Author Topic: Stupid Effin File Won't goooo awayyyyy (Read 12555 times)

huskeyb8 · « **on:** June 12, 2009, 01:32:15 PM »

I have an MP3 file that I cannot get rid of ... tried deleting the whole file, everything else in the file went but this ONE EFFIN FILE and it just hangs. When I right click on the EFFIN file, no "properties" option shows...nor does cut,copy,rename,delete etc etc. I have tried dragging to recycle bin and it won't budge. I have tried unlocker...tried booting in safe mode..nada.

How can I get rid of this EFFIN file, pleaseeeeeeeeeeeeee helppppppp meeeeeeeee before I go batty !!!

Thank you and have a great day.

kpac · « **Reply #1 on:** June 12, 2009, 01:36:25 PM »

What size is the file?
What OS is this?

huskeyb8 · « **Reply #2 on:** June 12, 2009, 01:42:42 PM »

Sorry ..was so pissed, I forgot the details.

Windows XP SP2

It's 4.91 MB ... MP3 audio file .... scanned it with malware bytes ... not a virus, but has a very long file name.

It won't open, play, delete, drag, MOVE or anything. It just sits there annoying me.

huskeyb8 · « **Reply #3 on:** June 12, 2009, 01:46:02 PM »

I should also say that there were 5 other files in THIS file which all deleted successfuly.

But not this one effin bugger.

kpac · « **Reply #4 on:** June 12, 2009, 01:52:26 PM »

Are you finished saying "effin"? I'm not insulted, but it does insult some people.

Can you give us the name of the file?

Go here: http://virscan.org/ and upload the file. It'll scan it will multiple virus scanners and give you the results. Post the link to the results.

huskeyb8 · « **Reply #5 on:** June 12, 2009, 01:56:45 PM »

Sorry.

I tried to scan it , but get an error message that says the file name is invalid.

kpac · « **Reply #6 on:** June 12, 2009, 02:01:05 PM »

Click here to download HijackThis.

Save HJTsetup.exe to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in Notepad.
Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or required by the system.

huskeyb8 · « **Reply #7 on:** June 12, 2009, 02:08:10 PM »

That was quick...here you go....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:03:48 PM, on 6/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MediaMonkey\MediaMonkey.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\MediaMonkey\MediaMonkey.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O1 - Hosts: 94.232.248.66 spydetect.microsoft.com
O1 - Hosts: 94.232.248.66 antivirwin2009.com
O1 - Hosts: 94.232.248.66 ww w.antivirwin2009.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--334900018.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--334900018.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Note this (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--334900018.dll/gn_menu1.html
O8 - Extra context menu item: Note this item (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--334900018.dll/gn_menu2.html
O15 - Trusted Zone: http://*.croz.fm
O15 - Trusted Zone: http://www.shockwave.com
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - http://mn102.coolsavings.com/download/cscmv5X.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150282422140
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} - http://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://www.taxsimple.org/tsweb/msrdp.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor2/sis/mjolauncher.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - http://a14.g.akamai.net/f/14/7141/1d/www.nielsennetpanel.com/netmeter4_6/NetMeter_preinstaller_activex_en_4.70.10.0_MEGAPANEL_USA.cab
O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) - http://www.shockwave.com/content/bigcityadventuresf/sis/JBGamePlayer.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O18 - Filter hijack: text/html - {68265408-a6fc-4c72-8959-bdcf740e67ff} - (no file)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Update Service (gupdate1c9860aacb3d492) (gupdate1c9860aacb3d492) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9348 bytes

kpac · « **Reply #8 on:** June 12, 2009, 02:19:09 PM »

Please re-open HijackThis and scan. Check the boxes next to all the entries listed below if found.

O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - http://mn102.coolsavings.com/download/cscmv5X.cab
O1 - Hosts: 94.232.248.66 spydetect.microsoft.com
O1 - Hosts: 94.232.248.66 antivirwin2009.com
O1 - Hosts: 94.232.248.66 www.antivirwin2009.com
O18 - Filter hijack: text/html - {68265408-a6fc-4c72-8959-bdcf740e67ff} - (no file)

Now close all windows other than HijackThis, then click Fix Checked. Close HijackThis.

Can you post the name of the file in question?

huskeyb8 · « **Reply #9 on:** June 12, 2009, 02:36:50 PM »

Ok ..done with hijack this. Files fixed.

The file in question (I'd copy and paste but it won't let me) and it's quite long, so here goes:

07-the_blind_boys_of_alabama-down_by_the_riverside_(with_the_preservation_hall_jazz_band_an d_allen_toussaint)

And like I said it's 4.91 MB. No matter what I do, I get "invalid file name" errors.

I have a screen shot of what I see when I right click if you need that?

hot dog · « **Reply #10 on:** June 12, 2009, 02:37:39 PM »

Quote from: kpac on June 12, 2009, 01:52:26 PM

Are you finished saying "effin"? I'm not insulted, but it does insult some people.

I myself found it quite amusing reading his initial post

huskeyb8 · « **Reply #11 on:** June 12, 2009, 02:39:13 PM »

I apologize to all who didn't. I just wasn't thinking. Wasn't meant to be amusing...was just expressing my frustration as best I could with written words since ya'll couldn't hear me ranting and stomping around.

kpac · « **Reply #12 on:** June 12, 2009, 02:40:53 PM »

Quote from: huskeyb8 on June 12, 2009, 02:36:50 PM

I have a screen shot of what I see when I right click if you need that?

Yes, please.

Can you rename the file? Never mind, just saw that you can't.

huskeyb8 · « **Reply #13 on:** June 12, 2009, 02:44:31 PM »

Ok, but just a wee problem...how do I insert the screen shot in a reply here?

(Banging head on desk cuz I hate looking so unedukated)

kpac · « **Reply #14 on:** June 12, 2009, 02:45:23 PM »

Don't worry about it.

How to post screenshots or images

huskeyb8 · « **Reply #15 on:** June 12, 2009, 03:04:42 PM »

Thanks! Wow I am learning some cool stuff here...again...Thanks.

Hope this works.
(fingers crossed)

huskeyb8 · « **Reply #16 on:** June 12, 2009, 03:08:22 PM »

Ok..I followed all directions for putting the image link in between the img tags...but all I see in my reply is a box with a white square and red X in it. Please tell me you can see the hosted image?

evilfantasy · « **Reply #17 on:** June 12, 2009, 03:15:03 PM »

Quote from: kpac on June 12, 2009, 02:19:09 PM

O1 - Hosts: 94.232.248.66 spydetect.microsoft.com
O1 - Hosts: 94.232.248.66 antivirwin2009.com
O1 - Hosts: 94.232.248.66 ww w.antivirwin2009.com
O18 - Filter hijack: text/html - {68265408-a6fc-4c72-8959-bdcf740e67ff} - (no file)

That's a sign that there is more malware to be taken care of.

Quote

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

Uninstall Boonty Games or Boonty from Add/Remove Programs.

----------

Download Unlocker by Cedrick Collomb

Be sure to uncheck the option to install the eBay shortcuts during the install.

Open the installation file, select the installation language and click OK.
An installation wizard will pop up, click Next.
Choose the default destination folder C:\Programs Files\Unlocker and click Next.
Click Install directly. (Don't change anything)
After the installation completes, go back to the file/folder you want to delete.
Right-click on the file/folder and select Unlocker.
There should be a window opening, select Unlock all.
Now you should be able to delete your file.

.
----------

If you already have Malwarebytes be sure to update it before running the scan!

Download Malwarebytes' Anti-Malware (MBAM)

Alternate MBAM download link

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and Paste the entire report in your next reply.

.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

huskeyb8 · « **Reply #18 on:** June 12, 2009, 03:17:43 PM »

I have Unlock and MBAM already installed. Checked in "add/remove programs" and boonty doesn't show up there.

Rob Pomeroy · « **Reply #19 on:** June 12, 2009, 03:18:10 PM »

Did we try renaming the file yet? I know it was suggested...

huskeyb8 · « **Reply #20 on:** June 12, 2009, 03:20:06 PM »

Sorry, it won't let me do anything att all...no rename, no delete, can't even drag it kivking and screaming into recycle bin.

I have never seen this before and I thought I was intelligent.

kpac · « **Reply #21 on:** June 12, 2009, 03:20:49 PM »

Evil, I'll leave it in your more than capable hands.

huskeyb8 · « **Reply #22 on:** June 12, 2009, 03:22:51 PM »

Thanks for your help so far Kpac...Evil? will ya help me please?

evilfantasy · « **Reply #23 on:** June 12, 2009, 03:23:09 PM »

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

Important: Close all windows except for HijackThis and then click Fix checked. Do not restart if prompted to by HijackThis.

Exit HijackThis.

----------

Go to Start > Run and type Notepad.exe then click OK.

Copy and paste the following text within the code box into the new Notepad file.

Code: [Select]

@ECHO OFF
sc stop "Boonty Games - BOONTY"
sc delete "Boonty Games - BOONTY"
sc stop "Boonty Games"
sc delete "Boonty Games"
exit

In Notepad select File and Save as
Choose the Save to location to be the Desktop and for the File name: type in fixme.bat making sure that the Save as type field says All files.

Next double click fixservice.bat to run it.
A black box should open and close after a short time, this is normal.
Do not continue until the black box has closed
Delete fixservice.bat from the Desktop.

----------

The file may be part of the malware. Lets do some cleanup first and then come back to it.

Update and run Malwarebytes, remove anything found. Post the log it creates please.

evilfantasy · « **Reply #24 on:** June 12, 2009, 03:25:39 PM »

Also when you post back let me know the entire file path of the file.

07-the_blind_boys_of_alabama-down_by_the_riverside_(with_the_preservation_hall_jazz_band_an d_allen_toussaint)

It should start with something like C:\ and end with the file extension. .mp3 or whatever it is.

huskeyb8 · « **Reply #25 on:** June 12, 2009, 03:29:55 PM »

alrighty..be back in a few..and thanks.

huskeyb8 · « **Reply #26 on:** June 12, 2009, 03:42:39 PM »

Here is the mbam post...nothing found or quarantined...

Malwarebytes' Anti-Malware 1.37
Database version: 2261
Windows 5.1.2600 Service Pack 2

6/12/2009 5:37:34 PM
mbam-log-2009-06-12 (17-37-34).txt

Scan type: Quick Scan
Objects scanned: 90695
Time elapsed: 5 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

huskeyb8 · « **Reply #27 on:** June 12, 2009, 03:48:13 PM »

Quote from: evilfantasy on June 12, 2009, 03:25:39 PM

Also when you post back let me know the entire file path of the file.

07-the_blind_boys_of_alabama-down_by_the_riverside_(with_the_preservation_hall_jazz_band_an d_allen_toussaint)

It should start with something like C:\ and end with the file extension. .mp3 or whatever it is.

Ok...I know what it SHOULD show...but fact is...it doesn't show either of those things. When I hold the pointer over the file name, a yellow box shows that says "Type:MP3 Audio File, Size:4.91MB" and that's all. And even more curious, when I hold the pointer over the main file the stubborn one is in, it says "File Empty" as if nothing is there at all.

huskeyb8 · « **Reply #28 on:** June 12, 2009, 03:50:55 PM »

Quote from: blockHEAD on June 12, 2009, 02:37:39 PM

I myself found it quite amusing reading his initial post

Thanks Blockhead...I was just upset is all. Oh, and "he" is a she. LOL. Very unladylike of me..so again, I apologize to any that I DID offend.

evilfantasy · « **Reply #29 on:** June 12, 2009, 03:53:03 PM »

Enable viewing of hidden system files & folders XP

Go to My Computer->Tools->Folder Options->View tab:

Under the Hidden files and folders heading:
Select Show hidden files and folders.
Uncheck Hide protected operating system files (recommended) option.
Also, make sure there is no checkmark beside Hide file extensions for known file types.
Click OK

----------

Now see if you can see the whole file path.

huskeyb8 · « **Reply #30 on:** June 12, 2009, 03:55:43 PM »

Sweeeet... it says it's an mp3 file. Thanks.

evilfantasy · « **Reply #31 on:** June 12, 2009, 03:58:48 PM »

OK, right click the file and choose Properties.

Next to Location, give me that file path please.

huskeyb8 · « **Reply #32 on:** June 12, 2009, 04:05:10 PM »

But that's just it .. when I right click..."properties" doesn't even show as an option. Neither does rename, delete, cut, copy ...nothing. What I see are these choices:

Play in MediaMonkey
Play Next in MediaMonkey
Play Last in MediaMonkey
JustZipit - Create a Zip File
JustZipIt - then Email
Open
Add to Windows Media Player List
Play with Windows Media Player
Open with...
------------------------
Send To

And those are the only choices I get. I have never seen anything like this before. Weird.

I have tried every option I was given and all that happens is my computer hangs and I have to shut it down to stop it.

Sigh.

When I screw up - I don't do it halfway. LOL.

evilfantasy · « **Reply #33 on:** June 12, 2009, 04:07:31 PM »

OK the folder that the mp3 file is in. Copy the location from the address bar. Should be something like C:\Documents and Settings\?? ?? ? ?? ?? ?

evilfantasy · « **Reply #34 on:** June 12, 2009, 04:12:06 PM »

Also how many mp3 files do you have? If there are not many then we can try another method.

huskeyb8 · « **Reply #35 on:** June 12, 2009, 04:14:50 PM »

C:\Documents and Settings\Compaq_Owner\Desktop

and it says it's a file folder of zero size.

And this is the only one. Was sent to me in an email from a church member. Funny eh?

evilfantasy · « **Reply #36 on:** June 12, 2009, 04:17:42 PM »

Good enough.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

Folder::
C:\Program Files\Common Files\BOONTY Shared

File::
C:\Documents and Settings\Compaq_Owner\Desktop\07-the_blind_boys_of_alabama-down_by_the_riverside_(with_the_preservation_hall_jazz_band_an d_allen_toussaint).mp3

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

huskeyb8 · « **Reply #37 on:** June 12, 2009, 04:48:00 PM »

ComboFix 09-06-12.02 - Compaq_Owner 06/12/2009 18:22.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.198 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090612-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\documents and settings\Compaq_Owner\Desktop\07-the_blind_boys_of_alabama-down_by_the_riverside_(with_the_preservation_hall_jazz_band_an d_allen_toussaint).mp3"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\BOONTY Shared
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72
c:\windows\system32\TDSSrpyh.dat
c:\windows\TEMP\gis70684344\2.4.1368.5602\ci.dll
c:\windows\TEMP\gis70684344\2.4.1368.5602\cires.dll
c:\windows\TEMP\gis70684344\2.4.1368.5602\cs\cires.dll.mui
c:\windows\TEMP\gis70684344\2.4.1368.5602\da\cires.dll.mui
c:\windows\TEMP\gis70684344\2.4.1368.5602\de\cires.dll.mui
c:\windows\TEMP\gis70684344\2.4.1368.5602\el\cires.dll.mui
c:\windows\TEMP\gis70684344\2.4.1368.5602\en-gb\cires.dll.mui
c:\windows\TEMP\gis70684344\2.4.1368.5602\en\cires.dll.mui
c:\windows\TEMP\gis70684344\2.4.1368.5602\es\cires.dll.mui
c:\windows\TEMP\gis70684344\2.4.1368.5602\fi\cires.dll.mui
c:\windows\TEMP\gis70684344\2.4.1368.5602\fr\cires.dll.mui
c:\windows\TEMP\gis70684344\2.4.1368.5602\GoogleUpdaterAdminPrefs.exe
c:\windows\TEMP\gis70684344\2.4.1368.5602\GoogleUpdaterInstallMgr.exe
c:\windows\TEMP\gis70684344\2.4.1368.5602\GoogleUpdaterSetup.exe
c:\windows\TEMP\gis70684344\2.4.1368.5602\it\cires.dll.mui
c:\windows\TEMP\gis70684344\2.4.1368.5602\ja\cires.dll.mui
c:\windows\TEMP\gis70684344\2.4.1368.5602\ko\cires.dll.mui
c:\windows\TEMP\gis70684344\2.4.1368.5602\nl\cires.dll.mui
c:\windows\TEMP\gis70684344\2.4.1368.5602\no\cires.dll.mui
c:\windows\TEMP\gis70684344\2.4.1368.5602\npCIDetect13.dll
c:\windows\TEMP\gis70684344\2.4.1368.5602\pl\cires.dll.mui
c:\windows\TEMP\gis70684344\2.4.1368.5602\pt-br\cires.dll.mui
c:\windows\TEMP\gis70684344\2.4.1368.5602\ru\cires.dll.mui
c:\windows\TEMP\gis70684344\2.4.1368.5602\sv\cires.dll.mui
c:\windows\TEMP\gis70684344\2.4.1368.5602\th\cires.dll.mui
c:\windows\TEMP\gis70684344\2.4.1368.5602\tr\cires.dll.mui
c:\windows\TEMP\gis70684344\2.4.1368.5602\zh-cn\cires.dll.mui
c:\windows\TEMP\gis70684344\2.4.1368.5602\zh-tw\cires.dll.mui
c:\windows\TEMP\gis70684344\GoogleUpdater.exe
c:\windows\TEMP\gis70684344\GoogleUpdaterService.exe
c:\program files\Common Files\BOONTY Shared\Service\Boonty.exe
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\cup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\customer_cup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\heart.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\menu_down.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\menu_up.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\plates.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\ticket.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\tray.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_bring_check_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_diner.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_food_ready_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_gain_heart_1.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_pencil_write_2.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_rollover_1.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_seat_people_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\choosedifficulty.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\credits.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\flo_lose.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\flo_win.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\help1.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\help2.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\highscores.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\levelintro.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\levelintro_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\levelover.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\levelover_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\mainmenu.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\popup.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\popup_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\upgradegrid.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\upgradetitle.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\upsell.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\arrowleft_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\arrowleft_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\arrowright_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\arrowright_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\back_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\back_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\backchalk.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\backchalkup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\backtomenu_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\backtomenu_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\cancel.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\cancelup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\career.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\career_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\close.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\closeup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\continue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\continueover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\credits_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\credits_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\download_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\download_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\easy.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\easy_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\endlessshift.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\endlessshift_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\hard.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\hard_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\help.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\help_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\highscores.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\highscores_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\instructions_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\instructions_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\letsplay.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\letsplayover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\medium.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\medium_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\moreinfo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\moreinfoup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\off.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\off_on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\on_on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\pause.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\pauseover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\quit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\quitgame.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\quitgameover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\quitover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\resumegame.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\resumegameover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\submit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\submitup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\tryagain.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\tryagainover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\upgrade_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\upgrade_up.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\viewglobal.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\viewglobalup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\viewhighscore.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\viewhighscoreon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\viewlocal.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\viewlocalup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\comics\webcomic.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\config\career.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\config\customer.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\config\endless.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\config\global.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\config\powerups.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\cook\cook.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\cook\cook.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\cook\stove.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\cursor\arrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\cursor\click.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\cursor\click2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\cursor\grab.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\cursor\open.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\blue\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\blue\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\blue\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\green\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\green\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\green\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\purple\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\purple\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\purple\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\red\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\red\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\red\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\yellow\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\yellow\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\yellow\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\blue\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\blue\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\blue\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\green\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\green\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\green\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\purple\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\purple\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\purple\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\red\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\red\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\red\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\yellow\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\yellow\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\yellow\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\flo\idle.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\flo\idle.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\flo\lower.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\flo\lower.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\flo\upper.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\flo\upper.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\fonts\arial.mvec
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\fonts\komikaaxis.mvec
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\chair.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\chair.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\dirt2top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\dirt4top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\dishcart.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\dishcart.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\drinkstation_off.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\drinkstation_on1.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\drinkstation_on2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\ticketstation.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\ticketstation.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowdown.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowdownon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowleft.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowlefton.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowright.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowrighton.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowupon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\p1icon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\textedit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\title.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_1.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_1_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_1_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_1_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_2.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_2_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_2_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_2_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_2_d.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_3.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_3_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_3_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_3_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_3_d.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\fifth_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\first_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\fourth_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\second_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\playfirst_logo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\background.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\food\food1.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\food\food1.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\food\food2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\food\food2.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\food\food3.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\food\food3.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\frames\upgrade_0001.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\tables\2top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\tables\2top.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\tables\4top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\tables\4top.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\upgrades.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\tableshadow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\choosedifficulty.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\chooseplayer.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\chooserestaurant.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\credits.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\game.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\gothighscore.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\help.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\help2.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\hiscore.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\hiscoreinfo.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\hiscoresubmit.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\levelintro.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\levelover.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\loading.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\mainloop.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\mainmenu.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\ok.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\pause.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\style.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\tutorialintro.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\upgrade.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\upsell.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\webcomic.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\yesno.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\splash\aol_logo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\splash\gamelabsplash.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\strings.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\angersmoke.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\angersmoke.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\chairflags.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\chairflags.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\check.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\checkmark.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\clock.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\closed.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\closingtime.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\coinflip.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\coinflip.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\dollar.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\doodles\coffee.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\doodles\tables.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\doodles\wallpaper.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\expert.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\expertscore.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\foodpoof.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\foodpoof.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\fork_timer.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\goalcompleted.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\heartgrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\heartgrow.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\jar.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\jar.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\level.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\level_career.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\score.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\sound.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\staroff.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\staron.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\tablenumber.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\tablenumberup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\traynumber.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\tutorial_character.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\tutorialarrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\tutorialbox.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgradeanim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgradeanim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\drinks.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\maitred.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\oven.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\select.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\shoes.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\stereo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\table.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72\dinerdash.exe
c:\windows\system32\mpYxEfhk.ini2
c:\windows\system32\wbem\proquota.exe
c:\windows\Tasks\rpuemlyi.job
D:\Autorun.inf
D:\Desktop.ini

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\system volume information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP1513\A0155213.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ZESOFT

((((((((((((((((((((((((( Files Created from 2009-05-12 to 2009-06-12 )))))))))))))))))))))))))))))))
.

2009-06-12 17:56 . 2009-06-12 18:00   --------   d-----w-   c:\program files\Unlocker
2009-06-12 16:53 . 2009-06-12 16:54   --------   d-----w-   c:\program files\completedir
2009-06-08 19:18 . 2009-06-08 19:19   --------   d-----w-   c:\windows\system32\Adobe
2009-06-02 19:35 . 2009-06-02 19:35   --------   d-----w-   c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Sothink
2009-05-29 16:33 . 2009-05-29 16:33   --------   d-----w-   c:\documents and settings\Compaq_Owner\Application Data\StarBurn
2009-05-29 16:32 . 2009-05-29 16:32   721904   ----a-w-   c:\windows\system32\drivers\sptd.sys
2009-05-29 16:32 . 2009-05-29 16:32   --------   d-----w-   c:\program files\Give Away Of The Day
2009-05-28 21:36 . 2009-05-28 21:55   --------   d-----w-   c:\documents and settings\All Users\Application Data\Mandragora
2009-05-28 11:25 . 2009-05-28 11:26   --------   d-----w-   c:\documents and settings\Compaq_Owner\Application Data\Shockwave 3 Days Zoo Mystery
2009-05-25 20:15 . 2009-05-25 20:15   --------   d-----w-   c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Astar Games
2009-05-24 00:50 . 2009-05-24 19:43   --------   d-----w-   c:\program files\Nexus Radio
2009-05-24 00:50 . 2009-05-24 13:09   --------   d-----w-   C:\My Recorded Files
2009-05-23 13:17 . 2009-05-23 13:22   --------   d-----w-   c:\documents and settings\Compaq_Owner\Application Data\Gold Wave Editor Pro
2009-05-23 13:17 . 2009-05-23 13:17   --------   d-----w-   c:\program files\Gold Wave Editor Pro
2009-05-20 14:00 . 2009-05-20 14:00   --------   d-----w-   c:\program files\Corner-A
2009-05-18 01:03 . 2009-05-18 01:03   34062   ----a-w-   c:\documents and settings\Compaq_Owner\Application Data\Move Networks\ie_bin\Uninst.exe
2009-05-18 01:02 . 2009-05-18 01:03   1047072   ----a-w-   c:\documents and settings\Compaq_Owner\Application Data\Move Networks\MoveMediaPlayer_071303000006.exe
2009-05-17 20:12 . 2009-06-12 22:20   --------   d-----w-   c:\documents and settings\Compaq_Owner\Application Data\Free Download Manager
2009-05-17 20:12 . 2009-05-17 20:12   --------   d-----w-   c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2009-05-17 20:12 . 2009-05-17 20:12   --------   d-----w-   c:\program files\Free Download Manager
2009-05-16 13:09 . 2009-05-17 15:15   95744   ----a-w-   c:\documents and settings\All Users\Application Data\SpeedBit\DAP\Updates\Condition.dll
2009-05-16 12:24 . 2009-05-16 12:24   --------   d-----w-   c:\program files\WinX DVD Author 5.5

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-12 18:35 . 2008-01-19 04:08   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2009-06-11 11:43 . 2008-09-17 04:16   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-06-11 11:43 . 2009-01-02 18:19   3371383   ----a-w-   c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-11 01:10 . 2009-03-03 20:05   141   ----a-w-   c:\windows\system32\09wutili.sys
2009-06-02 19:33 . 2009-03-26 23:41   --------   d-----w-   c:\program files\Common Files\SourceTec
2009-06-02 19:33 . 2009-03-26 23:41   --------   d-----w-   c:\program files\SourceTec
2009-05-29 17:48 . 2007-10-06 23:55   --------   d-----w-   c:\program files\Shockwave.com
2009-05-26 17:20 . 2008-09-17 04:17   40160   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 17:19 . 2008-09-17 04:17   19096   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-05-25 19:10 . 2008-12-13 00:04   --------   d-----w-   c:\program files\Free Video Converter
2009-05-23 19:23 . 2007-10-06 23:57   --------   d-----w-   c:\documents and settings\All Users\Application Data\PlayFirst
2009-05-23 19:23 . 2006-01-14 20:58   --------   d-----w-   c:\documents and settings\Compaq_Owner\Application Data\PlayFirst
2009-05-23 19:11 . 2008-11-23 00:32   --------   d-----w-   c:\documents and settings\All Users\Application Data\Fugazo
2009-05-23 14:50 . 2008-07-06 14:48   --------   d-----w-   c:\documents and settings\Compaq_Owner\Application Data\Playrix Entertainment
2009-05-20 14:01 . 2005-05-03 08:46   133944   ----a-w-   c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-18 01:12 . 2007-08-13 04:21   --------   d-----w-   c:\documents and settings\Compaq_Owner\Application Data\Move Networks
2009-05-08 00:17 . 2009-05-08 00:17   83456   ----a-w-   c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
2009-05-07 23:57 . 2009-05-03 13:59   --------   d-----w-   c:\program files\DAP
2009-05-07 23:56 . 2007-10-13 15:16   --------   d-----w-   c:\program files\File Shredder
2009-05-07 23:55 . 2009-05-07 23:55   3530776   ----a-w-   c:\documents and settings\All Users\Application Data\SpeedBit\DAP\Offers\VA23_DAPSO.exe
2009-05-07 23:53 . 2009-05-03 13:59   --------   d-----w-   c:\documents and settings\All Users\Application Data\SpeedBit
2009-05-03 14:11 . 2009-05-03 14:11   --------   d-----w-   c:\documents and settings\Compaq_Owner\Application Data\RobinsonCrusoeSW
2009-05-02 23:42 . 2009-05-02 23:41   --------   d-----w-   c:\documents and settings\Compaq_Owner\Application Data\DVD Flick
2009-05-02 23:41 . 2009-05-02 23:40   --------   d-----w-   c:\program files\DVD Flick
2009-05-02 23:28 . 2009-05-02 23:28   --------   d-----w-   c:\documents and settings\Compaq_Owner\Application Data\ImgBurn
2009-05-02 23:25 . 2009-05-02 23:25   --------   d-----w-   c:\program files\ImgBurn
2009-05-02 04:04 . 2008-12-09 23:51   --------   d-----w-   c:\documents and settings\Compaq_Owner\Application Data\Amazon
2009-05-02 04:04 . 2008-12-09 23:50   --------   d-----w-   c:\program files\Amazon
2009-05-02 03:58 . 2008-09-17 11:31   --------   d-----w-   c:\documents and settings\Compaq_Owner\Application Data\wsInspector
2009-05-01 23:02 . 2009-05-01 23:02   --------   d-----w-   c:\program files\GPLGS
2009-05-01 23:01 . 2009-05-01 23:01   --------   d-----w-   c:\program files\Acro Software
2009-04-26 14:17 . 2009-04-25 19:09   --------   d-----w-   c:\program files\Around the World in 80 Days
2009-04-25 12:21 . 2009-04-25 12:21   --------   d-----w-   c:\program files\Complex
2009-04-23 15:01 . 2009-04-16 20:22   --------   d-----w-   c:\documents and settings\Compaq_Owner\Application Data\Moyea
2009-04-23 13:26 . 2009-04-23 13:26   --------   d-----w-   c:\program files\Wondershare
2009-04-21 13:35 . 2009-04-21 13:35   --------   d-----w-   c:\documents and settings\Compaq_Owner\Application Data\Total Eclipse
2009-04-21 13:07 . 2009-04-21 13:04   --------   d-----w-   c:\program files\Common Files\AVSMedia
2009-04-21 13:07 . 2009-04-21 13:04   --------   d-----w-   c:\program files\AVS4YOU
2009-04-21 13:05 . 2009-04-21 13:05   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVS4YOU
2009-04-21 12:49 . 2005-01-29 11:29   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-04-20 21:03 . 2009-04-20 21:03   --------   d-----w-   c:\documents and settings\All Users\Application Data\cerasus.media
2009-04-20 21:03 . 2008-10-17 11:47   --------   d-----w-   c:\documents and settings\Compaq_Owner\Application Data\cerasus.media
2009-04-18 13:18 . 2009-04-18 13:18   --------   d-----w-   c:\documents and settings\Compaq_Owner\Application Data\Audio Editor Deluxe
2009-04-18 13:16 . 2009-04-18 13:16   --------   d-----w-   c:\program files\Audio Editor Deluxe
2009-04-16 20:21 . 2009-04-16 20:21   --------   d-----w-   c:\program files\Moyea
2009-04-16 13:47 . 2005-05-15 00:01   1634   ----a-w-   c:\documents and settings\Compaq_Owner\Application Data\wklnhst.dat
2009-03-23 14:22 . 2009-03-23 14:22   249856   ----a-w-   c:\documents and settings\All Users\Application Data\PlayFirst\Games\components\pfMultiplayer.dll
2009-03-23 14:21 . 2009-03-23 14:21   458752   ----a-w-   c:\documents and settings\All Users\Application Data\PlayFirst\Games\pfHarness\pfHarness.dll
2005-05-24 16:00 . 2005-05-24 16:00   22   --sha-w-   c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-28 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphcv2aj0e3br
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhcr2aj0e3br

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Plus! Photo Story 2 LE\\PS2Trial.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [1/16/2009 7:20 PM 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/17/2008 6:00 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/17/2008 6:00 AM 20560]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2/16/2008 9:47 AM 46112]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [9/17/2008 12:17 AM 40160]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [11/21/2008 2:51 PM 167808]
S2 gupdate1c9860aacb3d492;Google Update Service (gupdate1c9860aacb3d492);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2009 10:21 AM 133104]
S2 LMIInfo;LogMeIn Kernel Information Provider;

S3 ALSysIO;ALSysIO;\??\c:\docume~1\COMPAQ~1\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\COMPAQ~1\LOCALS~1\Temp\ALSysIO.sys [?]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2/16/2008 4:48 PM 44928]
S4 LMIRfsClientNP;LMIRfsClientNP;

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
podmena REG_MULTI_SZ podmena
.
Contents of the 'Scheduled Tasks' folder

2009-06-12 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 14:21]

2009-06-12 c:\windows\Tasks\User_Feed_Synchronization-{C76BF0FB-E1BD-48AB-A599-432597F3082B}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 16:58]
.
- - - - ORPHANS REMOVED - - - -

Notify-LMIinit - LMIinit.dll

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AOL Toolbar search
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel
IE: Note this (Google Notebook) - c:\program files\Google\Google Notebook\gnotes1.0.2.19--334900018.dll/gn_menu1.html
IE: Note this item (Google Notebook) - c:\program files\Google\Google Notebook\gnotes1.0.2.19--334900018.dll/gn_menu2.html
Trusted Zone: croz.fm
Trusted Zone: google.com\www
Trusted Zone: shockwave.com\www
Trusted Zone: musicmatch.com\online
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} - hxxp://www.shockwave.com/content/bigcityadventuresf/sis/JBGamePlayer.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-12 18:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3333207874-2228513169-926962044-1009\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3712)
c:\program files\MediaMonkey\DeskPlayer.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\CF8165.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-06-12 18:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-12 22:34

Pre-Run: 47,583,428,608 bytes free
Post-Run: 47,646,732,288 bytes free

551 --- E O F --- 2007-07-17 11:57

huskeyb8 · « **Reply #38 on:** June 12, 2009, 04:51:49 PM »

Quote from: evilfantasy on June 12, 2009, 04:17:42 PM

Good enough.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]
KillAll:: Folder:: C:\Program Files\Common Files\BOONTY Shared File:: C:\Documents and Settings\Compaq_Owner\Desktop\07-the_blind_boys_of_alabama-down_by_the_riverside_(with_the_preservation_hall_jazz_band_an d_allen_toussaint).mp3
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

OH MY GOSH..after I posted this log back to you..I went and right clicked on that stubborn old file..and...VOILA! ... now I have properties and delete and rename and everything! Iy's all there now!

Can I try deleting the file now or should I wait??

YOU, Sir, are AWESOME! Thank you!!!!!

huskeyb8 · « **Reply #39 on:** June 12, 2009, 05:08:26 PM »

Sir, I must go for a bit but shall return. Again, thank you.

evilfantasy · « **Reply #40 on:** June 12, 2009, 05:10:06 PM »

Yes you can delete it now.

You had a rootkit which is what your problem was.

Looking at the rest of the log now. Be back soon with more instructions.

evilfantasy · « **Reply #41 on:** June 12, 2009, 06:08:43 PM »

Do you have any idea what these are?

Quote

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphcv2aj0e3br
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhcr2aj0e3br

----------

Download Disable/Remove Windows Messenger to the Desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the Desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the Desktop.

----------

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\podmena]

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

huskeyb8 · « **Reply #42 on:** June 13, 2009, 05:12:29 AM »

Hiya Evil

Had a storm go through last night and lost power til after 10pm. But I'm back now and will take care of the messenger soon as my coffee kicks in. Will report back soon.

I really appreciate what you are doing.

delibrete · « **Reply #43 on:** June 14, 2009, 09:34:50 AM »

you want to get rid of the file?

download unlocker then install it and right click on the file you want to delete, select unlocker and it should unlock the file for you. Giving you the freedom to move/delete/rename that file.

unlocker: http://download.cnet.com/Unlocker/3000-2248_4-10493998.html

evilfantasy · « **Reply #44 on:** June 14, 2009, 10:01:25 AM »

@ delibrete

Try reading the rest of the thread. That has already been tried.

delibrete · « **Reply #45 on:** June 15, 2009, 12:33:10 AM »

Oh sorry I must of missed that part

BC_Programmer · « **Reply #46 on:** June 15, 2009, 12:34:24 AM »

your avatar is very apt. I'll say that much.

Computer Hope Forum

News:

Author Topic: Stupid Effin File Won't goooo awayyyyy (Read 12555 times)

huskeyb8

kpac

huskeyb8

huskeyb8

kpac

huskeyb8

kpac

huskeyb8

kpac

huskeyb8

hot dog

huskeyb8

kpac

huskeyb8

kpac

huskeyb8

huskeyb8

evilfantasy

huskeyb8

Rob Pomeroy

huskeyb8

kpac

huskeyb8

evilfantasy

evilfantasy

huskeyb8

huskeyb8

huskeyb8

huskeyb8

evilfantasy

huskeyb8

evilfantasy

huskeyb8

evilfantasy

evilfantasy

huskeyb8

evilfantasy

huskeyb8

huskeyb8

huskeyb8

evilfantasy

evilfantasy

huskeyb8

delibrete

evilfantasy

delibrete

BC_Programmer