PDA

View Full Version : Smitfraud-C.CoreService and VirtuMonde



AmericaCaptain
2007-07-06, 22:05
I hope I'm following all the forum rules. I ran Spybot and Smitfraud and VirtuMonde couldn't be removed. Please help


Logfile of HijackThis v1.99.1
Scan saved at 3:03:01 PM, on 7/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\AOL\1141791587\ee\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\common files\aol\1141791587\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
c:\program files\common files\aol\1141791587\ee\aolsoftware.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Program Files\AIM\aim.exe
c:\program files\common files\aol\1141791587\ee\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
R3 - URLSearchHook: (no name) - - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [arcaderockstar] C:\Program Files\ArcadeRockstar\arcaderockstar32.exe
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [caetwrgA] C:\WINDOWS\caetwrgA.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\rlirlbxb.dll",realset
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.7.4\webbuying.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.drivecleaner.com
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantispyware.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/popzuma/popcaploader_v10.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

random/random
2007-07-06, 22:29
Download the latest version of ComboFix from Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

AmericaCaptain
2007-07-06, 23:40
HighJack This log:
Logfile of HijackThis v1.99.1
Scan saved at 4:38:55 PM, on 7/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\AOL\1141791587\ee\aolsoftware.exe
c:\program files\common files\aol\1141791587\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
c:\program files\common files\aol\1141791587\ee\aolsoftware.exe
c:\program files\common files\aol\1141791587\ee\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {110AFD74-FB56-4CC4-8F5B-07DACE4880A5} - C:\Program Files\Internet Explorer\hokepoc43855.dll (file missing)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: (no name) - {9c99720d-fd26-47d3-be4f-9cf3d44d6007} - C:\WINDOWS\system32\kmnmkek.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {DE22B9E6-6B2B-4582-9C55-81166D07D969} - C:\Program Files\Internet Explorer\hokepoc58441.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [arcaderockstar] C:\Program Files\ArcadeRockstar\arcaderockstar32.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.drivecleaner.com
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantispyware.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/popzuma/popcaploader_v10.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

AmericaCaptain
2007-07-06, 23:43
"lori m-keller" - 2007-07-06 16:03:48 - ComboFix 07-07-04.4 - Service Pack 2


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\jkhfc.dll
C:\WINDOWS\system32\rlirlbxb.dll
C:\WINDOWS\system32\unclpair.dll
C:\WINDOWS\system32\qomjgec.dll
C:\WINDOWS\system32\cfhkj.bak1
C:\WINDOWS\system32\cfhkj.bak2
C:\WINDOWS\system32\hjllm.bak1
C:\WINDOWS\system32\hjllm.bak2
C:\WINDOWS\system32\hjllm.ini
C:\WINDOWS\system32\hjllm.tmp
C:\WINDOWS\system32\bxblrilr.ini
C:\WINDOWS\system32\hjllm.bak1
C:\WINDOWS\system32\hjllm.bak2
C:\WINDOWS\system32\hjllm.ini
C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\ljjigfg.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\DOCUME~1\LORIM-~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\XMNFLVK9\www.broadcaster.com
C:\DOCUME~1\LORIM-~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\LORIM-~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\DOCUME~1\LORIM-~1\APPLIC~1.\mbols~1
C:\DOCUME~1\LORIM-~1\APPLIC~1.\mbols~1\services.exe
C:\DOCUME~1\LORIM-~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\LORIM-~1\APPLIC~1.\winantispyware 2007\Logs\update.log
C:\DOCUME~1\LORIM-~1\MYDOCU~1.\smbols~1
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Common Files\winantispyware 2007\uwas7cw.exe
C:\Program Files\Common Files\winantispyware 2007\WAS7Mon.exe
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\Program Files\Internet Explorer\hokepoc43855.dll
C:\Program Files\Internet Explorer\hokepoc58441.dll
C:\Program Files\winantispyware 2007
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\66b2436c1734474cc6d6749e\22a8456d8aea45ec1b27368c\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\66b2436c1734474cc6d6749e\22a8456d8aea45ec1b27368c\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\66b2436c1734474cc6d6749e\22a8456d8aea45ec1b27368c\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\66b2436c1734474cc6d6749e\322169212c504cc90b9479bb\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\66b2436c1734474cc6d6749e\322169212c504cc90b9479bb\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\66b2436c1734474cc6d6749e\322169212c504cc90b9479bb\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\66b2436c1734474cc6d6749e\60beef7688474d21943c3293\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\66b2436c1734474cc6d6749e\60beef7688474d21943c3293\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\66b2436c1734474cc6d6749e\60beef7688474d21943c3293\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\66b2436c1734474cc6d6749e\9e14174f594645a546e01190\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\66b2436c1734474cc6d6749e\9e14174f594645a546e01190\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\66b2436c1734474cc6d6749e\9e14174f594645a546e01190\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\39314fc8347a42bcbcd1a0b6\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\39314fc8347a42bcbcd1a0b6\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\39314fc8347a42bcbcd1a0b6\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\39314fc8347a42bcbcd1a0b6\lori m-keller
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\6b931c27f56c4dca6576b094\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\6b931c27f56c4dca6576b094\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\6b931c27f56c4dca6576b094\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\7e1a30ffc6da4a047da902bf\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\7e1a30ffc6da4a047da902bf\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\7e1a30ffc6da4a047da902bf\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\855c6825bb454298461472ad\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\855c6825bb454298461472ad\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\855c6825bb454298461472ad\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\8e52003a20424db30a250781\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\8e52003a20424db30a250781\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\8e52003a20424db30a250781\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\a7557612b1bc45feee69a7a9\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\a7557612b1bc45feee69a7a9\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\a7557612b1bc45feee69a7a9\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\a7557612b1bc45feee69a7a9\lori m-keller
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\a792a043f5414d833db1f990\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\a792a043f5414d833db1f990\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\a792a043f5414d833db1f990\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\c262dad6d8ae473f9ac5df89\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\c262dad6d8ae473f9ac5df89\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\c262dad6d8ae473f9ac5df89\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\ced7b0921fda4d483bc86fab\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\ced7b0921fda4d483bc86fab\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\ced7b0921fda4d483bc86fab\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\de6a0751ca5c41f124b2f097\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\de6a0751ca5c41f124b2f097\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\de6a0751ca5c41f124b2f097\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\de6a0751ca5c41f124b2f097\lori m-keller
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\e050be9bef584d1949b085a1\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\e050be9bef584d1949b085a1\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\e050be9bef584d1949b085a1\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\ffdc583c2e1d4fecd3e4fe83\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\ffdc583c2e1d4fecd3e4fe83\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\e9d03634622549f05649bc9e\84b05c8db08f4d490552ae87\ffdc583c2e1d4fecd3e4fe83\#name
C:\Program Files\winantispyware 2007\scanlog.xml
C:\Program Files\winantispyware 2007\threatnet.dat
C:\Program Files\winpop
C:\Program Files\winpop\UnInstall.exe
C:\Program Files\winpop\winpop.exe
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\temp\tn3
C:\WINDOWS\b122.exe
C:\WINDOWS\cs_cache.ini
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\accessories\cup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\accessories\customer_cup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\accessories\heart.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\accessories\menu_down.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\accessories\menu_up.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\accessories\plates.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\accessories\ticket.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\accessories\tray.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\audio\sfx\sfx_bring_check_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\audio\sfx\sfx_diner.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\audio\sfx\sfx_food_ready_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\audio\sfx\sfx_gain_heart_1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\audio\sfx\sfx_pencil_write_2.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\audio\sfx\sfx_rollover_1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\audio\sfx\sfx_seat_people_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\backgrounds\choosedifficulty.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\backgrounds\credits.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\backgrounds\flo_lose.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\backgrounds\flo_win.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\backgrounds\help1.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\backgrounds\help2.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\backgrounds\highscores.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\backgrounds\levelintro.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\backgrounds\levelintro_mask.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\backgrounds\levelover.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\backgrounds\levelover_mask.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\backgrounds\popup.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\backgrounds\popup_mask.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\backgrounds\upgradegrid.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\backgrounds\upgradetitle.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\backgrounds\upsell.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\arrowleft_blue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\arrowleft_yellow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\arrowright_blue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\arrowright_yellow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\back_blue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\back_yellow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\backchalk.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\backchalkup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\backtomenu_blue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\backtomenu_yellow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\cancel.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\cancelup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\career.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\career_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\close.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\closeup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\continue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\continueover.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\credits_blue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\credits_yellow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\download_blue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\download_yellow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\easy.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\easy_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\endlessshift.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\endlessshift_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\hard.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\hard_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\help.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\help_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\highscores.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\highscores_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\instructions_blue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\instructions_yellow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\letsplay.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\letsplayover.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\medium.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\medium_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\moreinfo.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\moreinfoup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\off.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\off_on.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\on.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\on_on.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\pause.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\pauseover.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\quit.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\quitgame.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\quitgameover.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\quitover.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\resumegame.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\resumegameover.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\submit.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\submitup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\tryagain.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\tryagainover.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\upgrade_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\upgrade_up.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\viewglobal.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\viewglobalup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\viewhighscore.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\viewhighscoreon.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\viewlocal.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\buttons\viewlocalup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\comics\webcomic.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\config\career.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\config\customer.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\config\endless.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\config\global.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\config\powerups.xml

AmericaCaptain
2007-07-06, 23:44
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\cook\cook.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\cook\cook.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\cook\stove.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\cursor\arrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\cursor\click.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\cursor\click2.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\cursor\grab.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\cursor\open.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\old_male\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\old_male\blue\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\old_male\blue\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\old_male\blue\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\old_male\green\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\old_male\green\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\old_male\green\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\old_male\purple\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\old_male\purple\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\old_male\purple\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\old_male\red\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\old_male\red\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\old_male\red\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\old_male\yellow\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\old_male\yellow\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\old_male\yellow\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\young_female\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\young_female\blue\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\young_female\blue\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\young_female\blue\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\young_female\green\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\young_female\green\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\young_female\green\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\young_female\purple\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\young_female\purple\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\young_female\purple\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\young_female\red\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\young_female\red\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\young_female\red\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\young_female\yellow\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\young_female\yellow\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\customers\young_female\yellow\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\flo\idle.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\flo\idle.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\flo\lower.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\flo\lower.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\flo\upper.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\flo\upper.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\fonts\arial.mvec
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\fonts\komikaaxis.mvec
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\furniture\chair.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\furniture\chair.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\furniture\dirt2top.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\furniture\dirt4top.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\furniture\dishcart.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\furniture\dishcart.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\furniture\drinkstation_off.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\furniture\drinkstation_on1.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\furniture\drinkstation_on2.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\furniture\ticketstation.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\furniture\ticketstation.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\hiscore\arrowdown.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\hiscore\arrowdownon.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\hiscore\arrowleft.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\hiscore\arrowlefton.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\hiscore\arrowright.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\hiscore\arrowrighton.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\hiscore\arrowup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\hiscore\arrowupon.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\hiscore\p1icon.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\hiscore\textedit.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\hiscore\title.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\layouts\endless_1_1.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\layouts\endless_1_1_a.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\layouts\endless_1_1_b.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\layouts\endless_1_1_c.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\layouts\endless_1_2.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\layouts\endless_1_2_a.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\layouts\endless_1_2_b.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\layouts\endless_1_2_c.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\layouts\endless_1_2_d.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\layouts\endless_1_3.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\layouts\endless_1_3_a.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\layouts\endless_1_3_b.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\layouts\endless_1_3_c.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\layouts\endless_1_3_d.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\layouts\fifth_level_diner.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\layouts\first_level_diner.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\layouts\fourth_level_diner.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\layouts\second_level_diner.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\playfirst_logo.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\restaurants\diner\background.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\restaurants\diner\food\food1.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\restaurants\diner\food\food1.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\restaurants\diner\food\food2.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\restaurants\diner\food\food2.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\restaurants\diner\food\food3.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\restaurants\diner\food\food3.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\restaurants\diner\frames\upgrade_0001.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\restaurants\diner\tables\2top.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\restaurants\diner\tables\2top.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\restaurants\diner\tables\4top.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\restaurants\diner\tables\4top.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\restaurants\diner\upgrades.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\restaurants\tableshadow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\choosedifficulty.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\chooseplayer.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\chooserestaurant.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\credits.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\game.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\gothighscore.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\help.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\help2.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\hiscore.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\hiscoreinfo.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\hiscoresubmit.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\levelintro.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\levelover.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\loading.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\mainloop.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\mainmenu.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\ok.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\pause.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\style.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\tutorialintro.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\upgrade.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\upsell.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\webcomic.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\scripts\yesno.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\splash\aol_logo.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\splash\gamelabsplash.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\splash\playfirst_logo.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\strings.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\angersmoke.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\angersmoke.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\chairflags.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\chairflags.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\check.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\checkmark.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\clock.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\closed.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\closingtime.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\coinflip.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\coinflip.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\dollar.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\doodles\coffee.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\doodles\tables.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\doodles\wallpaper.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\expert.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\expertscore.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\foodpoof.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\foodpoof.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\fork_timer.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\goalcompleted.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\heartgrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\heartgrow.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\jar.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\jar.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\level.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\level_career.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\score.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\sound.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\staroff.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\staron.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\tablenumber.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\tablenumberup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\traynumber.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\tutorial_character.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\tutorialarrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\tutorialbox.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\upgradeanim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\upgradeanim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\upgrades\drinks.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\upgrades\maitred.png

AmericaCaptain
2007-07-06, 23:45
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\upgrades\oven.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\upgrades\select.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\upgrades\shoes.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\upgrades\stereo.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\assets\ui\upgrades\table.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.72\dinerdash.exe
C:\WINDOWS\DOWNLO~1\UWA7P_0001_N91M0809NetInstaller.exe
C:\WINDOWS\itpb_3.exe
C:\WINDOWS\retadpu11.exe
C:\WINDOWS\retadpu2000219.exe
C:\WINDOWS\stub_mma2.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\drivers\fopn.sys
C:\WINDOWS\system32\kmnmkek.dll
C:\WINDOWS\system32\o02PrEz
C:\WINDOWS\system32\wcpit32.exe
C:\WINDOWS\system32\win
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\LEGACY_FAD
-------\LEGACY_NWSAPAGENT
-------\core
-------\nm
-------\NwSapAgent


((((((((((((((((((((((((( Files Created from 2007-06-06 to 2007-07-06 )))))))))))))))))))))))))))))))


2007-07-06 15:51 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-06-29 16:07 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-06-29 04:06 <DIR> d-------- C:\DOCUME~1\LORIM-~1\APPLIC~1\dvdcss
2007-06-25 17:03 <DIR> d-------- C:\DOCUME~1\ERINKE~1\APPLIC~1\MailFrontier
2007-06-23 23:43 <DIR> d-------- C:\Program Files\Game_Maker7
2007-06-18 18:18 <DIR> d-------- C:\DOCUME~1\LORIM-~1\APPLIC~1\MailFrontier
2007-06-18 17:42 81,440 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-06-18 17:42 1,152,288 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-06-18 17:20 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2007-06-18 17:19 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-06-18 17:19 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-06-18 17:18 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-06-18 17:16 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-06-18 16:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-18 16:51 981,920 -r-hs---- C:\WINDOWS\caetwrgA.exe
2007-06-18 16:50 46,592 --a------ C:\WINDOWS\caetwrg.exe
2007-06-18 16:50 192,598 --a------ C:\WINDOWS\system32\rwinrndt.exe
2007-06-18 16:50 <DIR> d-------- C:\WINDOWS\system32\S7
2007-06-18 16:50 <DIR> d-------- C:\WINDOWS\system32\S6
2007-06-18 16:50 <DIR> d-------- C:\WINDOWS\system32\S4
2007-06-18 16:50 <DIR> d-------- C:\WINDOWS\system32\S1
2007-06-18 16:50 <DIR> d-------- C:\WINDOWS\system32\S0
2007-06-06 20:01 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-06-06 20:01 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
2007-06-06 20:01 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
2007-06-06 20:00 <DIR> d-------- C:\Program Files\Replay Converter
2007-06-06 19:55 <DIR> d-------- C:\WINDOWS\FLV Player
2007-06-06 19:55 <DIR> d-------- C:\Program Files\FLV Player
2007-06-06 19:20 14,604 --a------ C:\WINDOWS\system32\drivers\pfc.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-04 04:05:39 -------- d-----w C:\DOCUME~1\LORIM-~1\APPLIC~1\uTorrent
2007-07-04 02:07:34 5,642 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-07-04 02:07:34 104 --sh--r C:\WINDOWS\system32\B56D472F15.sys
2007-06-25 22:02:38 -------- d-----w C:\Program Files\Lx_cats
2007-06-24 09:41:47 -------- d-----w C:\Program Files\Winamp
2007-06-18 23:02:27 -------- d-----w C:\Program Files\ArcadeRockstar
2007-06-15 07:30:47 -------- d-----w C:\Program Files\AOL Deskbar
2007-06-07 00:20:01 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-06 21:07:02 -------- d-----w C:\Program Files\MUSICMATCH
2007-06-06 02:15:22 -------- d-----w C:\Program Files\Common Files\AOL
2007-05-31 04:41:55 -------- d-----w C:\Program Files\America Online 9.0a
2007-05-21 01:41:43 -------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-14 01:33:57 -------- d-----w C:\DOCUME~1\LORIM-~1\APPLIC~1\WinRAR
2007-05-14 00:46:38 -------- d-----w C:\Program Files\Guitar Pro 5
2007-05-13 20:37:25 -------- d-----w C:\DOCUME~1\LORIM-~1\APPLIC~1\vlc
2007-05-13 20:36:36 -------- d-----w C:\Program Files\VideoLAN
2007-05-13 18:44:46 -------- d-----w C:\Program Files\utorrent
2007-05-13 18:38:31 -------- d-----w C:\Program Files\DAEMON Tools
2007-05-13 18:33:44 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-05-13 08:13:20 -------- d-----w C:\DOCUME~1\LORIM-~1\APPLIC~1\BitTorrent
2007-05-09 01:17:22 -------- d-----w C:\Program Files\SystemRequirementsLab
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 17:31:03 103,984 ----a-w C:\WINDOWS\system32\AOLDial.dll
2007-04-13 17:13:07 3,236 ----a-w C:\WINDOWS\checkip.dat
2007-03-09 07:12:32 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2003-11-03 15:17 54248 --a------ C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
2006-08-09 09:37 184320 -ra------ C:\Program Files\Lexmark Toolbar\toolband.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{110AFD74-FB56-4CC4-8F5B-07DACE4880A5}]
C:\Program Files\Internet Explorer\hokepoc43855.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}]
2005-06-14 14:56 86016 --a------ C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
2005-11-30 13:17 585728 --a------ C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c99720d-fd26-47d3-be4f-9cf3d44d6007}]
C:\WINDOWS\system32\kmnmkek.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-20 00:55 2403392 -ra------ c:\program files\google\googletoolbar3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DE22B9E6-6B2B-4582-9C55-81166D07D969}]
C:\Program Files\Internet Explorer\hokepoc58441.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"arcaderockstar"="C:\Program Files\ArcadeRockstar\arcaderockstar32.exe" [2007-04-17 16:55]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-02-13 13:29]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-25 22:08]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-03-28 08:57]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^lori m-keller^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\lori m-keller\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
"C:\Program Files\America Online 9.0a\AOL.EXE" -b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\Quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\DellSupport\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
"C:\Program Files\Lexmark 5400 Series\ezprint.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1141791587\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5400 Series Fax Server]
"C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxctmon.exe]
"C:\Program Files\Lexmark 5400 Series\lxctmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\NetWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE_OEM]
"C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
"C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
"C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot


**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-06 16:29:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-06 16:33:10
C:\ComboFix-quarantined-files.txt ... 2007-07-06 16:33

--- E O F ---

random/random
2007-07-07, 11:08
Go to Start > My Computer
Go to Tools > Folder Options
Click on the View tab
Untick the following:

Hide extensions for known file types
Hide protected operating system files (Recommended)

You will get a message warning you about showing protected operating system files, click Yes
Make sure this option is selected:

Show hidden files and folders

Click Apply and then click OK


Go to Start> Control Panel> Add or Remove Programs.

Remove the following programs, if they are present.


arcaderockstar
MyWay


Run HijackThis
Click on do a system scan only
Place a checkmark next to these lines(if still present)

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {110AFD74-FB56-4CC4-8F5B-07DACE4880A5} - C:\Program Files\Internet Explorer\hokepoc43855.dll (file missing)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {9c99720d-fd26-47d3-be4f-9cf3d44d6007} - C:\WINDOWS\system32\kmnmkek.dll (file missing)
O2 - BHO: (no name) - {DE22B9E6-6B2B-4582-9C55-81166D07D969} - C:\Program Files\Internet Explorer\hokepoc58441.dll (file missing)
O4 - HKLM\..\Run: [arcaderockstar] C:\Program Files\ArcadeRockstar\arcaderockstar32.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.drivecleaner.com
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantispyware.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com

Then close all windows except HijackThis and click Fix Checked

Restart

Use windows explorer to find and delete these files:

C:\WINDOWS\caetwrgA.exe
C:\WINDOWS\caetwrg.exe
C:\WINDOWS\system32\rwinrndt.exe

And these folders:

C:\Program Files\MyWaySA\
C:\Program Files\ArcadeRockstar\
C:\WINDOWS\system32\S7\
C:\WINDOWS\system32\S6\
C:\WINDOWS\system32\S4\
C:\WINDOWS\system32\S1\
C:\WINDOWS\system32\S0\

Go here (http://www.kaspersky.com/virusscanner) to run an online scannner from Kaspersky.

Click on "Kaspersky Online Scanner"
A new smaller window will pop up. Press on "Accept". After reading the contents.
Now Kaspersky will update the anti-virus database. Let it run.
Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
Then click on "My Computer", and the scan will start.
Once finished, save the log as "KAV.txt" to the desktop.


Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post back with the Kaspersky log and a new HijackThis log

tashi
2007-07-17, 01:18
AmericaCaptain, still with us?

tashi
2007-07-23, 16:00
Due to lack of a response to helper this topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.