Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Analysis


  • Please log in to reply
2 replies to this topic

#1 hacallison

hacallison

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 18 August 2007 - 01:20 AM

Hey everyone, I'm new, :thumbsup: I was having major issues with popups, office kept trying to install (which it was working fine so I don't think it was really office) and anytime I even attempted to run hijack this it would close immediately, even when I would look it up in google or have a notepad with the title of hijack this, it would close the browser or app, so I ran ad-aware, stinger, spybot, panda something, and other stuff as recommended when starting out, and even spyware doctor that a friend had on CD, finally I was able to get a log from HJT could someone check it and make sure I got everything, thanks very much!

Heidi

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:46 AM, on 8/18/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\taskmgr.exe
C:\WINNT\explorer.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\WINNT\system32\mshta.exe
C:\WINNT\system32\mshta.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis_v2.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
C:\WINNT\System32\WBEM\WinMgmt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1FB63E52-4D6E-48C1-A08F-F630FE50F337} - C:\WINNT\system32\urqrrqo.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {53B5F2B1-94DD-43E5-8187-EB4E31F00701} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINNT\system32\qdymyuqe.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Realplayer LTD] realplaye32.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dgfolklg] rundll32.exe "C:\Program Files\ybsfqdon\uzwdynoj.dll",Init
O4 - HKLM\..\Run: [SC2] C:\Program Files\USoft\usoft32.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINNT\system32\tnrndmtl.dll",forkonce
O4 - HKLM\..\RunServices: [Realplayer LTD] realplaye32.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [cdpust] C:\WINNT\system32\cdpust.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [gf1.0.0.2] C:\WINNT\bitapqbk.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Policies\Explorer\Run: [cdpust] C:\WINNT\system32\cdpust.exe
O4 - HKUS\.DEFAULT\..\Run: [Kaspersky Antivirus] KasperskyAV.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [qomu] C:\PROGRA~1\COMMON~1\qomu\qomum.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Registry Cleaner] C:\PROGRA~1\REGIST~1\REGCLEAN.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YahooMessenger.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash...h2.1.0.0.53.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/systemscan/soesysinfo.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: urqrrqo - C:\WINNT\SYSTEM32\urqrrqo.dll
O22 - SharedTaskScheduler: za - {53B5F2B1-94DD-43E5-8187-EB4E31F00701} - (no file)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

Edited by hacallison, 18 August 2007 - 01:28 AM.


BC AdBot (Login to Remove)

 


m

#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 18 August 2007 - 01:02 PM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum hacallison
My name is Richie and i'll be helping you to fix your problems.

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 hacallison

hacallison
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 23 September 2007 - 02:05 PM

Hi Richie thank again for your help, here is the combofix log and HJT log too. So far the computer is running much better thanks to combofix.

ComboFix 07-09-21.2 - "Administrator" 09/23/2007 1:04:56.1 - FAT32x86
Script execution time was exceeded on script "C:\ComboFix\osid.vbs".
Script execution was terminated.
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\ADMINI~1\APPLIC~1\PPATCH~1
C:\DOCUME~1\ADMINI~1\APPLIC~1\PPATCH~1\??pPatch\
C:\WINNT\Casino.ico
C:\WINNT\cookies.ini
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\dirty_dishes.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\foodtray.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\heart1.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\heart2.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\heart3.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\menu_down.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\menu_up.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\mop_prop.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\ticket.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a1.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a2.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a3.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a4.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\music\mainmenumusic.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\baby_cry.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\chef_cook1.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\closing_time.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\customer_ditch.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_down.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_up.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\drink_table.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\expert.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_deliver.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_pickup.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\keystroke2.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\level_lose.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\level_win.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\menu_click.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\menu_rollover.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\mop_pickup.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\mop_spill.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_bring_check_1_snd.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dropoff_drinks_1.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_food_ready_1_snd.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_gain_heart_1.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_menu_down.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pencil_write_2.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_seat_people_snd.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\spill.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\table_drink.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\tip_2.ogg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\flo_lose.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\flo_win.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\fullscreendialog.jpg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\high_score_menu_bg.jpg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.jpg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\levelover.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.jpg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu.jpg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu_logo.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\popup.jpg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\popup.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\textfield.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\upgrade_lines.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\arrowdown_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\arrowdown_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\arrowdown_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\arrowup_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\arrowup_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\arrowup_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\checkbox_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\checkbox_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\decor_highlight.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\decor_normal.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\decor_selected.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_1.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_2.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_3.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_1.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_2.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_3.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a1.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a2.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a3.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\left_arrow_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\left_arrow_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\left_arrow_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_mask.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_mask.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\map_button_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\map_button_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\map_button_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\right_arrow_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\right_arrow_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\right_arrow_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\upgrade_down.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\upgrade_over.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\upgrade_up.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\welcome_player.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\config\actionpoints.bin
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\config\career.bin
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\config\customer.bin
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\config\endless.bin
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\config\global.bin
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\config\powerups.bin
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\cook\stove.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\cursor\arrow.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\cursor\click.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\cursor\click2.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\cursor\grab.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\cursor\open.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\blue.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\blue_legs.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\legs.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\red.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\red_legs.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\blue.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\blue_legs.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\legs.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\red.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\red_legs.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\blue.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_baby.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_legs.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\legs.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\red.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\red_baby.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\red_legs.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\anim.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\anim.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\blue.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\blue_legs.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\legs.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\red.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\red_legs.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\flo\idle.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\flo\idle.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\flo\lower.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\flo\lower.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\flo\upper.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\flo\upper.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\fonts\mercurius.mvec
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\bench.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\bench.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\blue_highchairbaby.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\chair.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\chair.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\dirt2top.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\dirt4top.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\dishcart.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\dishcart.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\green_highchairbaby.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\mop_station_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\mop_station_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\mop_station_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\podium.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\podium_heart.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\podium_heart.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\purple_highchairbaby.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\radio.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\red_highchairbaby.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\spill.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\spill.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\stereo.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\ticketstation.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\ticketstation.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\yellow_highchairbaby.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\family.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help_dividerline.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help1_colormatch1.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help1_colormatch2.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help1_noise.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help1_score.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help2_cleardishes.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help2_givecheck.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help2_pickupfood.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help2_servefood.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help2_takeorder.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\hiscore\local-hs-bb.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\hiscore\p1icon.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\career_1_1.bin
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\career_1_2.bin
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\career_1_3.bin
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\career_1_4.bin
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\career_1_5.bin
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\career_1_6.bin
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\endless_1_1.bin
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_a.bin
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_b.bin
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_c.bin
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\playfirstlogo.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\background.jpg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\blue.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\grey.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\red.pal
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\cup1.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_0.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_1.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\props\cup_prop1.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrades.xml
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\tableshadow.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\careerupgrade.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\choosedifficulty.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\closeconfirm.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\entername.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\game.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\getmoregames.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\help1.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\help2.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\hiscore.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\hiscoreinfo.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\hiscoresubmit.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\levelintro.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\levelover.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\loading.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\mainloop.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\mainmenu.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\ok.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\pause.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\style.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\upgrade.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\upsell.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\yesno.lua
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\splash\aol_logo.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\splash\playfirst_logo.jpg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\strings.xml
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\angersmoke.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\angersmoke.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\bubbles\request_bubble.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\bubbles\request_mop.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\bubbles\request_rejectmeal.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\chairflags.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\chairflags.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\check.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\checkmark.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\closed.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\coinflip.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\coinflip.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\decor_lines.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\dollar.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\expert.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\foodpoof.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\foodpoof.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\heartgrow.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\heartgrow.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\jar.anm
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\jar.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\lives_icon.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\noisering.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_d.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_e.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_f.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\tablenumber_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\tablenumber_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\traynumber.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\tutorialarrow.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\tutorialbox.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\ui_base.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\ui_hand.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\ui_timer_off.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\ui_timer_on.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgradeanim.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_a.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_b.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_c.png
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\upsell\dd1.jpg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\upsell\dd2.jpg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\upsell\dd3.jpg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\assets\upsell\dd4.jpg
C:\WINNT\DOWNLO~1.\DinerDash2.1.0.0.53\dinerdash2.exe
C:\WINNT\Free Online Dating.ico
C:\WINNT\Spyware Remover.ico
C:\WINNT\system32\abvkqrky.exe
C:\WINNT\system32\ainnmvtn.dll
C:\WINNT\system32\arqcegtd.exe
C:\WINNT\system32\aypoiuer.exe
C:\WINNT\system32\bahuhbbm.dll
C:\WINNT\system32\bcebccul.exe
C:\WINNT\system32\bcpejsmu.exe
C:\WINNT\system32\bfojxxcp.exe
C:\WINNT\system32\bhohxixg.exe
C:\WINNT\system32\bnxeuttq.exe
C:\WINNT\system32\bogcudmu.exe
C:\WINNT\system32\bopjbmkb.exe
C:\WINNT\SYSTEM32\brfwakcx.ini
C:\WINNT\system32\bueyegmh.exe
C:\WINNT\system32\buqymepy.exe
C:\WINNT\system32\bvarhixh.exe
C:\WINNT\system32\bxtlhpto.exe
C:\WINNT\system32\byyylqyj.exe
C:\WINNT\system32\cbvihluf.exe
C:\WINNT\system32\ccspqbon.exe
C:\WINNT\system32\cdbkxlrg.exe
C:\WINNT\system32\cdspopus.exe
C:\WINNT\system32\cmfpdgrq.exe
C:\WINNT\system32\cobfuuua.exe
C:\WINNT\system32\cqcdfbrq.exe
C:\WINNT\system32\crygtcja.exe
C:\WINNT\SYSTEM32\cwdkoubm.ini
C:\WINNT\system32\dbycwycv.exe
C:\WINNT\system32\ddkiaqul.exe
C:\WINNT\SYSTEM32\dihgbbxe.ini
C:\WINNT\SYSTEM32\dntknrhe.ini
C:\WINNT\system32\dqrrrpwh.exe
C:\WINNT\system32\dsbptiqb.exe
C:\WINNT\system32\dtclatgl.dll
C:\WINNT\system32\dybabiio.exe
C:\WINNT\system32\dygbtgix.exe
C:\WINNT\system32\eakeplri.exe
C:\WINNT\system32\ebdopweg.exe
C:\WINNT\system32\ehrnktnd.dll
C:\WINNT\system32\embspbvc.exe
C:\WINNT\system32\enhcqwjt.exe
C:\WINNT\system32\exbbghid.dll
C:\WINNT\system32\exhkkhio.exe
C:\WINNT\system32\fcfraoye.exe
C:\WINNT\system32\fkrvoyxk.exe
C:\WINNT\system32\fldecdny.dll
C:\WINNT\system32\fpirlivs.dll
C:\WINNT\SYSTEM32\fyrqrkax.ini
C:\WINNT\system32\gbbfaaqo.exe
C:\WINNT\system32\gdfnhndy.exe
C:\WINNT\system32\ggvmtvev.exe
C:\WINNT\system32\gnsiyjyr.exe
C:\WINNT\system32\gnvqwmro.exe
C:\WINNT\system32\gohcbqmc.exe
C:\WINNT\system32\gqoxtapj.exe
C:\WINNT\system32\gwimfelk.exe
C:\WINNT\system32\gwppdgsk.exe
C:\WINNT\system32\hlkvleol.exe
C:\WINNT\system32\houyhgjl.exe
C:\WINNT\system32\hpjqrjrf.exe
C:\WINNT\system32\htmgjnxj.exe
C:\WINNT\system32\iaeupjvr.exe
C:\WINNT\system32\iehvyogo.exe
C:\WINNT\system32\ieoqwypk.dll
C:\WINNT\system32\ifielnvl.exe
C:\WINNT\SYSTEM32\iixtxypm.ini
C:\WINNT\system32\iopfjdmq.exe
C:\WINNT\system32\irtbhorb.exe
C:\WINNT\system32\ivdfbgol.dll
C:\WINNT\system32\iybgjlbv.exe
C:\WINNT\system32\jcdsrqyl.exe
C:\WINNT\system32\jcxfigst.exe
C:\WINNT\system32\jdtdrssf.exe
C:\WINNT\system32\jeyehhou.exe
C:\WINNT\system32\jimvewgd.exe
C:\WINNT\system32\jnbqypna.exe
C:\WINNT\system32\kaeafbxh.exe
C:\WINNT\system32\kbhogffy.exe
C:\WINNT\system32\kdddkijx.exe
C:\WINNT\system32\kdmiaqcy.exe
C:\WINNT\system32\kembajih.exe
C:\WINNT\system32\kobajmij.exe
C:\WINNT\SYSTEM32\kpywqoei.ini
C:\WINNT\system32\ktcfsart.exe
C:\WINNT\system32\ktljnpvu.exe
C:\WINNT\system32\kuwjvnpq.exe
C:\WINNT\system32\kvrkbxyc.exe
C:\WINNT\system32\kwcnffxt.exe
C:\WINNT\system32\lajhodtk.exe
C:\WINNT\system32\lbohidqu.exe
C:\WINNT\system32\lbriohag.exe
C:\WINNT\SYSTEM32\lgtalctd.ini
C:\WINNT\system32\librikvh.exe
C:\WINNT\system32\lrcbqvjj.exe
C:\WINNT\SYSTEM32\ltmdnrnt.ini
C:\WINNT\system32\luykrlqg.exe
C:\WINNT\system32\lxclybes.exe
C:\WINNT\system32\lynftohe.exe
C:\WINNT\SYSTEM32\mbbhuhab.ini
C:\WINNT\system32\mbpqtvfc.exe
C:\WINNT\system32\mbuokdwc.dll
C:\WINNT\system32\mekeucbb.exe
C:\WINNT\system32\miuiofui.exe
C:\WINNT\SYSTEM32\mkfobaqy.ini
C:\WINNT\system32\mpyxtxii.dll
C:\WINNT\system32\mtnpkmfk.exe
C:\WINNT\system32\mvvihaep.exe
C:\WINNT\system32\mwmsnfmx.exe
C:\WINNT\system32\narpbcmu.exe
C:\WINNT\system32\nbjdtqjf.exe
C:\WINNT\system32\ncucokhb.exe
C:\WINNT\system32\nluuomcq.exe
C:\WINNT\system32\nogqehvg.exe
C:\WINNT\system32\npgbnebh.exe
C:\WINNT\system32\nskttyvl.exe
C:\WINNT\system32\nsmmelyi.exe
C:\WINNT\system32\nswsjctp.exe
C:\WINNT\SYSTEM32\ntvmnnia.ini
C:\WINNT\system32\nyuuhvrc.exe
C:\WINNT\system32\oaxvacsv.exe
C:\WINNT\system32\odyjwnwa.exe
C:\WINNT\system32\oftvpvim.exe
C:\WINNT\system32\ohivvonw.exe
C:\WINNT\system32\oingwdty.exe
C:\WINNT\system32\ojnoabwk.exe
C:\WINNT\system32\okjmurym.exe
C:\WINNT\system32\opfxsvgr.exe
C:\WINNT\system32\opswesju.exe
C:\WINNT\system32\owargqyk.exe
C:\WINNT\system32\owhwcvhy.exe
C:\WINNT\system32\owsdkdbp.dll
C:\WINNT\system32\pdbondss.exe
C:\WINNT\system32\pgvrevku.exe
C:\WINNT\system32\plgbddgj.exe
C:\WINNT\system32\poipvcsm.exe
C:\WINNT\system32\pqirnyxw.exe
C:\WINNT\system32\prhkpwau.exe
C:\WINNT\system32\pvsrxbks.exe
C:\WINNT\system32\pwftdgxu.exe
C:\WINNT\system32\qdymyuqe.dll
C:\WINNT\system32\qfjarotq.exe
C:\WINNT\system32\qhbdlgok.exe
C:\WINNT\system32\qijogxos.exe
C:\WINNT\system32\qkggnhpf.exe
C:\WINNT\system32\qkwqobeg.exe
C:\WINNT\system32\qydjoush.exe
C:\WINNT\system32\raiymtxq.exe
C:\WINNT\system32\rayaejdq.exe
C:\WINNT\system32\rbnkryys.exe
C:\WINNT\system32\rdxlksgc.exe
C:\WINNT\system32\rffvahtx.exe
C:\WINNT\system32\rfmdnikh.exe
C:\WINNT\system32\rggawrfy.dll
C:\WINNT\system32\rjtbavic.exe
C:\WINNT\system32\rlgndvtc.exe
C:\WINNT\system32\rrojghnv.exe
C:\WINNT\system32\rxwqnxqs.exe
C:\WINNT\system32\spnhiyey.exe
C:\WINNT\system32\spwqqhyf.exe
C:\WINNT\system32\sstus.dll
C:\WINNT\SYSTEM32\sutss.bak1
C:\WINNT\SYSTEM32\sutss.bak2
C:\WINNT\SYSTEM32\sutss.ini
C:\WINNT\SYSTEM32\svilripf.ini
C:\WINNT\system32\tabtayxa.exe
C:\WINNT\system32\tatfntpc.exe
C:\WINNT\system32\tbfsdwkf.exe
C:\WINNT\system32\tbsbwbif.exe
C:\WINNT\system32\texhwwhw.exe
C:\WINNT\system32\tgdrhrhj.exe
C:\WINNT\system32\tgwgmigd.exe
C:\WINNT\system32\thwprjwg.exe
C:\WINNT\system32\tithvyak.exe
C:\WINNT\system32\tjroakho.exe
C:\WINNT\system32\tlnmjagw.exe
C:\WINNT\system32\tnrndmtl.dll
C:\WINNT\system32\tqgqtsgu.exe
C:\WINNT\system32\tqpccexp.exe
C:\WINNT\system32\txjcilwf.exe
C:\WINNT\system32\ubhypgac.exe
C:\WINNT\system32\ucopjaeq.exe
C:\WINNT\system32\udkpkbug.exe
C:\WINNT\system32\ufcqywxp.exe
C:\WINNT\system32\ugopbnkl.exe
C:\WINNT\system32\ukwwjhwq.exe
C:\WINNT\system32\uowclecn.exe
C:\WINNT\system32\urqrrqo.dll
C:\WINNT\system32\usldcroq.exe
C:\WINNT\system32\usqcmckk.exe
C:\WINNT\system32\uvjnwibe.exe
C:\WINNT\system32\uvrvnxvc.exe
C:\WINNT\system32\uvyjhdti.exe
C:\WINNT\system32\uyxwljxl.exe
C:\WINNT\system32\vlcskywu.exe
C:\WINNT\system32\vprblart.exe
C:\WINNT\system32\vrlyjjql.exe
C:\WINNT\system32\vuvixirh.exe
C:\WINNT\system32\vwwpxtci.exe
C:\WINNT\system32\waqnhumg.exe
C:\WINNT\system32\whdpqmjt.exe
C:\WINNT\system32\whlbfobs.exe
C:\WINNT\system32\whtrqdkp.exe
C:\WINNT\system32\wiwrnane.exe
C:\WINNT\system32\wnjwvrtt.exe
C:\WINNT\system32\wqunnmte.exe
C:\WINNT\system32\wxxtqygw.exe
C:\WINNT\system32\xakrqryf.dll
C:\WINNT\system32\xckawfrb.dll
C:\WINNT\system32\xepmpvau.exe
C:\WINNT\system32\xmffumuo.exe
C:\WINNT\SYSTEM32\xqqnnksx.ini
C:\WINNT\system32\xrlxuppl.exe
C:\WINNT\system32\xsknnqqx.dll
C:\WINNT\system32\xvyjjqfb.exe
C:\WINNT\system32\yaebusky.exe
C:\WINNT\SYSTEM32\yfrwaggr.ini
C:\WINNT\system32\ygvxgnkf.exe
C:\WINNT\system32\yhysiwvi.exe
C:\WINNT\SYSTEM32\yndcedlf.ini
C:\WINNT\system32\ynhlsrlv.exe
C:\WINNT\system32\ynwofqgx.exe
C:\WINNT\system32\yqabofkm.dll
C:\WINNT\system32\ywuikopd.exe

.
((((((((((((((((((((((((( Files Created from 2007-08-23 to 2007-09-23 )))))))))))))))))))))))))))))))
.

2007-09-23 01:37 16,384 --a----t- C:\WINNT\SYSTEM32\Perflib_Perfdata_364.dat
2007-09-23 00:58 51,200 --a------ C:\WINNT\NirCmd.exe
2007-09-23 00:26 85,568 --a------ C:\WINNT\SYSTEM32\ydwaqepx.dll
2007-09-23 00:22 2,560 --a------ C:\WINNT\SYSTEM32\DRIVERS\mchInjDrv.sys
2007-09-21 18:45 87,616 --a------ C:\WINNT\SYSTEM32\cifhjare.dll
2007-09-20 20:03 0 --a------ C:\WINNT\SYSTEM32\bhpkbsir.dll
2007-09-20 20:00 83,008 --a------ C:\WINNT\SYSTEM32\npbcrpqq.dll
2007-09-20 19:57 83,008 --a------ C:\WINNT\SYSTEM32\gvvuruhc.dll
2007-09-20 19:54 83,008 --a------ C:\WINNT\SYSTEM32\faojlfyy.dll
2007-09-20 19:51 83,008 --a------ C:\WINNT\SYSTEM32\acovhneo.dll
2007-09-20 19:48 83,008 --a------ C:\WINNT\SYSTEM32\ytawwgcq.dll
2007-09-20 19:45 83,008 --a------ C:\WINNT\SYSTEM32\efqwinbx.dll
2007-09-20 19:42 83,008 --a------ C:\WINNT\SYSTEM32\ulherhxj.dll
2007-09-20 19:39 83,008 --a------ C:\WINNT\SYSTEM32\akvcxonv.dll
2007-09-20 19:36 83,008 --a------ C:\WINNT\SYSTEM32\oqauldkb.dll
2007-09-20 19:33 83,008 --a------ C:\WINNT\SYSTEM32\tsmgkhjb.dll
2007-09-20 19:30 83,008 --a------ C:\WINNT\SYSTEM32\strwnoqj.dll
2007-09-20 19:27 83,008 --a------ C:\WINNT\SYSTEM32\csnxjngn.dll
2007-09-20 19:24 83,008 --a------ C:\WINNT\SYSTEM32\uyocitvd.dll
2007-09-20 19:21 83,008 --a------ C:\WINNT\SYSTEM32\ndmpokfd.dll
2007-09-20 19:15 83,008 --a------ C:\WINNT\SYSTEM32\ygirmpcb.dll
2007-09-20 19:13 83,008 --a------ C:\WINNT\SYSTEM32\onrxdubo.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
07-08-18 00:29 --------- d-------- C:\Program Files\WT RegCleaner XP
07-08-18 00:14 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Uniblue
07-08-18 00:13 --------- d-------- C:\Program Files\Uniblue
07-08-18 00:05 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
07-08-18 00:03 --------- d-------- C:\Program Files\RogueRemover FREE
07-08-12 19:03 --------- d-------- C:\Program Files\Spyware Doctor
07-08-12 19:03 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\PC Tools
07-08-11 09:57 106405 --a------ C:\WINNT\SYSTEM32\wcglrwsa.dll
07-08-02 10:49 82248 --a------ C:\WINNT\system32\drivers\iksyssec.sys
07-08-02 10:49 57672 --a------ C:\WINNT\system32\drivers\iksysflt.sys
07-08-02 10:49 38728 --a------ C:\WINNT\system32\drivers\ikfilesec.sys
07-08-02 10:49 29000 --a------ C:\WINNT\system32\drivers\kcom.sys
07-07-30 19:19 92504 --a------ C:\WINNT\SYSTEM32\dllcache\cdm.dll
07-07-30 19:19 92504 --a------ C:\WINNT\SYSTEM32\cdm.dll
07-07-30 19:19 549720 --a------ C:\WINNT\SYSTEM32\wuapi.dll
07-07-30 19:19 53080 --a------ C:\WINNT\SYSTEM32\wuauclt.exe
07-07-30 19:19 53080 --a------ C:\WINNT\SYSTEM32\dllcache\wuauclt.exe
07-07-30 19:19 43352 --a------ C:\WINNT\SYSTEM32\wups2.dll
07-07-30 19:19 325976 --a------ C:\WINNT\SYSTEM32\wucltui.dll
07-07-30 19:19 203096 --a------ C:\WINNT\SYSTEM32\wuweb.dll
07-07-30 19:19 1712984 --a------ C:\WINNT\SYSTEM32\wuaueng.dll
07-07-30 19:19 1712984 --a------ C:\WINNT\SYSTEM32\dllcache\wuaueng.dll
07-07-30 19:18 33624 --a------ C:\WINNT\SYSTEM32\wups.dll
07-07-26 00:02 126016 --a------ C:\WINNT\SYSTEM32\goasjrbr.dll
07-07-24 22:56 126016 --a------ C:\WINNT\SYSTEM32\resqnsxr.dll
07-07-16 03:38 9232 --a------ C:\DOCUME~1\ADMINI~1\mqdmmdfl.sys
07-07-16 03:38 92064 --a------ C:\DOCUME~1\ADMINI~1\mqdmmdm.sys
07-07-16 03:38 79328 --a------ C:\DOCUME~1\ADMINI~1\mqdmserd.sys
07-07-16 03:38 66656 --a------ C:\DOCUME~1\ADMINI~1\mqdmbus.sys
07-07-16 03:38 6208 --a------ C:\DOCUME~1\ADMINI~1\mqdmcmnt.sys
07-07-16 03:38 5936 --a------ C:\DOCUME~1\ADMINI~1\mqdmwhnt.sys
07-07-16 03:38 4048 --a------ C:\DOCUME~1\ADMINI~1\mqdmcr.sys
07-07-16 03:38 25600 --a------ C:\DOCUME~1\ADMINI~1\usbsermptxp.sys
07-07-16 03:38 22768 --a------ C:\DOCUME~1\ADMINI~1\usbsermpt.sys
02-12-03 10:09 25600 --a------ C:\Program Files\Common Files\Journal Entry 5.doc
01-06-19 13:05 271 --ah----- C:\Program Files\DESKTOP.INI
01-06-19 13:05 21952 --ah----- C:\Program Files\FOLDER.HTT
01-05-08 07:00 32528 --a------ C:\WINNT\INF\WBFIRDMA.SYS
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 13:05 C:\WINNT\SYSTEM32\mobsync.exe]
"NAV Agent"="C:\PROGRA~1\NORTON~1\navapw32.exe" [02-02-27 11:27 ]
"nwiz"="nwiz.exe" [02-11-18 14:15 C:\WINNT\SYSTEM32\nwiz.exe]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" []
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [04-11-02 16:59 ]
"Realplayer LTD"="realplaye32.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [05-12-20 20:54 ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06-02-14 23:23 ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [05-11-10 13:03 ]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [07-07-16 23:59 ]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [07-08-02 10:49 ]
"SearchIndexer"="C:\WINNT\system32\ydwaqepx.dll" [07-09-23 00:26 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" []
"cdpust"="C:\WINNT\system32\cdpust.exe" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [06-07-31 15:54 ]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [07-05-29 20:34 ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [06-03-30 16:45 ]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [07-08-14 16:52 ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Realplayer LTD"=realplaye32.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Kaspersky Antivirus"=KasperskyAV.exe
"AIM"=C:\Program Files\AIM\aim.exe -cnetwait.odl
"qomu"=C:\PROGRA~1\COMMON~1\qomu\qomum.exe
"Registry Cleaner"=C:\PROGRA~1\REGIST~1\REGCLEAN.EXE
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R0 Fd16_700;Fd16_700;C:\WINNT\system32\DRIVERS\fd16_700.sys
R0 SONYPVM1;Sony Memory Stick Driver(SONYPVM1);C:\WINNT\system32\DRIVERS\SONYPVM1.SYS
R1 mchInjDrv;madCodeHook DLL injection driver;\??\C:\WINNT\system32\Drivers\mchInjDrv.sys
R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;C:\WINNT\system32\DRIVERS\el90xbc5.sys
R3 ichaud;Service for AC'97 Driver (WDM);C:\WINNT\system32\drivers\ichaud.sys
R3 tbhsd;Tunebite High-Speed Dubbing;C:\WINNT\system32\drivers\tbhsd.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINNT\system32\DRIVERS\motmodem.sys
S3 netrcacm;RCA USB Digital Cable Modem Driver;C:\WINNT\system32\DRIVERS\netrcacm.sys

*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS
.
Contents of the 'Scheduled Tasks' folder
"2007-09-23 03:11:20 C:\WINNT\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2007-09-21 08:00:02 C:\WINNT\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NAVW32.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-23 01:38:02
Windows 5.0.2195 Service Pack 4 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-23 1:53:41 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-09-23 01:53
.
--- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:12:30 PM, on 9/23/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINNT\system32\wuauclt.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Realplayer LTD] realplaye32.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINNT\system32\ydwaqepx.dll",sitypnow
O4 - HKLM\..\RunServices: [Realplayer LTD] realplaye32.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [cdpust] C:\WINNT\system32\cdpust.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Policies\Explorer\Run: [cdpust] C:\WINNT\system32\cdpust.exe
O4 - HKUS\.DEFAULT\..\Run: [Kaspersky Antivirus] KasperskyAV.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [qomu] C:\PROGRA~1\COMMON~1\qomu\qomum.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Registry Cleaner] C:\PROGRA~1\REGIST~1\REGCLEAN.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash...h2.1.0.0.53.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/systemscan/soesysinfo.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 8745 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users