\Act05a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastporch\Act04d moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastporch\Act01b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastporch moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Easternpaths\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Easternpaths\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Easternpaths\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Easternpaths\Act09a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Easternpaths\Act05a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Easternpaths moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastbalcony\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastbalcony\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastbalcony\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastbalcony\Act09a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastbalcony\Act08a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastbalcony\Act07b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastbalcony\Act06a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastbalcony\Act04c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Eastbalcony moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Diningroom\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Diningroom\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Diningroom\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Diningroom\Act10b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Diningroom\Act06b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Diningroom\Act04c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Diningroom\Act04b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Diningroom\Act04a\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Diningroom\Act04a\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Diningroom\Act04a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Diningroom\Act03a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Diningroom\Act02b\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Diningroom\Act02b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Diningroom\Act02a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Diningroom\Act01b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Diningroom moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Cliffpath\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Cliffpath\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Cliffpath\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Cliffpath\Act03a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Cliffpath\Act01a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Cliffpath moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Bloresroom\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Bloresroom\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Bloresroom\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Bloresroom\Act01b\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Bloresroom\Act01b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Bloresroom moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Blolombath\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Blolombath\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Blolombath\Act01b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Blolombath moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Backhall\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Backhall\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Backhall\Act04c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Backhall\Act02a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Backhall moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Armstrongsroom\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Armstrongsroom\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Armstrongsroom\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Armstrongsroom\Act04b\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Armstrongsroom\Act04b\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Armstrongsroom\Act04b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Armstrongsroom\Act02a moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Armstrongsroom\Act01b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Armstrongsroom moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Apiarypath\Base\Cutouts moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Apiarypath\Base\Backgrounds moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Apiarypath\Base moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Apiarypath\Act06c moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Apiarypath\Act05b moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then There Were None\Locations\Apiarypath moved successfully.
C:\Program Files\iWin.com\Agatha Christie-And Then Th
  • 0

#4
greyknight17
Posted 17 July 2008 - 02:37 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Go to C:\Combofix\ and copy/paste the Combofix.txt file here. It got cut off at the bottom. No need to repost the MoveIt2 log...looks like it got rid of everything.
  • 0

#5
Lauren C.
Posted 17 July 2008 - 11:03 PM

Lauren C.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Sorry about this, I think this is the complete log.

Lauren

ComboFix 08-07-15.4 - Clark 2008-07-17 15:42:55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1510 [GMT -4:00]
Running from: C:\Documents and Settings\Clark\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\ORUN32.EXE
C:\WINDOWS\system32\cccdd.bak1
C:\WINDOWS\system32\cccdd.bak2
C:\WINDOWS\system32\cccdd.ini
C:\WINDOWS\system32\CMMGR32.EXE
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-06-17 to 2008-07-17 )))))))))))))))))))))))))))))))
.

2008-07-17 15:22 . 2008-07-17 15:22 <DIR> d-------- C:\_OTMoveIt
2008-07-17 13:05 . 2008-07-17 13:05 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-07-17 13:02 . 2008-07-17 13:02 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-17 13:02 . 2008-07-17 13:02 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-17 13:02 . 2008-07-17 13:02 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-17 13:00 . 2008-07-17 13:00 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-17 12:54 . 2008-07-17 12:54 <DIR> d-------- C:\WINDOWS\EHome
2008-07-17 12:12 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-07-16 22:51 . 2008-07-16 22:51 <DIR> d-------- C:\Program Files\AVS4YOU
2008-07-16 19:51 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-16 19:50 . 2008-07-16 19:50 <DIR> d-------- C:\Program Files\Panda Security
2008-07-14 11:03 . 2008-07-14 11:03 0 --a------ C:\Program Files\BOGGLEBOGGLE.EXE
2008-07-14 10:54 . 2008-07-14 10:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-14 10:51 . 2008-07-14 12:07 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-14 10:51 . 2008-07-14 10:51 <DIR> d-------- C:\Documents and Settings\Clark\Application Data\SUPERAntiSpyware.com
2008-07-12 12:01 . 2008-07-12 12:01 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-12 12:01 . 2008-07-12 12:01 <DIR> d-------- C:\Documents and Settings\Clark\Application Data\Malwarebytes
2008-07-12 12:01 . 2008-07-12 12:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-12 12:01 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-12 12:01 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-12 12:00 . 2008-07-12 12:00 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-07-11 17:51 . 2008-07-11 17:51 <DIR> d-------- C:\Deckard
2008-06-26 17:52 . 2008-06-26 17:52 <DIR> d-------- C:\EPSONREG
2008-06-26 17:51 . 2008-06-26 17:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2008-06-26 17:51 . 2008-04-13 14:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-26 17:49 . 2008-06-26 17:49 <DIR> d-------- C:\Documents and Settings\Clark\Application Data\InstallShield
2008-06-26 17:48 . 2008-06-26 17:52 79 --a------ C:\WINDOWS\EPSCX7400.ini
2008-06-20 13:46 . 2008-06-20 13:46 245,248 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 13:46 . 2008-06-20 13:46 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 07:51 . 2008-06-20 07:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 07:40 . 2008-06-20 07:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 07:08 . 2008-06-20 07:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-17 17:03 77,824 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\WinVerifyTrust.dll
2008-07-16 00:57 --------- d-----w C:\Program Files\RunLog
2008-07-15 15:17 --------- d-----w C:\Program Files\World of Warcraft
2008-07-14 15:03 --------- d-----w C:\Program Files\Polaroid Dust and Scratch Removal
2008-07-14 15:03 --------- d-----w C:\Program Files\nancydrewisland
2008-07-14 15:03 --------- d-----w C:\Program Files\IntelliMover Data Transfer Demo
2008-07-14 15:03 --------- d-----w C:\Program Files\Cheetah
2008-07-14 14:51 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-12 17:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-12 17:04 --------- d-----w C:\Program Files\netquartz ez-platform 2
2008-07-12 03:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG7
2008-07-05 19:42 --------- d-----w C:\Program Files\Ventrilo
2008-07-05 19:37 --------- d-----w C:\Documents and Settings\Clark\Application Data\Ventrilo
2008-07-04 00:12 --------- d-----w C:\Documents and Settings\Clark\Application Data\teamspeak2
2008-06-26 21:49 --------- d-----w C:\Program Files\EPSON
2008-06-20 20:49 --------- d-----w C:\Documents and Settings\Clark\Application Data\Skype
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-25 14:57 --------- d-----w C:\Program Files\AOL 9.1
2008-05-20 01:26 6,144 ----a-w C:\WINDOWS\system32\DLPT.SYS
2008-05-20 01:25 --------- d--h--w C:\Documents and Settings\Clark\Application Data\GTek
2008-05-20 01:07 --------- d--ha-w C:\Documents and Settings\All Users\Application Data\GTek
2008-05-20 01:07 --------- d-----w C:\Program Files\Linksys EasyLink Advisor
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 06:44 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-01-28 18:56 7,168 --sha-w C:\Program Files\Thumbs.db
2007-01-15 01:56 270 ----a-w C:\Documents and Settings\Clark\Application Data\wklnhst.dat
2005-07-19 13:20 1,687 ----a-w C:\Program Files\bdata.dat
2005-07-15 14:24 408,054 ----a-w C:\Program Files\new8.bmp
2005-05-08 16:43 167,936 ----a-w C:\Program Files\Ftp Client.exe
2005-05-08 16:21 766 ----a-w C:\Program Files\enabled.ico
2005-01-13 02:25 84 ----a-w C:\Program Files\ReadMe.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"EPSON Stylus CX7400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE" [2007-02-15 06:00 179200]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-07-14 12:07 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 21:53 49152]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 21:42 659456]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-21 01:51 118784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-01-05 09:33 579072]
"SpeechExec Startup"="C:\Program Files\Common Files\Philips Speech Shared\Components\PSP.SpeechExec.StartupApp.exe" [2006-06-14 11:48 16384]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 15:32 2807808 C:\WINDOWS\ALCWZRD.EXE]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 10:24 86016 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 10:03 219136]

C:\Documents and Settings\LogMeInRemoteUser\Start Menu\Programs\Startup\
AutoTBar.exe [2003-10-01 01:30:04 57344]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-07-14 12:07 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-14 12:07 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2006-10-06 19:56 11504 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.pspgru"= pspgru.acm
"msacm.psptrusp"= psptrusp.acm
"pspctrlc"= pspusbct.dll
"msacm.smcelp32"= smcelp32.acm
"msacm.smlpcbb"= smlpcbb.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=C:\WINDOWS\pss\Billminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^j2 DllCmd 4.0.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\j2 DllCmd 4.0.lnk
backup=C:\WINDOWS\pss\j2 DllCmd 4.0.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^j2 Tray Menu 4.0.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\j2 Tray Menu 4.0.lnk
backup=C:\WINDOWS\pss\j2 Tray Menu 4.0.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor.lnk
backup=C:\WINDOWS\pss\Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Clark^Start Menu^Programs^Startup^Dragon NaturallySpeaking.lnk]
path=C:\Documents and Settings\Clark\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk
backup=C:\WINDOWS\pss\Dragon NaturallySpeaking.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Clark^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\Clark\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Clark^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=C:\Documents and Settings\Clark\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup

[HKLM\~\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^EPSON SMART PANEL for Scanner.lnk]
path=C:\DOCUME~1\ALLUSE~1\Start Menu\Programs\Startup\EPSON SMART PANEL for Scanner.lnk
backup=C:\WINDOWS\pss\EPSON SMART PANEL for Scanner.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-01-03 12:15 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2007-10-27 13:44 50528 C:\Program Files\AOL 9.1\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra------ 2006-10-23 08:50 71216 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 17:05 81920 C:\Program Files\DaemonTools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
--a------ 2007-03-15 18:16 454784 C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-05-25 13:16 42032 C:\Program Files\Common Files\AOL\1106174351\EE\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2004-06-04 22:38 286720 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2003-02-11 23:02 61440 C:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
--a------ 2005-12-07 10:26 489472 C:\Program Files\Logitech\Video\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
--a------ 2004-11-01 17:22 262144 C:\WINDOWS\system32\ElkCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
--a------ 2005-12-07 10:33 73728 C:\Program Files\Logitech\Video\InstallHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
--a------ 2006-10-06 19:55 303864 C:\Program Files\LogMeIn\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
--a------ 2004-10-15 00:54 253952 c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-12-09 15:32 225280 C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-10-21 21:58 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2004-04-14 23:43 233472 C:\WINDOWS\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2003-12-18 03:31 118784 C:\WINDOWS\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-08-31 17:40 22879528 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2003-09-29 17:00 155648 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 14:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a------ 2005-01-15 18:29 111840 C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkAndWrite]
--a------ 2007-08-17 23:18 2664448 C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-05-14 11:54 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 11:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USSShReg]
--------- 1997-11-23 05:16 20992 C:\PROGRA~1\PHOTOI~1.2\SSaver\USSSHREG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a------ 2005-09-21 15:32 2807808 C:\WINDOWS\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 23:47 57344 C:\WINDOWS\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL TopSpeedMonitor"=2 (0x2)
"svcWRSSSDK"=3 (0x3)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"iPodService"=3 (0x3)
"AOL ACS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1106174351\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.2.1-patch-enUS-Downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.2.4-to-1.3.0-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.3.1.4297-to-1.4.0-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.4.2.4375-to-1.5.0-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.5.1.4449-to-1.6.0-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.6.0.4500-to-1.6.1-enUS-downloader.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.6.1.4544-to-1.7.0-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.7.1.4695-to-1.8.0-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.9.0-enUS-downloader.exe"=
"C:\\Program Files\\Java\\jre1.5.0_05\\bin\\javaw.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe"=
"C:\\Program Files\\Common Files\\AOL\\1106174351\\EE\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1106174351\\EE\\aim6.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\AOL 9.1\\waol.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2005-10-27 17:39]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\RaInfo.sys [2006-10-06 19:56]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]
R3 NuVision;Hauppauge WinTV USB Pro (NTSC);C:\WINDOWS\system32\DRIVERS\NUVision.sys [2002-04-24 17:01]
S3 IR500;IR500;C:\WINDOWS\system32\DRIVERS\IR500.sys [2002-02-23 17:31]
S3 PortRst;PortRst;C:\WINDOWS\system32\DRIVERS\PortRst.sys [2002-01-16 16:51]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5cacf76-f371-11dc-bc8c-00038a000015}]
\Shell\AutoRun\command - L:\wd_windows_tools\setup.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PS2 - C:\WINDOWS\system32\ps2.exe
MSConfigStartUp-AOL Spyware Protection - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
MSConfigStartUp-ccApp - c:\Program Files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-igndlm - C:\Program Files\Download Manager\DLM.exe
MSConfigStartUp-Internet Optimizer - C:\Program Files\Internet Optimizer\optimize.exe
MSConfigStartUp-iRemotePC - C:\Program Files\iRemotePC\iRemotePC.exe
MSConfigStartUp-IS CfgWiz - c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe
MSConfigStartUp-Media Gateway - C:\Program Files\Media Gateway\MediaGateway.exe
MSConfigStartUp-NAV CfgWiz - c:\Program Files\Norton AntiVirus\CfgWiz.exe
MSConfigStartUp-NvMediaCenter - C:\WINDOWS\system32\NvMcTray.dll
MSConfigStartUp-ProSiteFinder - C:\Program Files\ProSiteFinder\prositefinder.exe
MSConfigStartUp-Pure Networks Port Magic - C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
MSConfigStartUp-salm - c:\program files\180searchassistant\salm.exe
MSConfigStartUp-SSC_UserPrompt - c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
MSConfigStartUp-u5865elc - C:\WINDOWS\system32\u5865elc.exe
MSConfigStartUp-WeatherWatcher - C:\Program Files\Weather Watcher\ww.exe
MSConfigStartUp-Yahoo! Pager - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
MSConfigStartUp-zif - C:\WINDOWS\zif.exe
MSConfigStartUp-Logitech Hardware Abstraction Layer - KHALMNPR.EXE
MSConfigStartUp-VTTimer - VTTimer.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-17 15:45:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-17 15:46:36
ComboFix-quarantined-files.txt 2008-07-17 19:46:21

Pre-Run: 90,641,457,152 bytes free
Post-Run: 90,702,254,080 bytes free

315 --- E O F --- 2008-07-09 14:49:56
  • 0

#6
greyknight17
Posted 18 July 2008 - 03:30 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Go to the Add/Remove Programs and confirm that the following don't exist anymore (uninstall if found):

C:\Program Files\Internet Optimizer\
C:\Program Files\Media Gateway\
C:\Program Files\ProSiteFinder\
c:\program files\180searchassistant\
C:\WINDOWS\system32\u5865elc.exe

Then delete their folders/file if found.

Good job. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.
  • 0

#7
Lauren C.
Posted 19 July 2008 - 12:13 PM

Lauren C.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Greyknight17,

Thank you for your assistance! I really appreciate it. Everything seems fine now. You guys rock.

Lauren C.
  • 0

#8
greyknight17
Posted 19 July 2008 - 01:51 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP