Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware/Trojan Detected [RESOLVED]

Started by heyage13 , Aug 12 2008 03:55 PM

  • This topic is locked This topic is locked

#1
heyage13
Posted 12 August 2008 - 03:55 PM

heyage13

    Member

  • Member
  • PipPipPip
  • 132 posts
My mother was on the computer last night and somehow managed to click on something that she wasnt clearly supposed to. A program downloaded to the pc (phony malware program) and told me to scan, however i didnt use it. Instead i downloaded Malwarebyte's Anti-Malware program. It found a whole bunch of infections and cleared most out, however I am still convinced there are more.

Here is my hijackthis logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:50:04 PM, on 12/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\pqxopune\tuzkjety.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ghylunkv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MonUtilMsg] C:\WINDOWS\system32\fifazmve.exe
O4 - HKCU\..\Run: [DscSet] C:\WINDOWS\system32\ghylunkv.exe
O4 - HKLM\..\Policies\Explorer\Run: [C10Ww0ZgBs] C:\Documents and Settings\All Users\Application Data\pqxopune\tuzkjety.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.liv...es/MSNPUpld.cab
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://algvpn.algon...ries/vpnweb.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimed...upv2.0.0.10.cab?
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D737D70-8235-429C-A5E5-446659C1D9A5}: NameServer = 4.2.2.2,4.2.2.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{2D737D70-8235-429C-A5E5-446659C1D9A5}: NameServer = 4.2.2.2,4.2.2.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{2D737D70-8235-429C-A5E5-446659C1D9A5}: NameServer = 4.2.2.2,4.2.2.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O21 - SSODL: actproc - {29DA52DB-94DA-F364-D0E4-002267342331} - C:\Program Files\pcosmob\actproc.dll
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\HP Game Console\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

--
End of file - 11836 bytes


Hopefully something can be spotted with the help of the logfile.

Thanks very much!
  • 0

Advertisements

#2
SpySentinel
Posted 12 August 2008 - 04:07 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hey heyage13,

Welcome to Geeks to Go! My name is SpySentinel and I will be helping you fix your computer problem.

Take note that I'm still in training, and my posts will have to be checked by an expert. This may cause delays in between my responses, I ask for your patience. Please stick with me until we get your computer cleaned up.

I'm currently analyzing your log now, and I'll post back with a fix ASAP. Thanks for your patience.
  • 0

#3
SpySentinel
Posted 12 August 2008 - 04:17 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
We need to create a Deckard's System Scanner (DSS) Log
Please download Deckard's System Scanner (DSS) from one of the links below and save to your Desktop.

Primary Mirror
Secondary Mirror

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
Note: You must be logged onto an account with administrator privileges when using Deckard's System Scanner.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <-- Will be maximized
    • extra.txt <-- Will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (<Control>+C) and paste (<Control>+V) the contents of main.txt and extra.txt in your next reply.
Note: When running DSS, some firewalls may warn that DSS is trying to access the Internet; especially if you are asked to download the most current version of HijackThis. Please ensure that DSS is given permission to access the internet.
Note: If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.
  • 0

#4
heyage13
Posted 12 August 2008 - 05:22 PM

heyage13

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
Thanks for the help so far.

Here are the contents if main.txt:


Deckard's System Scanner v20071014.68
Run by Some Other Campagna on 2008-08-12 19:17:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-08-12 23:17:39 UTC - RP5 - Deckard's System Scanner Restore Point
2: 2008-08-12 18:09:54 UTC - RP4 - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
1: 2008-08-12 15:57:16 UTC - RP3 - Installed STOPzilla. Available with Windows Installer version 1.2 and later.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Some Other Campagna.exe) ---------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:38 PM, on 12/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\pqxopune\tuzkjety.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ghylunkv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Some Other Campagna\Local Settings\Temporary Internet Files\Content.IE5\6KPKTG91\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Some Other Campagna.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MonUtilMsg] C:\WINDOWS\system32\fifazmve.exe
O4 - HKCU\..\Run: [DscSet] C:\WINDOWS\system32\ghylunkv.exe
O4 - HKLM\..\Policies\Explorer\Run: [C10Ww0ZgBs] C:\Documents and Settings\All Users\Application Data\pqxopune\tuzkjety.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.liv...es/MSNPUpld.cab
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://algvpn.algon...ries/vpnweb.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimed...upv2.0.0.10.cab?
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D737D70-8235-429C-A5E5-446659C1D9A5}: NameServer = 4.2.2.2,4.2.2.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{2D737D70-8235-429C-A5E5-446659C1D9A5}: NameServer = 4.2.2.2,4.2.2.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{2D737D70-8235-429C-A5E5-446659C1D9A5}: NameServer = 4.2.2.2,4.2.2.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O21 - SSODL: actproc - {29DA52DB-94DA-F364-D0E4-002267342331} - C:\Program Files\pcosmob\actproc.dll
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\HP Game Console\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

--
End of file - 11954 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Tcj18 - c:\windows\system32\drivers\tcj18.sys
R3 SAMFILT - c:\windows\system32\drivers\samfilt.sys <Not Verified; Dolphin, Inc.; Dolphin Keyboard Filter>

S1 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S0 Pml Driver HPZ12 - \systemroot\c:\windows\system32\hpzipm12.exe (file missing)
S2 navapsvc (Norton AntiVirus Auto-Protect Service) - "c:\program files\norton internet security\norton antivirus\navapsvc.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0000
Service: vpnva


-- Files created between 2008-07-12 and 2008-08-12 -----------------------------

2008-08-12 17:49:32 0 d-------- C:\Program Files\Trend Micro
2008-08-12 17:20:18 86016 --a------ C:\WINDOWS\system32\ghylunkv.exe
2008-08-12 17:09:49 25472 --a------ C:\WINDOWS\system32\drivers\Tcj18.sys
2008-08-12 14:14:45 0 d-------- C:\Documents and Settings\Some Other Campagna\Application Data\Malwarebytes
2008-08-12 14:14:41 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-12 14:14:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-12 14:14:32 0 d-------- C:\Program Files\Common Files\Download Manager
2008-08-12 14:03:30 0 d-------- C:\Documents and Settings\Some Other Campagna\Application Data\U3
2008-08-12 11:51:34 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-08-12 11:50:46 0 d-------- C:\Program Files\Common Files\iS3
2008-08-12 11:50:46 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-08-11 20:25:09 0 d-------- C:\Program Files\pcosmob
2008-08-11 20:25:06 0 d-------- C:\Documents and Settings\All Users\Application Data\pqxopune
2008-08-11 20:25:05 94208 --a------ C:\WINDOWS\system32\fifazmve.exe


-- Find3M Report ---------------------------------------------------------------

2008-08-12 14:14:32 0 d-------- C:\Program Files\Common Files
2008-08-12 14:10:53 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-08-07 16:43:20 0 d-------- C:\Program Files\HP Games
2008-08-04 22:02:39 0 d-------- C:\Documents and Settings\Some Other Campagna\Application Data\PlayFirst
2008-07-30 19:14:03 63 --a------ C:\WINDOWS\popcinfo.dat
2008-07-22 17:33:04 0 d-------- C:\Program Files\LimeWire
2008-07-22 15:03:21 0 d-------- C:\Documents and Settings\Some Other Campagna\Application Data\iWin
2008-06-27 23:01:53 0 d-------- C:\Documents and Settings\Some Other Campagna\Application Data\PTV Game
2008-06-27 22:41:58 0 d-------- C:\Documents and Settings\Some Other Campagna\Application Data\gemsweeperextractedgfx


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [15/02/2006 06:34 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 01:47 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [24/01/2006 03:15 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [27/04/2007 09:41 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [25/10/2006 10:57 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [26/05/2007 12:45 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [09/08/2004 05:00 PM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 11:34 AM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [13/11/2006 02:39 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [02/04/2008 07:16 PM]
"MonUtilMsg"="C:\WINDOWS\system32\fifazmve.exe" [11/08/2008 08:25 PM]
"DscSet"="C:\WINDOWS\system32\ghylunkv.exe" [12/08/2008 05:20 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispScrSavPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"C10Ww0ZgBs"=C:\Documents and Settings\All Users\Application Data\pqxopune\tuzkjety.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"actproc"= {29DA52DB-94DA-F364-D0E4-002267342331} - C:\Program Files\pcosmob\actproc.dll [11/08/2008 08:25 PM 126976]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tcj18.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Some Other Campagna^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Some Other Campagna\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
ARPWRMSG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
C:\Program Files\DISC\DISCover.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]
C:\Program Files\DISC\DiscUpdMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
"c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
"C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
"C:\Windows\Creator\Remind_XP.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YeppStudioAgent]
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe




-- End of Deckard's System Scanner: finished at 2008-08-12 19:20:06 ------------



And the contents of extra.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 3800+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 3800+
Percentage of Memory in Use: 41%
Physical Memory (total/avail): 958.48 MiB / 560.2 MiB
Pagefile Memory (total/avail): 2312.56 MiB / 2011.41 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.19 MiB

C: is Fixed (NTFS) - 224.08 GiB total, 193.9 GiB free.
D: is Fixed (FAT32) - 8.78 GiB total, 0.48 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG SP2504C - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 224.08 GiB - C:
\PARTITION1 - Unknown - 8.8 GiB - D:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\DISC\\DISCover.exe"="C:\\Program Files\\DISC\\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\\Program Files\\DISC\\DiscStreamHub.exe"="C:\\Program Files\\DISC\\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\\Program Files\\DISC\\myFTP.exe"="C:\\Program Files\\DISC\\myFTP.exe:*:Enabled:DISCover FTP"
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\EA SPORTS\\Madden NFL 07\\Updater.exe"="C:\\Program Files\\EA SPORTS\\Madden NFL 07\\Updater.exe:*:Enabled:Updater"
"C:\\Program Files\\HP Games\\Wheel of Fortune\\Wheel of Fortune.exe"="C:\\Program Files\\HP Games\\Wheel of Fortune\\Wheel of Fortune.exe:*:Enabled:Wheel of Fortune"
"C:\\Program Files\\Yahoo! Games\\Flip Words\\FlipWords.exe"="C:\\Program Files\\Yahoo! Games\\Flip Words\\FlipWords.exe:*:Enabled:FlipWords"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Activision Value\\Soldier of Fortune Payback\\sof3.exe"="C:\\Program Files\\Activision Value\\Soldier of Fortune Payback\\sof3.exe:*:Enabled:sof3"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\HP Games\\Rock & Roll JEOPARDY\\Rock & Roll JEOPARDY!.exe"="C:\\Program Files\\HP Games\\Rock & Roll JEOPARDY\\Rock & Roll JEOPARDY!.exe:*:Disabled:Rock & Roll JEOPARDY!"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Some Other Campagna\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CAMPAGNAFAMILY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Some Other Campagna
LOGONSERVER=\\CAMPAGNAFAMILY
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 43 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2b01
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\SOMEOT~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\SOMEOT~1\LOCALS~1\Temp
USERDOMAIN=CAMPAGNAFAMILY
USERNAME=Some Other Campagna
USERPROFILE=C:\Documents and Settings\Some Other Campagna
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

HP_Administrator (admin)
Some Other Campagna (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\HP Games\10 Talismans\Uninstall.exe"
--> "C:\Program Files\HP Games\3D Ultra Minigolf Adventures\Uninstall.exe"
--> "C:\Program Files\HP Games\7 Wonders II\Uninstall.exe"
--> "C:\Program Files\HP Games\7 Wonders of the Ancient World\Uninstall.exe"
--> "C:\Program Files\HP Games\Alchemy Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Ancient Mosaic\Uninstall.exe"
--> "C:\Program Files\HP Games\Arctic Quest 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Asianata\Uninstall.exe"
--> "C:\Program Files\HP Games\Atlantis Adventure\Uninstall.exe"
--> "C:\Program Files\HP Games\Atlantis Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\Avalanche\Uninstall.exe"
--> "C:\Program Files\HP Games\Ballistik\Uninstall.exe"
--> "C:\Program Files\HP Games\Balloon Blast\Uninstall.exe"
--> "C:\Program Files\HP Games\Bang on Blitz\Uninstall.exe"
--> "C:\Program Files\HP Games\Barnyard Invasion\Uninstall.exe"
--> "C:\Program Files\HP Games\Beezzle\Uninstall.exe"
--> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Big Kahuna Reef 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Big Kahuna Reef\Uninstall.exe"
--> "C:\Program Files\HP Games\Bistro Stars\Uninstall.exe"
--> "C:\Program Files\HP Games\Blasterball 2 Remix\Uninstall.exe"
--> "C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
--> "C:\Program Files\HP Games\Bricks of Camelot\Uninstall.exe"
--> "C:\Program Files\HP Games\Bricks of Egypt\Uninstall.exe"
--> "C:\Program Files\HP Games\Brickshooter Egypt\Uninstall.exe"
--> "C:\Program Files\HP Games\Bubbles\Uninstall.exe"
--> "C:\Program Files\HP Games\Cafe Mahjongg\Uninstall.exe"
--> "C:\Program Files\HP Games\Chainz 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Chameleon Gems\Uninstall.exe"
--> "C:\Program Files\HP Games\Charm Tale\Uninstall.exe"
--> "C:\Program Files\HP Games\Chicken Invaders 3 - Revenge of the Yolk\Uninstall.exe"
--> "C:\Program Files\HP Games\Coffee Tycoon\Uninstall.exe"
--> "C:\Program Files\HP Games\Constellations\Uninstall.exe"
--> "C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
--> "C:\Program Files\HP Games\Crystal Path\Uninstall.exe"
--> "C:\Program Files\HP Games\Crystalix\Uninstall.exe"
--> "C:\Program Files\HP Games\Diego's Safari Adventure\Uninstall.exe"
--> "C:\Program Files\HP Games\Digby's Donuts\Uninstall.exe"
--> "C:\Program Files\HP Games\Diner Dash - Flo on the Go\Uninstall.exe"
--> "C:\Program Files\HP Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe"
--> "C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
--> "C:\Program Files\HP Games\DNA\Uninstall.exe"
--> "C:\Program Files\HP Games\Domino Master\Uninstall.exe"
--> "C:\Program Files\HP Games\Dream Chronicles\Uninstall.exe"
--> "C:\Program Files\HP Games\FaceIt\Uninstall.exe"
--> "C:\Program Files\HP Games\Fairy Treasure\Uninstall.exe"
--> "C:\Program Files\HP Games\Family Feud 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Family Feud\Uninstall.exe"
--> "C:\Program Files\HP Games\Feeding Frenzy 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Fish Tycoon\Uninstall.exe"
--> "C:\Program Files\HP Games\Fresco Wizard\Uninstall.exe"
--> "C:\Program Files\HP Games\Fruit Lockers\Uninstall.exe"
--> "C:\Program Files\HP Games\Gem Shop\Uninstall.exe"
--> "C:\Program Files\HP Games\Gemsweeper\Uninstall.exe"
--> "C:\Program Files\HP Games\Glyph\Uninstall.exe"
--> "C:\Program Files\HP Games\Hidden Relics\Uninstall.exe"
--> "C:\Program Files\HP Games\Holiday Express\Uninstall.exe"
--> "C:\Program Files\HP Games\Iggle Pop Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Inca Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\Ingenious\Uninstall.exe"
--> "C:\Program Files\HP Games\Island Wars 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Jewel Match\Uninstall.exe"
--> "C:\Program Files\HP Games\Jewel of Atlantis\Uninstall.exe"
--> "C:\Program Files\HP Games\Jewel Quest II\Uninstall.exe"
--> "C:\Program Files\HP Games\Jewel Quest Solitaire 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Jewel Quest Solitaire\Uninstall.exe"
--> "C:\Program Files\HP Games\Jewel Thief\Uninstall.exe"
--> "C:\Program Files\HP Games\Jewels of Cleopatra\Uninstall.exe"
--> "C:\Program Files\HP Games\Jurassic Realm\Uninstall.exe"
--> "C:\Program Files\HP Games\Lumines\Uninstall.exe"
--> "C:\Program Files\HP Games\Luxor - Amun Rising\Uninstall.exe"
--> "C:\Program Files\HP Games\Luxor 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Luxor 3\Uninstall.exe"
--> "C:\Program Files\HP Games\Luxor MahJong\Uninstall.exe"
--> "C:\Program Files\HP Games\Luxor\Uninstall.exe"
--> "C:\Program Files\HP Games\Magic Academy\Uninstall.exe"
--> "C:\Program Files\HP Games\Magic Gem\Uninstall.exe"
--> "C:\Program Files\HP Games\Mah Jong Adventures\Uninstall.exe"
--> "C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\Mahjong Journey of Enlightenment\Uninstall.exe"
--> "C:\Program Files\HP Games\Mahjongg Artifacts\Uninstall.exe"
--> "C:\Program Files\HP Games\Memory Loops\Uninstall.exe"
--> "C:\Program Files\HP Games\Mosaic Tomb of Mystery\Uninstall.exe"
--> "C:\Program Files\HP Games\Ocean Express\Uninstall.exe"
--> "C:\Program Files\HP Games\Pantheon\Uninstall.exe"
--> "C:\Program Files\HP Games\Peggle\Uninstall.exe"
--> "C:\Program Files\HP Games\Pirate Poppers\Uninstall.exe"
--> "C:\Program Files\HP Games\Puppy Luv\Uninstall.exe"
--> "C:\Program Files\HP Games\Puzzle Blast\Uninstall.exe"
--> "C:\Program Files\HP Games\Puzzle Myth\Uninstall.exe"
--> "C:\Program Files\HP Games\Rainbow Mystery\Uninstall.exe"
--> "C:\Program Files\HP Games\Rainbow Web\Uninstall.exe"
--> "C:\Program Files\HP Games\Reaxxion\Uninstall.exe"
--> "C:\Program Files\HP Games\Roboball\Uninstall.exe"
--> "C:\Program Files\HP Games\Rock & Roll JEOPARDY\Uninstall.exe"
--> "C:\Program Files\HP Games\SandScript\Uninstall.exe"
--> "C:\Program Files\HP Games\Sea Bounty\Uninstall.exe"
--> "C:\Program Files\HP Games\Secrets of the Seas\Uninstall.exe"
--> "C:\Program Files\HP Games\Serpengo\Uninstall.exe"
--> "C:\Program Files\HP Games\Shape Solitaire\Uninstall.exe"
--> "C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Slingo Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\Slyder Adventures\Uninstall.exe"
--> "C:\Program Files\HP Games\Snapshot Adventures\Uninstall.exe"
--> "C:\Program Files\HP Games\Snowy Puzzle Islands\Uninstall.exe"
--> "C:\Program Files\HP Games\Spacebound\Uninstall.exe"
--> "C:\Program Files\HP Games\Spyde Solitaire\Uninstall.exe"
--> "C:\Program Files\HP Games\Starcrossed\Uninstall.exe"
--> "C:\Program Files\HP Games\Sudoku Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\Super Granny 3\Uninstall.exe"
--> "C:\Program Files\HP Games\Super Slyder\Uninstall.exe"
--> "C:\Program Files\HP Games\Sweetopia\Uninstall.exe"
--> "C:\Program Files\HP Games\Tangle Bee\Uninstall.exe"
--> "C:\Program Files\HP Games\Temple of Jewels\Uninstall.exe"
--> "C:\Program Files\HP Games\The Apprentice\Uninstall.exe"
--> "C:\Program Files\HP Games\The Emperor's Mahjong\Uninstall.exe"
--> "C:\Program Files\HP Games\The Rise of Atlantis\Uninstall.exe"
--> "C:\Program Files\HP Games\The Treasures of Montezuma\Uninstall.exe"
--> "C:\Program Files\HP Games\Tiki Boom Boom\Uninstall.exe"
--> "C:\Program Files\HP Games\Tradewinds Legends\Uninstall.exe"
--> "C:\Program Files\HP Games\Treasure Island\Uninstall.exe"
--> "C:\Program Files\HP Games\Treasure Pyramid\Uninstall.exe"
--> "C:\Program Files\HP Games\Trijinx\Uninstall.exe"
--> "C:\Program Files\HP Games\Trivial Pursuit 'Bring On the 90's' Edition\Uninstall.exe"
--> "C:\Program Files\HP Games\Ultimate Mahjong\Uninstall.exe"
--> "C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
--> "C:\Program Files\HP Games\Virtual Villagers - Chapter 2 - The Lost Children\Uninstall.exe"
--> "C:\Program Files\HP Games\VortHex\Uninstall.exe"
--> "C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
--> "C:\Program Files\HP Games\Wild West Billy\Uninstall.exe"
--> "C:\Program Files\HP Games\Wonderlines\Uninstall.exe"
--> "C:\Program Files\HP Games\Word Up\Uninstall.exe"
--> "C:\Program Files\HP Games\Wordigo\Uninstall.exe"
--> "C:\Program Files\HP Games\WordJong\Uninstall.exe"
--> "C:\Program Files\HP Games\Zenerchi\Uninstall.exe"
--> "C:\Program Files\HP Games\Zodiac Tower\Uninstall.exe"
--> "C:\Program Files\HP Games\ZoomBook - The Temple of the Sun\Uninstall.exe"
--> "C:\Program Files\HP Games\Zulu Gems\Uninstall.exe"
--> "C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Zzed\Uninstall.exe"
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
--> MsiExec /X{65F1CF63-31E0-450B-96F3-4A88BE7361A6}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.5 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
AGEIA PhysX v7.07.09 --> MsiExec.exe /X{65F1CF63-31E0-450B-96F3-4A88BE7361A6}
Agere Systems PCI-SV92PP Soft Modem --> agrsmdel
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
Bejeweled Deluxe 1.861 --> C:\Program Files\PopCap Games\Bejeweled Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled Deluxe\Install.log"
Big Kahuna Words --> "C:\Program Files\Oberon Media\Big Kahuna Words\Uninstall.exe" "C:\Program Files\Oberon Media\Big Kahuna Words\install.log"
Cisco AnyConnect VPN Client --> MsiExec.exe /X{17E1BC18-8B8C-4160-B759-C47294B5A9C2}
Customer Experience Enhancement --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
DISCover --> "C:\Program Files\DISC\uninstall.exe"
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EA Link --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F5577101-33CC-4711-8235-3A95BCD49DB0} /l1033
EA SPORTS online 2007 --> C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
ebgcInfra --> MsiExec.exe /X{39B1BD87-561E-4762-AED9-7C5213B06C24}
ebgcRes --> MsiExec.exe /X{D968C4E0-022A-461D-A69E-19A4E7A55000}
ebgcSDK --> MsiExec.exe /X{13AD768A-9E04-499D-AE80-967A65DCCBA5}
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /remove
FATE --> "C:\Program Files\HP Games\FATE\Uninstall.exe"
FirstClass® Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B35C417-2649-11D6-83D1-0050FC01225C}\setup.exe" -l0x9 -uninst
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Desktop Search --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSearchSetup.exe -uninstall
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Boot Optimizer --> MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP DigitalMedia Archive --> MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP Document Viewer 6.1 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP DVD Play 2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Game Console --> "C:\Program Files\WildTangent\Apps\HP Game Console\Uninstall.exe"
HP Imaging Device Fu
  • 0

#5
SpySentinel
Posted 13 August 2008 - 04:40 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Your welcome! :)


You are using peer-to-peer programs, specifically LimeWire.
These are what we call an optional removal. However, anytime you are running any type of peer-to-peer application, you are more prone to infection by malware, and this is probably how you became infected in the first place. The choice to remove them is entirely up to you, but I would strongly recommend that you do.
If you do not want to, please at least refrain from using any peer-to-peer programs for the remainder of my fix.
For more information about infections as a result of p2p programs, take a look here: http://p2p.malwareremoval.com/



Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKCU\..\Run: [MonUtilMsg] C:\WINDOWS\system32\fifazmve.exe
O4 - HKCU\..\Run: [DscSet] C:\WINDOWS\system32\ghylunkv.exe
O4 - HKLM\..\Policies\Explorer\Run: [C10Ww0ZgBs] C:\Documents and Settings\All Users\Application Data\pqxopune\tuzkjety.exe
O21 - SSODL: actproc - {29DA52DB-94DA-F364-D0E4-002267342331} - C:\Program Files\pcosmob\actproc.dll

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

LimeWire

Please note any other programs that you don't recognize in that list in your next response.



Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
Tcj18 <delete service>
C:\WINDOWS\system32\ghylunkv.exe
C:\WINDOWS\system32\drivers\Tcj18.sys
C:\WINDOWS\system32\fifazmve.exe
C:\Program Files\LimeWire
C:\WINDOWS\popcinfo.dat
C:\Documents and Settings\All Users\Application Data\pqxopune
 C:\Program Files\pcosmob
purity 
EmptyTemp
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


After that, Reboot, and post a new DSS log here in a reply
  • 0

#6
heyage13
Posted 13 August 2008 - 05:24 PM

heyage13

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08132008_191935

Explorer killed successfully
Tcj18 service deleted successfully.
C:\WINDOWS\system32\ghylunkv.exe moved successfully.
File move failed. C:\WINDOWS\system32\drivers\Tcj18.sys scheduled to be moved on reboot.
C:\WINDOWS\system32\fifazmve.exe moved successfully.
C:\Program Files\LimeWire\root\magnet10 moved successfully.
C:\Program Files\LimeWire\root moved successfully.
C:\Program Files\LimeWire\lib moved successfully.
C:\Program Files\LimeWire\.NetworkShare moved successfully.
C:\Program Files\LimeWire moved successfully.
C:\WINDOWS\popcinfo.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\pqxopune moved successfully.
C:\Program Files\pcosmob moved successfully.
< purity >
< EmptyTemp >
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08132008_191935
  • 0

#7
SpySentinel
Posted 15 August 2008 - 01:29 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new DSS log.
  • 0

#8
heyage13
Posted 17 August 2008 - 11:25 AM

heyage13

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
Thanks for the help so far....

Here is the ComboFix Log:


ComboFix 08-08-16.01 - Some Other Campagna 2008-08-17 12:57:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.573 [GMT -4:00]
Running from: C:\Documents and Settings\Some Other Campagna\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\Some Other Campagna\Application Data\macromedia\Flash Player\#SharedObjects\YRVMNFMU\interclick.com
C:\Documents and Settings\Some Other Campagna\Application Data\macromedia\Flash Player\#SharedObjects\YRVMNFMU\interclick.com\ud.sol
C:\Documents and Settings\Some Other Campagna\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Some Other Campagna\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Some Other Campagna\Cookies\[email protected][1].txt
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-07-17 to 2008-08-17 )))))))))))))))))))))))))))))))
.

2008-08-17 13:03 . 2008-08-17 13:03 25,472 --a------ C:\WINDOWS\system32\drivers\Tcj18.sys
2008-08-14 23:43 . 2008-08-14 23:43 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-08-13 19:19 . 2008-08-13 19:19 <DIR> d-------- C:\_OTMoveIt
2008-08-13 13:07 . 2008-08-17 12:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ZILLAbar
2008-08-13 13:04 . 2008-08-17 12:28 <DIR> d-------- C:\Program Files\STOPzilla!
2008-08-13 13:04 . 2008-08-13 13:04 <DIR> d-------- C:\Documents and Settings\Some Other Campagna\Application Data\STOPzilla!
2008-08-12 19:17 . 2008-08-12 19:17 <DIR> d-------- C:\Deckard
2008-08-12 17:49 . 2008-08-12 17:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-12 14:14 . 2008-08-12 14:14 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-12 14:14 . 2008-08-12 14:14 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-08-12 14:14 . 2008-08-12 14:14 <DIR> d-------- C:\Documents and Settings\Some Other Campagna\Application Data\Malwarebytes
2008-08-12 14:14 . 2008-08-12 14:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-12 14:14 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-12 14:14 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-12 14:03 . 2008-08-14 22:44 <DIR> d-------- C:\Documents and Settings\Some Other Campagna\Application Data\U3
2008-08-12 11:51 . 2008-08-12 14:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-08-12 11:50 . 2008-08-12 11:50 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-08-12 11:50 . 2008-08-17 13:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-08-11 16:39 . 2008-08-11 16:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-11 16:39 . 2008-08-11 16:39 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-15 03:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-13 23:16 --------- d-----w C:\Program Files\HP Games
2008-08-12 18:10 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-08-05 02:02 --------- d-----w C:\Documents and Settings\Some Other Campagna\Application Data\PlayFirst
2008-08-04 18:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2008-07-22 19:03 --------- d-----w C:\Documents and Settings\Some Other Campagna\Application Data\iWin
2008-06-28 03:01 --------- d-----w C:\Documents and Settings\Some Other Campagna\Application Data\PTV Game
2008-06-28 02:41 --------- d-----w C:\Documents and Settings\Some Other Campagna\Application Data\gemsweeperextractedgfx
2008-06-28 02:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\My Games
2008-06-20 10:45 360,320 ------w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ------w C:\WINDOWS\system32\drivers\tcpip6.sys
2007-02-15 19:07 0 ----a-w C:\Documents and Settings\Some Other Campagna\Application Data\wklnhst.dat
2006-12-29 03:30 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-02-01 01:21 251 ----a-w C:\Program Files\wt3d.ini
2006-01-29 20:24 299 ----a-w C:\Documents and Settings\Some Other Campagna\Application Data\internaldb1942.dat
2005-01-10 23:52 6,144 ----a-w C:\Documents and Settings\Some Other Campagna\Application Data\internaldb9318.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:39 1289000]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-02 19:16 118784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 17:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 18:34 249856]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-24 15:15 7311360]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-25 22:57 180269]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45 257088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tcj18.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Some Other Campagna^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Some Other Campagna\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--------- 2004-08-09 17:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-08-29 11:09 171464 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
--a------ 2006-03-20 05:05 90112 c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2007-07-19 08:02 2887680 C:\Program Files\Electronic Arts\EA Link\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-29 17:01 67584 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-12-15 14:18 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
--a------ 2005-06-01 19:35 49152 c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-05-26 12:45 257088 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-01-24 15:15 7311360 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2005-07-22 18:14 237568 C:\WINDOWS\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2004-12-13 22:23 663552 C:\WINDOWS\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YeppStudioAgent]
--a------ 2005-08-30 18:21 40960 C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
--a------ 2005-08-02 19:19 77312 C:\WINDOWS\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-01-24 15:15 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-03-08 00:54 16010240 C:\WINDOWS\RTHDCPL.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\HP Games\\Wheel of Fortune\\Wheel of Fortune.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\HP Games\\Rock & Roll JEOPARDY\\Rock & Roll JEOPARDY!.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Tcj18;Tcj18;C:\WINDOWS\system32\Drivers\Tcj18.sys [2008-08-17 13:03]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2007-04-23 04:12]
S3 GameConsoleService;GameConsoleService;C:\Program Files\WildTangent\Apps\HP Game Console\GameConsoleService.exe [2008-05-05 18:25]
S3 vpnva;Cisco AnyConnect VPN Virtual Miniport Adapter for Windows;C:\WINDOWS\system32\DRIVERS\vpnva.sys [2007-04-23 04:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ca51c03-0aad-11dc-8c4a-00040b808080}]
\Shell\AutoRun\command - K:\LaunchU3.exe
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
Notify-NavLogon - (no file)
MSConfigStartUp-DISCover - C:\Program Files\DISC\DISCover.exe
MSConfigStartUp-DiscUpdateManager - C:\Program Files\DISC\DiscUpdMgr.exe
MSConfigStartUp-vptray - C:\PROGRA~1\SYMANT~1\VPTray.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R0 -: HKCU-Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PAVILION&pf=desktop
R0 -: HKLM-Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PAVILION&pf=desktop
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O8 -: &Google Search - C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 -: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 -: Backward &Links - C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 -: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 -: Cac&hed Snapshot of Page - C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 -: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 -: Si&milar Pages - C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 -: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 -: Translate into English - C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O8 -: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O17 -: HKLM\CCS\Interface\{2D737D70-8235-429C-A5E5-446659C1D9A5}: NameServer = 4.2.2.2,4.2.2.3
O18 -: Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll

O16 -: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://algvpn.algonquincollege.com/CACHE/stc/2/binaries/vpnweb.cab
C:\WINDOWS\Downloaded Program Files\vpnweb.inf
C:\WINDOWS\system32\vpnweb.ocx


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-17 13:04:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~3.DLL
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-08-17 13:13:38 - machine was rebooted [Some Other Campagna]
ComboFix-quarantined-files.txt 2008-08-17 17:13:34

Pre-Run: 208,601,378,816 bytes free
Post-Run: 208,699,981,824 bytes free

235 --- E O F --- 2008-08-15 03:44:19


And here is the DSS Log:

Actually for some reason When I cliuck on the DSS program icon after downloading it to my desktop, it doesnt load and disappears from my desktop...
  • 0

#9
SpySentinel
Posted 17 August 2008 - 03:33 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts

Thanks for the help so far....


Your welcome!


1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Collect::
C:\WINDOWS\system32\Drivers\Tcj18.sys

File::
C:\Documents and Settings\Some Other Campagna\Application Data\internaldb1942.dat
C:\Documents and Settings\Some Other Campagna\Application Data\internaldb9318.dat

Folder::
C:\Documents and Settings\All Users\Application Data\ZILLAbar
C:\Documents and Settings\All Users\Application Data\WildTangent

Driver::
Tcj18

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ca51c03-0aad-11dc-8c4a-00040b808080}]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tcj18.sys]

Sysrst::


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • And see if you can run DSS.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
  • A browser will open.
  • Simply follow the instructions to copy/paste/send the requested file.

  • 0

#10
heyage13
Posted 17 August 2008 - 05:36 PM

heyage13

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
I'm gonna have to do this in a couple of parts because the log was too big to post into one post...

Running from: C:\Documents and Settings\Some Other Campagna\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Some Other Campagna\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\Some Other Campagna\Application Data\internaldb1942.dat
C:\Documents and Settings\Some Other Campagna\Application Data\internaldb9318.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\WildTangent
C:\Documents and Settings\All Users\Application Data\WildTangent\avalanche\config.ini
C:\Documents and Settings\All Users\Application Data\WildTangent\bangonblitz\config.ini
C:\Documents and Settings\All Users\Application Data\WildTangent\bejeweled2deluxe\config.ini
C:\Documents and Settings\All Users\Application Data\WildTangent\bistrostars\config.ini
C:\Documents and Settings\All Users\Application Data\WildTangent\blasterball2holidays\config.ini
C:\Documents and Settings\All Users\Application Data\WildTangent\blasterball2remix\config.ini
C:\Documents and Settings\All Users\Application Data\WildTangent\blasterball2remix\Persistent\data.dat
C:\Documents and Settings\All Users\Application Data\WildTangent\blasterball3\Cache\optionsBB3.dat
C:\Documents and Settings\All Users\Application Data\WildTangent\blasterball3\Cache\Readme.txt
C:\Documents and Settings\All Users\Application Data\WildTangent\blasterball3\config.ini
C:\Documents and Settings\All Users\Application Data\WildTangent\blasterball3\Persistent\BB3HighScores.dat
C:\Documents and Settings\All Users\Application Data\WildTangent\blasterball3\Persistent\Profiles\profile0000\name.bin
C:\Documents and Settings\All Users\Application Data\WildTangent\blasterball3\Persistent\Profiles\profile0000\pInfo.bin
C:\Documents and Settings\All Users\Application Data\WildTangent\blasterball3\Persistent\Readme.txt
C:\Documents and Settings\All Users\Application Data\WildTangent\bookwormadventures\config.ini
C:\Documents and Settings\All Users\Application Data\WildTangent\bubbles\config.ini
C:\Documents and Settings\All Users\Application Data\WildTangent\chameleongems\config.ini
C:\Documents and Settings\All Users\Application Data\WildTangent\crystalmaze\config.ini
C:\Documents and Settings\All Users\Application Data\WildTangent\crystalmaze\Persistent\CrystalMaze.dat
C:\Documents and Settings\All Users\Application Data\WildTangent\dinerdash\config.ini
C:\Documents and Settings\All Users\Application Data\WildTangent\dinerdash2\config.ini
C:\Documents and Settings\All Users\Application Data\WildTangent\dinerdashflo\config.ini
C:\Documents and Settings\All Users\Application Data\WildTangent\familyfeud\config.ini
C:\Documents and Settings\All Users\Application Data\WildTangent\finaldrivenitro\config.ini
C:\Documents and Settings\All Users\Application Data\WildTangent\flipwords\config.ini
C:\Documents and Settings\All Users\Application Data\WildTangent\flipwords2\config.ini
C:\Documents and Settings\All Users\Application Data\WildTangent\GameData\{B3657728-5268-E129-756D-23CD5CD01F01}
C:\Documents and Settings\All Users\Application Data\WildTangent\GameData\gtd.dat
C:\Documents and Settings\All Users\Application Data\WildTangent\GameData\gtd2.dat
C:\Documents and Settings\All Users\Application Data\WildTangent\GameData\support.dat
C:\Documents and Settings\All Users\Application Data\WildTangent\glyph\config.ini
C:\Documents and Settings\All Users\Application Data\WildTangent\holidayexpress\config.ini
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelquest2\config.ini
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelquestsolitaire\config.ini
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\arrow_up.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\arrow_up_press.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\arrow_up_rollover.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\display.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\gui_diamond_menu.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\gui_endpanelframe.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\gui_frame.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\gui_genericframe.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\gui_helpframe1.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\gui_helpframe2.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\gui_helpframe3.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\gui_helpframe4.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\gui_helpframe5.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\gui_helpframe6.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\gui_helpframe7.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\gui_helpframe8.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\gui_helpscreen1.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\gui_optionsbg.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\gui_profilescreen.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\gui_score_level.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\gui_selectprofile.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\gui_tutorialscreen.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\gui_tutorialscreen_big.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\gui_tutorialscreen2.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\gui_tutorialscreen2_big.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\hisakolair_bg.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\hisakolair_clouds.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\intro_frame.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\jewelry_case_crystal.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\main_menu_city.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\main_menu_city2.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\main_menu_logo.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\main_menu_logo_night.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\main_menu_thief.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\main_menu_tiffany.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\matrix_clock.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\matrix_frame.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\museum_bg.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\pl00_buildings1.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\pl00_buildings2.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\pl00_tree1.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\pl00_tree2.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\pl01_tiffany.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\pl03_tiffany.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\pl04_hook1.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\pl04_hook2.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\pl05_rope1.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\pl05_rope2.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\pl06_tiffany1.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\pl06_tiffany2.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\pl07_tiffany1.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\pl07_window2_ol.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\pl08_case.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\tale01_panel_bg.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\transition_bar.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\transition_bar2.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\transition_complete.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\transition_game.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\transition_level.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\transition_over.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Cache\data\art\bitmaps\screendecals_target\vault.png
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Persistent\optionswtt.dat
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Persistent\SaveGames\profile0000\name.bin
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Persistent\SaveGames\profile0001\name.bin
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Persistent\SaveGames\profile0001\pInfo.bin
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Persistent\SaveGames\profile0001\save_HISTORY.bin
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Persistent\SaveGames\profile0001\save_RELAX.bin
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Persistent\SaveGames\profile0001\save_TIMELIMIT.bin
C:\Documents and Settings\All Users\Application Data\WildTangent\jewelthief\Persistent\SaveGames\profile0001\tutinfo.bin
C:\Documents and Settings\All Users\Application Data\WildTangent\lemonadetycoon2\config.ini
C:\Documents and Settings\All Users\Application Data\WildTangent\LicenseStores\WT\008371C0-86B6-11D9-8BDE-F66BAD1E3F3A.wtlic
C:\Documents and Settings\All Users\Application Data\WildTangent\LicenseStores\WT\041bd0fb-14de-49ad-bbb5-bf9ad9424a62.wtlic
C:\Documents and Settings\All Users\Application Data\WildTangent\LicenseStores\WT\058D8AB2-0002-4963-8BEF-C53407A55AB8.wtlic
C:\Documents and Settings\All Users\Application Data\WildTangent\LicenseStores\WT\0DF4FEC0-86B4-11D9-8BDE-F66BAD1E3F3A.wtlic
C:\Documents and Settings\All Users\Application Data\WildTangent\LicenseStores\WT\13E38CFC-81C8-11D9-8BDE-F66BAD1E3F3A.wtlic
C:\Documents and Settings\All Users\Application Data\WildTangent\LicenseStores\WT\1e74a062-e59d-429d-b4bd-36f787e40c93.wtlic
C:\Documents and Settings\All Users\Application Data\WildTangent\LicenseStores\WT\255A0496-8F58-11D9-8BDE-F66BAD1E3F3A.wtlic
C:\Documents and Settings\All Users\Application Data\WildTangent\LicenseStores\WT\262A5CE3-8F27-44D5-A8A1-6A7B46A46B1A.wtlic
C:\Documents and Settings\All Users\Application Data\WildTangent\LicenseStores\WT\4B39DF83-1063-4fcc-B1B4-0E116120D387.wtlic
C:\Documents and Settings\All Users\Application Data\WildTangent\LicenseStores\WT\53e2708c-4bb0-4597-b67b-aca2cea67126.wtlic
C:\Documents and Settings\All Users\Application Data\WildTangent\LicenseStores\WT\5F7E059C-CAEF-43ad-9378-DD87D8B6B154.wtlic
C:\Documents and Settings\All Users\Application Data\WildTangent\LicenseStores\WT\60C5C02A-D223-11D9-8BDE-F66BAD1E3F3A.wtlic
C:\Documents and Settings\All Users\Application Data\WildTangent\LicenseStores\WT\663B3761-603B-4a7f-84C3-E4B22FC55514.wtlic
C:\Documents and Settings\All Users\Application Data\WildTangent\LicenseStores\WT\66DA97C0-81C8-11D9-8BDE-F66BAD1E3F3A.wtlic
C:\Documents and Settings\All Users\Application Data\WildTangent\LicenseStores\WT\6b0fca30-9978-472f-a1e3-782e2c413dfe.wtlic
C:\Documents and Settings\All Users\Application Data\WildTangent\LicenseStores\WT\6DEEEEDF-6404-4f02-AE07-4F4CB1A3D5F6.wtlic
C:\Documents and Settings\All Users\Application Data\WildTangent\LicenseStores\WT\6E19C296-7722-4e20-A653-2CEA4DCBF293.wtlic
C:\Documents and Settings\All Users\Application Data\WildTangent\LicenseStores\WT\78708655-18b7-4e03-b45c-f148bbd3c306.wtlic
C:\Documents and Settings\All Users\Application Data\WildTangent\LicenseStores\WT\7B08ACF6-875D-11D9-8BDE-F66BAD1E3F3A.wtlic
C:\Documents and Settings\All Users\Application Data\WildTangent\LicenseStores\WT\81CB1406-81C8-11D9-8BDE-F66BAD1E3F3A.wtlic
C:\Documents and Settings\All Users\Application Data\WildTangent\LicenseStores\WT\8F00246E-F012-11D9-8BDE-F66BAD1E3F3A.wtlic
C:\Documents and Settings\All Users\Application Data\WildTangent\LicenseStores\WT\A7456F43-E255-4c09-90BD-81EC82890C69.wtlic
C:\Documents and Settings\All Users\Application Data\WildTangent\LicenseStores\WT\B1374F52-EF14-11D9-8BDE-F66BAD1E3F3A.wtlic
C:\Documents and Settings\All Users\Application Data\WildTangent\LicenseStores\WT\BCBEABA9-E474-475f-8966-7F777840D3A9.wtlic
C:\Documents and Settings\All Users\Application Data\WildTangent\LicenseStores\WT\C14E1B68-8F57-11D9-8BDE-F66BAD1E3F3A.wtlic
C:\Documents and Settings\All Users\Application Data\WildTangent\LicenseStores\WT\cbb4dc20-327e-45dd-a4cb-214b69fd2f70.wtlic
C:\Documents and Settings\All Users\Application Data\WildTangent\LicenseStores\WT\CD83F69C-8826-46FA-B955-88970BEFE38E.wtlic
C:\Documents and Settings\All Users\Application Data\WildTangent\LicenseStores\WT\D1822716-86AD-11D9-8BDE-F66BAD1E3F3A.wtlic
C:\Documents and Settings\All Users\Application Data\WildTangent\LicenseStores\WT\D1FBFB02-8F56-11D9-8BDE-F66BAD1E3F3A.wtlic
C:\Documents and Settings\All Users\Application Data\WildTangent\LicenseStores\WT\F3B5F74E-D848-11D9-8BDE-F66BAD1E3F3A.wtlic
C:\Documents and Settings\All Users\Application Data\WildTangent\LicenseStores\WT\WT.sto
C:\Documents and Settings\All Users\Application Data\WildTangent\Lumines\lumisave.dat
C:\Documents and Settings\All Users\Application Data\WildTangent\luxor\config.ini
C:\Documents and Settings\All Users\Application Data\WildTangent\luxor2\config.ini
C:\Documents and Settings\All Users\Application Data\WildTangent\mahjongadventures\config.ini
C:\Documents and Settings\All Users\Application Data\WildTangent\mahjonggartifacts\config.ini
C:\Documents and Settings\All Users\Application Data\WildTangent\mahjongjourney\config.ini
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\de\LocalConfigMerge.xml
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\de\ProductManifest.xml
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\de\UserConfig.xml
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\de\Installers\installers.txt
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\de\Updates\updates.txt
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en-us\Installers\installers.txt
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en-us\Updates\updates.txt
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Installers\installers.txt
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Installers\SetupGamesClient.exe
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Installers\SetupGamesClient.exe_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Installers\slurp-setup.exe
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Installers\slurp-setup.exe_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\adventurequest.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\adventurequest.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\alchemydeluxe.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\alchemydeluxe.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\ancientmosaic.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\ancientmosaic.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\apprentice.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\apprentice.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\arcticquest2.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\arcticquest2.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\asianata.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\asianata.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\atlantisadventure.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\atlantisadventure.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\atlantisquest.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\atlantisquest.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\avalanche.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\avalanche.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\ballistik.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\ballistik.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\balloonblast.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\balloonblast.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\bangonblitz.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\bangonblitz.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\barnyardinvasion.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\barnyardinvasion.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\beezzle.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\beezzle.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\bigkahunareef.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\bigkahunareef.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\bigkahunareef2.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\bigkahunareef2.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\bistrostars.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\bistrostars.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\blasterball2remix.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\blasterball2remix.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\blasterball3.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\blasterball3.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\block10150.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\block10150.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\block10153.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\block10153.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\block10154.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\block10154.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\block10155.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\block10155.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\block10156.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\block10156.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\block10157.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\block10157.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\block10158.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\block10158.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\block10159.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\block10159.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\block10160.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\block10160.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\block10161.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\block10161.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\block10162.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\block10162.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\block10163.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\block10163.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\block10164.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\block10164.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\block10165.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\block10165.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\block10166.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\block10166.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\block10167.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\block10167.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\block10168.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\block10168.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\brickshooteregypt.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\brickshooteregypt.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\bricksofcamelot.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\bricksofcamelot.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\bricksofegypt.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\bricksofegypt.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\bubbles.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\bubbles.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\buildalot.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\buildalot.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\cafemahjongg.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\cafemahjongg.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\chainz2.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\chainz2.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\chameleongems.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\chameleongems.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\charmtale.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\charmtale.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\chickeninvaders3.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\chickeninvaders3.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\chrome2.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\chrome2.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\coffeetycoon.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\coffeetycoon.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\constellations.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\constellations.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\cricklervocabulary.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\cricklervocabulary.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\crystalix.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\crystalix.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\crystalpath.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\crystalpath.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\diegosafari.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\diegosafari.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\digbysdonuts.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\digbysdonuts.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\dinerdash.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\dinerdash.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\dinerdash2.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\dinerdash2.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\dna.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\dna.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\dominomaster.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\dominomaster.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\dreamchronicles.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\dreamchronicles.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\faceit.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\faceit.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\fairytreasure.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\fairytreasure.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\familyfeud.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\familyfeud.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\familyfeud2.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\familyfeud2.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\fate.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\fate.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\feedingfrenzy2.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\feedingfrenzy2.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\fishtycoon.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\fishtycoon.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\frescowizard.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\frescowizard.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\fruitlockers.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\fruitlockers.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\gemshop.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\gemshop.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\gemsweeper.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\gemsweeper.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\hiddenrelics.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\hiddenrelics.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\holidayexpress.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\holidayexpress.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\htdocs-img2.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\htdocs-img2.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\htdocs2.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\htdocs2.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\igglepopdeluxe.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\igglepopdeluxe.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\incaquest.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\incaquest.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\ingenious.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\ingenious.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\islandwars2.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\islandwars2.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\jewelmatch.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\jewelmatch.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\jewelofatlantis.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\jewelofatlantis.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\jewelquest2.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\jewelquest2.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\jewelquestsolitaire.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\jewelquestsolitaire.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\jewelquestsolitaire2.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\jewelquestsolitaire2.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\jewelsofcleopatra.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\jewelsofcleopatra.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\jewelthief.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\jewelthief.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\jurassicrealm.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\jurassicrealm.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\legoexoforcedeepjungle.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\legoexoforcedeepjungle.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\lumines.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\lumines.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\luxor.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\luxor.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\luxor2.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\luxor2.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\luxor3.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\luxor3.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\luxoramunrising.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\luxoramunrising.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\luxormahjong.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\luxormahjong.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\magicacademy.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\magicacademy.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\magicgem.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\magicgem.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\mahjongadventures.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\mahjongadventures.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\mahjonggartifacts.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\mahjonggartifacts.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\mahjongjourney.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\mahjongjourney.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\mahjongquest.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\mahjongquest.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\memoryloops.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\memoryloops.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\mosaictombofmystery.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\mosaictombofmystery.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\oceanexpress.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\oceanexpress.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\OnlineCheck.xml
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\pantheon.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\pantheon.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\peggle.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\peggle.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\piratepoppers.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\piratepoppers.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\ProductManifest.xml
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\ProductManifest.xml.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\ProductManifest.xml.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\puppyluv.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\puppyluv.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\puzzleblast.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\puzzleblast.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\puzzlemyth.tgz
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\puzzlemyth.tgz_filedata
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\en\Updates\rainbowmyst
  • 0

Advertisements

#11
heyage13
Posted 17 August 2008 - 05:37 PM

heyage13

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\roboball\title.jpg
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\rockrolljeopardy\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\rockrolljeopardy\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\rockrolljeopardy\ss_01_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\rockrolljeopardy\ss_02_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\rockrolljeopardy\ss_03_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\rockrolljeopardy\title.jpg
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\rollerrush\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\rollerrush\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\runescape\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\runescape\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\runic\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\runic\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\runngun\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\runngun\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sandscript\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sandscript\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sandscript\ss_01_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sandscript\ss_02_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sandscript\ss_03_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sandscript\title.jpg
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\scrabble\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\scrabble\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\scrabbleblast\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\scrabbleblast\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\scrabblerackattack\GameInfo.html
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\scrabblerackattack\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\scrabblerackattack\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\scrabblerackattack\ss_01_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\scrabblerackattack\ss_02_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\scrabblerackattack\ss_03_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\scrabblerackattack\title.jpg
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\scubainaruba\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\scubainaruba\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\seabounty\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\seabounty\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\seabounty\ss_01_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\seabounty\ss_02_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\seabounty\ss_03_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\seabounty\title.jpg
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\seafight\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\seafight\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sealife\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sealife\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\secretofmargravemanor\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\secretofmargravemanor\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\secretsoftheseas\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\secretsoftheseas\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\secretsoftheseas\ss_01_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\secretsoftheseas\ss_02_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\secretsoftheseas\ss_03_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\secretsoftheseas\title.jpg
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\serpengo\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\serpengo\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\serpengo\ss_01_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\serpengo\ss_02_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\serpengo\ss_03_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\serpengo\title.jpg
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sevenwonders\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sevenwonders\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sevenwonders\ss_01_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sevenwonders\ss_02_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sevenwonders\ss_03_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sevenwonders\title.jpg
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sevenwonders2\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sevenwonders2\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sevenwonders2\ss_01_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sevenwonders2\ss_02_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sevenwonders2\ss_03_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sevenwonders2\title.jpg
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\shangrila\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\shangrila\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\shapesolitaire\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\shapesolitaire\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\shapesolitaire\ss_01_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\shapesolitaire\ss_02_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\shapesolitaire\ss_03_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\shapesolitaire\title.jpg
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\shootingstarspool\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\shootingstarspool\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\shopmania\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\shopmania\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\siberianstrike\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\siberianstrike\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\slingodeluxe\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\slingodeluxe\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\slingodeluxe\ss_01_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\slingodeluxe\ss_02_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\slingodeluxe\ss_03_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\slingodeluxe\title.jpg
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\slingoquest\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\slingoquest\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\slingoquest\ss_01_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\slingoquest\ss_02_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\slingoquest\ss_03_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\slingoquest\title.jpg
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\slingoquesthawaii\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\slingoquesthawaii\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\slurp\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\slurp\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\slurp\ss_01_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\slurp\ss_02_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\slurp\ss_03_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\slurp\title.jpg
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\slyderadventures\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\slyderadventures\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\slyderadventures\ss_01_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\slyderadventures\ss_02_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\slyderadventures\ss_03_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\slyderadventures\title.jpg
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\slyderdrm3\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\slyderdrm3\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\snailmail\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\snailmail\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\snapshotadventures\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\snapshotadventures\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\snapshotadventures\ss_01_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\snapshotadventures\ss_02_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\snapshotadventures\ss_03_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\snapshotadventures\title.jpg
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\snowboardsuperjam\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\snowboardsuperjam\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\snowyfishfrenzy\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\snowyfishfrenzy\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\snowylunchrush\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\snowylunchrush\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\snowypuzzleislands\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\snowypuzzleislands\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\snowypuzzleislands\ss_01_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\snowypuzzleislands\ss_02_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\snowypuzzleislands\ss_03_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\snowypuzzleislands\title.jpg
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\snowyspacetrip\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\snowyspacetrip\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\snowythebearsadventure\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\snowythebearsadventure\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\snowytreasurehunter\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\snowytreasurehunter\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\snowytreasurehunter2\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\snowytreasurehunter2\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\solitairecruise\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\solitairecruise\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\solitairepop\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\solitairepop\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spacebound\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spacebound\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spacebound\ss_01_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spacebound\ss_02_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spacebound\ss_03_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spacebound\title.jpg
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spacechimpsham\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spacechimpsham\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spacechimpsluna\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spacechimpsluna\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spacechimpstitan\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spacechimpstitan\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spacestrike\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spacestrike\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spellagories\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spellagories\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spelvin\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spelvin\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spiderman3battlewithin\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spiderman3battlewithin\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spiderman3memory\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spiderman3memory\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spiderman3puzzle\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spiderman3puzzle\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spiderman3ultimatechallenge\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spiderman3ultimatechallenge\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spinandwin\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spinandwin\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spongebobatlantissquareoff\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spongebobatlantissquareoff\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spongebobdinerdash\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spongebobdinerdash\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spongebobdinerdash2\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spongebobdinerdash2\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spongebobobstacleodyssey2\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spongebobobstacleodyssey2\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sportballchallenge\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sportballchallenge\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sprill\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sprill\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sprill2\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sprill2\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sproink\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sproink\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spydesolitaire\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spydesolitaire\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spydesolitaire\ss_01_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spydesolitaire\ss_02_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spydesolitaire\ss_03_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\spydesolitaire\title.jpg
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\standofood\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\standofood\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\starcrossed\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\starcrossed\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\starcrossed\ss_01_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\starcrossed\ss_02_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\starcrossed\ss_03_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\starcrossed\title.jpg
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\stardefender2\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\stardefender2\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\stardefender4\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\stardefender4\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\stepbrothers\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\stepbrothers\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\stoneloopsofjurassica\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\stoneloopsofjurassica\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\strikeball2\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\strikeball2\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\stx\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\stx\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\subwayscramble\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\subwayscramble\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sudokuquest\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sudokuquest\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sudokuquest\ss_01_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sudokuquest\ss_02_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sudokuquest\ss_03_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sudokuquest\title.jpg
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\supercow\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\supercow\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\supergranny\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\supergranny\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\supergranny3\GameInfo.html
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\supergranny3\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\supergranny3\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\supergranny3\ss_01_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\supergranny3\ss_02_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\supergranny3\ss_03_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\supergranny3\title.jpg
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\supergranny4\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\supergranny4\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\supermarketmania\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\supermarketmania\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\superslyder\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\superslyder\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\superslyder\ss_01_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\superslyder\ss_02_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\superslyder\ss_03_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\superslyder\title.jpg
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\surfsupcodymaverick\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\surfsupcodymaverick\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\surfsupdesignsurfboard\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\surfsupdesignsurfboard\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\surfsupfreshcatch\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\surfsupfreshcatch\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\surfsuplavatube\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\surfsuplavatube\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sveerz\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sveerz\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\swarm\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\swarm\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sweetopia\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sweetopia\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sweetopia\ss_01_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sweetopia\ss_02_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sweetopia\ss_03_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\sweetopia\title.jpg
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\tanglebee\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\tanglebee\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\tanglebee\ss_01_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\tanglebee\ss_02_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\tanglebee\ss_03_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\tanglebee\title.jpg
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\tankobox\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\tankobox\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\tastyplanet\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\tastyplanet\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\teddyfactory\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\teddyfactory\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\templeofjewels\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\templeofjewels\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\templeofjewels\ss_01_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\templeofjewels\ss_02_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\templeofjewels\ss_03_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\templeofjewels\title.jpg
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\tennistitans\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\tennistitans\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\tentalismans\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\tentalismans\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\tentalismans\ss_01_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\tentalismans\ss_02_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\tentalismans\ss_03_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\tentalismans\title.jpg
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\theancientquestofsaqqarah\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\theancientquestofsaqqarah\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\theclumsys\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\theclumsys\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\thedavincicode\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\thedavincicode\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\theemperorsmahjong\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\theemperorsmahjong\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\theemperorsmahjong\ss_01_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\theemperorsmahjong\ss_02_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\theemperorsmahjong\ss_03_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\theemperorsmahjong\title.jpg
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\theoffice\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\theoffice\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\thepriceisright\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\thepriceisright\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\theriseofatlantis\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\theriseofatlantis\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\theriseofatlantis\ss_01_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\theriseofatlantis\ss_02_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\theriseofatlantis\ss_03_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\theriseofatlantis\title.jpg
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\thescruffs\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\thescruffs\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\theseus\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\theseus\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\threedultraminigolf\GameInfo.html
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\threedultraminigolf\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\threedultraminigolf\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\threedultraminigolf\ss_01_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\threedultraminigolf\ss_02_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\threedultraminigolf\ss_03_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\threedultraminigolf\title.jpg
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\ticatacroyale\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\ticatacroyale\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\tikiboomboom\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\tikiboomboom\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\tikiboomboom\ss_01_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\tikiboomboom\ss_02_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\tikiboomboom\ss_03_thumb.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\tikiboomboom\title.jpg
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\timebreaker\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\timebreaker\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\tinosfruitstand\mini_30.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\tinosfruitstand\mini_50.gif
C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs
  • 0

#12
heyage13
Posted 17 August 2008 - 05:38 PM

heyage13

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
Also, the link for DSS on the geekstogo.com website is down, so I was not able to download it and run a log. Sorry
  • 0

#13
SpySentinel
Posted 18 August 2008 - 04:25 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts

Also, the link for DSS on the geekstogo.com website is down, so I was not able to download it and run a log. Sorry


Its ok. DSS has been pulled do to complications. Thanks for the CF log. I know its big, however I need to see the whole thing. Please attach the whole ComboFix Log in your next reply.
  • 0

#14
heyage13
Posted 18 August 2008 - 05:21 PM

heyage13

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
ComboFix 08-08-16.01 - Some Other Campagna 2008-08-18 19:01:37.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.458 [GMT -4:00]
Running from: C:\Documents and Settings\Some Other Campagna\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\Tcj18.sys

.
((((((((((((((((((((((((( Files Created from 2008-07-18 to 2008-08-18 )))))))))))))))))))))))))))))))
.

2008-08-17 19:30 . 2008-08-18 18:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ZILLAbar
2008-08-14 23:43 . 2008-08-14 23:43 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-08-13 19:19 . 2008-08-13 19:19 <DIR> d-------- C:\_OTMoveIt
2008-08-13 13:04 . 2008-08-17 12:28 <DIR> d-------- C:\Program Files\STOPzilla!
2008-08-13 13:04 . 2008-08-13 13:04 <DIR> d-------- C:\Documents and Settings\Some Other Campagna\Application Data\STOPzilla!
2008-08-12 19:17 . 2008-08-12 19:17 <DIR> d-------- C:\Deckard
2008-08-12 17:49 . 2008-08-12 17:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-12 14:14 . 2008-08-12 14:14 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-12 14:14 . 2008-08-12 14:14 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-08-12 14:14 . 2008-08-12 14:14 <DIR> d-------- C:\Documents and Settings\Some Other Campagna\Application Data\Malwarebytes
2008-08-12 14:14 . 2008-08-12 14:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-12 14:14 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-12 14:14 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-12 14:03 . 2008-08-14 22:44 <DIR> d-------- C:\Documents and Settings\Some Other Campagna\Application Data\U3
2008-08-12 11:51 . 2008-08-12 14:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-08-12 11:50 . 2008-08-12 11:50 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-08-12 11:50 . 2008-08-18 19:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-08-11 16:39 . 2008-08-11 16:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-11 16:39 . 2008-08-11 16:39 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-15 03:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-13 23:16 --------- d-----w C:\Program Files\HP Games
2008-08-12 18:10 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-08-05 02:02 --------- d-----w C:\Documents and Settings\Some Other Campagna\Application Data\PlayFirst
2008-07-22 19:03 --------- d-----w C:\Documents and Settings\Some Other Campagna\Application Data\iWin
2008-06-28 03:01 --------- d-----w C:\Documents and Settings\Some Other Campagna\Application Data\PTV Game
2008-06-28 02:41 --------- d-----w C:\Documents and Settings\Some Other Campagna\Application Data\gemsweeperextractedgfx
2008-06-28 02:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\My Games
2008-06-20 10:45 360,320 ------w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ------w C:\WINDOWS\system32\drivers\tcpip6.sys
2007-02-15 19:07 0 ----a-w C:\Documents and Settings\Some Other Campagna\Application Data\wklnhst.dat
2006-12-29 03:30 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-02-01 01:21 251 ----a-w C:\Program Files\wt3d.ini
.

((((((((((((((((((((((((((((( snapshot@2008-08-17_13.13.19.98 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:39 1289000]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-02 19:16 118784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 17:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 18:34 249856]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-24 15:15 7311360]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-25 22:57 180269]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45 257088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Some Other Campagna^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Some Other Campagna\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--------- 2004-08-09 17:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-08-29 11:09 171464 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
--a------ 2006-03-20 05:05 90112 c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2007-07-19 08:02 2887680 C:\Program Files\Electronic Arts\EA Link\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-29 17:01 67584 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-12-15 14:18 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
--a------ 2005-06-01 19:35 49152 c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-05-26 12:45 257088 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-01-24 15:15 7311360 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2005-07-22 18:14 237568 C:\WINDOWS\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2004-12-13 22:23 663552 C:\WINDOWS\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YeppStudioAgent]
--a------ 2005-08-30 18:21 40960 C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
--a------ 2005-08-02 19:19 77312 C:\WINDOWS\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-01-24 15:15 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-03-08 00:54 16010240 C:\WINDOWS\RTHDCPL.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\HP Games\\Wheel of Fortune\\Wheel of Fortune.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\HP Games\\Rock & Roll JEOPARDY\\Rock & Roll JEOPARDY!.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2007-04-23 04:12]
S3 GameConsoleService;GameConsoleService;C:\Program Files\WildTangent\Apps\HP Game Console\GameConsoleService.exe [2008-05-05 18:25]
S3 vpnva;Cisco AnyConnect VPN Virtual Miniport Adapter for Windows;C:\WINDOWS\system32\DRIVERS\vpnva.sys [2007-04-23 04:09]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R0 -: HKCU-Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PAVILION&pf=desktop
R0 -: HKLM-Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PAVILION&pf=desktop
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O8 -: &Google Search - C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 -: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 -: Backward &Links - C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 -: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 -: Cac&hed Snapshot of Page - C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 -: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 -: Si&milar Pages - C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 -: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 -: Translate into English - C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O8 -: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O17 -: HKLM\CCS\Interface\{2D737D70-8235-429C-A5E5-446659C1D9A5}: NameServer = 4.2.2.2,4.2.2.3
O18 -: Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll

O16 -: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://algvpn.algonquincollege.com/CACHE/stc/2/binaries/vpnweb.cab
C:\WINDOWS\Downloaded Program Files\vpnweb.inf
C:\WINDOWS\system32\vpnweb.ocx


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 19:10:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\hp\KBD\kbd.exe
.
**************************************************************************
.
Completion time: 2008-08-18 19:19:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-18 23:19:36
ComboFix2.txt 2008-08-17 23:30:15
ComboFix3.txt 2008-08-17 17:13:39

Pre-Run: 208,448,204,800 bytes free
Post-Run: 208,472,682,496 bytes free

212 --- E O F --- 2008-08-15 03:44:19
  • 0

#15
SpySentinel
Posted 19 August 2008 - 04:40 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP