PDA

View Full Version : malware issue - coasterboy



coasterboy
2009-11-20, 00:15
I hope I've followed all of the instructions correctly. Here is the log file from Hijack this.

Notes: Currently my desktop settings have been overridden to display a desktop image of a critical warning. The program/malware has disabled my sound, my email, my access to task manager. Spybot finds the issues during startup and has not been able to remove them. Spybot does say that the item is "fixed" but it loads anyways.

Please advise of any other information you may require. I have saved the Spybot logs as well, but not posted them here.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:05:32 PM, on 11/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
I:\Program Files\Alwil Software\Avast4\ashServ.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\brsvc01a.exe
I:\WINDOWS\system32\brss01a.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
I:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
I:\Program Files\iPod Access for Windows\iPAHelper.exe
I:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
I:\WINDOWS\System32\mnmsrvc.exe
I:\WINDOWS\system32\rundll32.exe
I:\WINDOWS\System32\nvsvc32.exe
I:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
I:\Program Files\Microsoft IntelliType Pro\itype.exe
I:\Program Files\QuickTime\qttask.exe
I:\Program Files\Common Files\Real\Update_OB\realsched.exe
I:\WINDOWS\system32\winupdate86.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "I:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "I:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [itype] "I:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LXCICATS] rundll32 I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [winupdate86.exe] I:\WINDOWS\system32\winupdate86.exe
O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "I:\WINDOWS\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] I:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] I:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = I:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: &ieSpell Options - res://I:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://I:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://I:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://I:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - I:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - I:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - I:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - I:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Internet Explorer Plug-In - https://my.garmin.com/mygarmin/m/GarminAxControl.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - https://bonfire.puretracks.com/en/onager.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/trydinerdash2/DinerDash2.1.0.0.48.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251946441781
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251946419125
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photolab.ca/en/Photo/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/iwincarambadeluxe/zylomgamesplayer.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.72.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O23 - Service: Apple Mobile Device - Apple Inc. - I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - I:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - I:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - I:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - I:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPAHelper.exe - Unknown owner - I:\Program Files\iPod Access for Windows\iPAHelper.exe
O23 - Service: iPod Service - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - I:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - I:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxci_device - - I:\WINDOWS\system32\lxcicoms.exe
O23 - Service: NBService - Nero AG - I:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - I:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\System32\nvsvc32.exe

--
End of file - 11714 bytes

katana
2009-11-23, 12:02
Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------



Download and Run RSIT

Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:

log.txt will be opened maximized.
info.txt will be opened minimized.

Please post the contents of both log.txt and info.txt.
( They can also be found in the C:\RSIT folder )



Please Download GMER to your desktop

Download GMER (http://www.gmer.net/gmer.zip) and extract it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

Note:- If GMER doesn't run, please Reboot and then rename gmer.exe to Look.exe and try again

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click Yes.

Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.

GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked. Click the Scan button and let the program do its work. GMER will produce a log.
Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.


DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.

coasterboy
2009-11-23, 16:46
RSIT Log

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jeff Smellie at 2009-11-23 09:44:39
Microsoft Windows XP Home Edition Service Pack 2
System drive I: has 43 GB (33%) free of 131 GB
Total RAM: 1535 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:44:44 AM, on 11/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
I:\Program Files\Alwil Software\Avast4\ashServ.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\brsvc01a.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\system32\brss01a.exe
I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
I:\Program Files\iPod Access for Windows\iPAHelper.exe
I:\WINDOWS\System32\mnmsrvc.exe
I:\WINDOWS\System32\nvsvc32.exe
I:\WINDOWS\system32\rundll32.exe
I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
I:\Program Files\QuickTime\qttask.exe
I:\Program Files\Common Files\Real\Update_OB\realsched.exe
I:\WINDOWS\system32\winupdate86.exe
I:\WINDOWS\system32\ctfmon.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\Program Files\Windows Live\Messenger\msnmsgr.exe
I:\Documents and Settings\Jeff Smellie\Desktop\RSIT.exe
I:\Program Files\Trend Micro\HijackThis\Jeff Smellie.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LXCICATS] rundll32 I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [winupdate86.exe] I:\WINDOWS\system32\winupdate86.exe
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] I:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] I:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = I:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: &ieSpell Options - res://I:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://I:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://I:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://I:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - I:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - I:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - I:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - I:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Internet Explorer Plug-In - https://my.garmin.com/mygarmin/m/GarminAxControl.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - https://bonfire.puretracks.com/en/onager.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/trydinerdash2/DinerDash2.1.0.0.48.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251946441781
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251946419125
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photolab.ca/en/Photo/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/iwincarambadeluxe/zylomgamesplayer.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.72.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O23 - Service: Apple Mobile Device - Apple Inc. - I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - I:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - I:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPAHelper.exe - Unknown owner - I:\Program Files\iPod Access for Windows\iPAHelper.exe
O23 - Service: iPod Service - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxci_device - - I:\WINDOWS\system32\lxcicoms.exe
O23 - Service: NBService - Nero AG - I:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - I:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\System32\nvsvc32.exe

--
End of file - 10387 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - I:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - i:\program files\google\googletoolbar2.dll [2008-03-22 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"avast!"=I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"QuickTime Task"=I:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"TkBellExe"=I:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-11-06 185632]
"LXCICATS"=rundll32 I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16 []
"winupdate86.exe"=I:\WINDOWS\system32\winupdate86.exe [2009-11-17 35088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=I:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
I:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
I:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
I:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
I:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
I:\Program Files\Lexmark 7300 Series\ezprint.exe [2005-08-01 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
I:\Program Files\Microsoft IntelliPoint\ipoint.exe [2006-07-07 600896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
I:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcimon.exe]
I:\Program Files\Lexmark 7300 Series\lxcimon.exe [2005-09-30 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
I:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
I:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
I:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoniqueQuickStart]
I:\Program Files\Sonique\sqstart.exe [2004-08-17 44832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-04 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
I:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-11-06 185632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
I:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\I:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
I:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\I:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
I:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -hx []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\I:^Documents and Settings^All Users^Start Menu^Programs^Startup^TotalMedia Backup Monitor.lnk]
I:\PROGRA~1\ArcSoft\TOTALM~1\UBBMON~1.EXE [2007-02-12 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\I:^Documents and Settings^Jeff Smellie^Start Menu^Programs^Startup^Webshots.lnk]
I:\PROGRA~1\Webshots\Launcher.exe /t []

I:\Documents and Settings\Jeff Smellie\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - I:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
I:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\system32\WPDShServiceObj.dll [2006-08-24 133120]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"EnableProfileQuota"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=95000000
"NoSetActiveDesktop"=1
"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"I:\Program Files\Kazaa Lite K++\KazaaLite.kpp"="I:\Program Files\Kazaa Lite K++\KazaaLite.kpp:*:Enabled:KazaaLite"
"I:\Program Files\BitTornado\btdownloadgui.exe"="I:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui"
"I:\Program Files\Real\RealPlayer\realplay.exe"="I:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"I:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP\artpschd.exe"="I:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP\artpschd.exe:*:Disabled:artpschd"
"I:\WINDOWS\system32\sessmgr.exe"="I:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"I:\Program Files\Messenger\msmsgs.exe"="I:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"I:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="I:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"I:\Program Files\iTunes\iTunes.exe"="I:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"I:\Program Files\Windows Live\Messenger\wlcsdk.exe"="I:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"I:\Program Files\Windows Live\Messenger\msnmsgr.exe"="I:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"I:\Program Files\Windows Live\Messenger\wlcsdk.exe"="I:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"I:\Program Files\Windows Live\Messenger\msnmsgr.exe"="I:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4314e53e-41f5-11dd-b65c-000ea6b4050d}]
shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4314e540-41f5-11dd-b65c-000ea6b4050d}]
shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9801755d-4a7b-11dc-b532-000ea6b4050d}]
shell\AutoRun\command - D:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa855ff7-ba1b-11db-b484-000ea6b4050d}]
shell\AutoRun\command - J:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e51cbd55-7a2b-11dd-b6c2-000ea6b4050d}]
shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e590e3e8-2ef4-11db-b3fd-000ea6b4050d}]
shell\AutoRun\command - J:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-11-23 09:44:39 ----D---- I:\rsit
2009-11-22 23:16:11 ----A---- I:\WINDOWS\system32\9040.exe
2009-11-22 22:56:09 ----A---- I:\WINDOWS\system32\30106.exe
2009-11-22 22:36:06 ----A---- I:\WINDOWS\system32\288.exe
2009-11-22 22:16:04 ----A---- I:\WINDOWS\system32\1842.exe
2009-11-22 21:59:14 ----SHD---- I:\Config.Msi
2009-11-22 21:56:01 ----A---- I:\WINDOWS\system32\22190.exe
2009-11-22 21:35:59 ----A---- I:\WINDOWS\system32\3035.exe
2009-11-22 21:15:56 ----A---- I:\WINDOWS\system32\12316.exe
2009-11-22 20:55:53 ----A---- I:\WINDOWS\system32\778.exe
2009-11-19 17:05:17 ----D---- I:\Program Files\Trend Micro
2009-11-19 17:02:37 ----D---- I:\WINDOWS\ERDNT
2009-11-19 17:01:23 ----D---- I:\Program Files\ERUNT
2009-11-19 08:30:20 ----A---- I:\WINDOWS\system32\27529.exe
2009-11-19 08:10:18 ----A---- I:\WINDOWS\system32\9741.exe
2009-11-19 07:50:15 ----A---- I:\WINDOWS\system32\8723.exe
2009-11-19 07:30:12 ----A---- I:\WINDOWS\system32\12859.exe
2009-11-19 07:10:10 ----A---- I:\WINDOWS\system32\20037.exe
2009-11-19 06:50:08 ----A---- I:\WINDOWS\system32\32757.exe
2009-11-19 06:30:05 ----A---- I:\WINDOWS\system32\32662.exe
2009-11-19 06:10:02 ----A---- I:\WINDOWS\system32\27644.exe
2009-11-19 05:50:00 ----A---- I:\WINDOWS\system32\25547.exe
2009-11-19 05:29:57 ----A---- I:\WINDOWS\system32\6868.exe
2009-11-19 05:09:55 ----A---- I:\WINDOWS\system32\28253.exe
2009-11-19 04:49:53 ----A---- I:\WINDOWS\system32\7711.exe
2009-11-19 04:29:50 ----A---- I:\WINDOWS\system32\15141.exe
2009-11-19 04:09:48 ----A---- I:\WINDOWS\system32\4664.exe
2009-11-19 03:49:45 ----A---- I:\WINDOWS\system32\17673.exe
2009-11-19 03:29:43 ----A---- I:\WINDOWS\system32\30333.exe
2009-11-19 03:09:40 ----A---- I:\WINDOWS\system32\31322.exe
2009-11-19 02:49:38 ----A---- I:\WINDOWS\system32\23811.exe
2009-11-17 23:02:32 ----A---- I:\WINDOWS\system32\28703.exe
2009-11-17 22:42:29 ----A---- I:\WINDOWS\system32\9894.exe
2009-11-17 22:22:27 ----A---- I:\WINDOWS\system32\17035.exe
2009-11-17 22:02:24 ----A---- I:\WINDOWS\system32\26299.exe
2009-11-17 21:42:21 ----A---- I:\WINDOWS\system32\25667.exe
2009-11-17 21:22:16 ----A---- I:\WINDOWS\system32\19912.exe
2009-11-17 21:02:14 ----A---- I:\WINDOWS\system32\1869.exe
2009-11-17 20:42:12 ----A---- I:\WINDOWS\system32\11538.exe
2009-11-17 20:22:09 ----A---- I:\WINDOWS\system32\14771.exe
2009-11-17 20:02:06 ----A---- I:\WINDOWS\system32\21726.exe
2009-11-17 19:42:04 ----A---- I:\WINDOWS\system32\5447.exe
2009-11-17 19:22:02 ----A---- I:\WINDOWS\system32\19895.exe
2009-11-17 19:01:59 ----A---- I:\WINDOWS\system32\19718.exe
2009-11-17 18:41:57 ----A---- I:\WINDOWS\system32\18716.exe
2009-11-17 18:21:54 ----A---- I:\WINDOWS\system32\17421.exe
2009-11-17 18:01:52 ----A---- I:\WINDOWS\system32\12382.exe
2009-11-17 17:41:50 ----A---- I:\WINDOWS\system32\292.exe
2009-11-17 17:21:47 ----A---- I:\WINDOWS\system32\153.exe
2009-11-17 17:01:44 ----A---- I:\WINDOWS\system32\3902.exe
2009-11-17 16:41:42 ----A---- I:\WINDOWS\system32\14604.exe
2009-11-17 16:21:39 ----A---- I:\WINDOWS\system32\32391.exe
2009-11-17 16:01:37 ----A---- I:\WINDOWS\system32\5436.exe
2009-11-17 15:41:34 ----A---- I:\WINDOWS\system32\4827.exe
2009-11-17 15:21:32 ----A---- I:\WINDOWS\system32\11942.exe
2009-11-17 15:01:30 ----A---- I:\WINDOWS\system32\2995.exe
2009-11-17 14:41:28 ----A---- I:\WINDOWS\system32\491.exe
2009-11-17 14:21:25 ----A---- I:\WINDOWS\system32\9961.exe
2009-11-17 14:01:23 ----A---- I:\WINDOWS\system32\16827.exe
2009-11-17 13:41:21 ----A---- I:\WINDOWS\system32\23281.exe
2009-11-17 13:21:18 ----A---- I:\WINDOWS\system32\28145.exe
2009-11-17 13:01:16 ----A---- I:\WINDOWS\system32\5705.exe
2009-11-17 12:41:13 ----A---- I:\WINDOWS\system32\24464.exe
2009-11-17 12:21:11 ----A---- I:\WINDOWS\system32\26962.exe
2009-11-17 12:01:09 ----A---- I:\WINDOWS\system32\29358.exe
2009-11-17 11:41:07 ----A---- I:\WINDOWS\system32\11478.exe
2009-11-17 11:21:04 ----A---- I:\WINDOWS\system32\15724.exe
2009-11-17 11:01:01 ----A---- I:\WINDOWS\system32\19169.exe
2009-11-17 10:40:59 ----A---- I:\WINDOWS\system32\26500.exe
2009-11-17 10:20:56 ----A---- I:\WINDOWS\system32\6334.exe
2009-11-17 10:00:54 ----A---- I:\WINDOWS\system32\18467.exe
2009-11-17 09:40:49 ----A---- I:\WINDOWS\system32\41.exe
2009-11-17 09:40:47 ----A---- I:\WINDOWS\system32\AVR10.exe
2009-11-17 09:40:46 ----A---- I:\WINDOWS\system32\winhelper86.dll
2009-11-17 09:40:37 ----A---- I:\WINDOWS\system32\winupdate86.exe

======List of files/folders modified in the last 1 months======

2009-11-23 09:07:42 ----D---- I:\WINDOWS\Temp
2009-11-23 09:06:43 ----D---- I:\WINDOWS\Prefetch
2009-11-23 09:05:45 ----D---- I:\WINDOWS\system32
2009-11-22 23:29:22 ----A---- I:\WINDOWS\SchedLgU.Txt
2009-11-22 23:29:21 ----D---- I:\WINDOWS\system32\CatRoot2
2009-11-22 22:17:37 ----A---- I:\WINDOWS\NeroDigital.ini
2009-11-22 22:08:25 ----D---- I:\WINDOWS
2009-11-22 22:07:02 ----AD---- I:\Program Files
2009-11-22 22:06:11 ----D---- I:\Program Files\SONY
2009-11-22 22:04:58 ----SHD---- I:\WINDOWS\Installer
2009-11-22 22:04:52 ----HD---- I:\WINDOWS\inf
2009-11-22 22:04:11 ----D---- I:\Documents and Settings\All Users\Application Data\Kodak
2009-11-22 22:04:03 ----D---- I:\Program Files\Common Files
2009-11-22 22:00:08 ----D---- I:\Program Files\Mick's Strip Poker
2009-11-22 21:59:51 ----D---- I:\Program Files\Common Files\Symantec Shared
2009-11-22 21:59:18 ----D---- I:\Documents and Settings\All Users\Application Data\Symantec
2009-11-19 16:59:21 ----D---- I:\WINDOWS\system32\wbem
2009-11-17 23:31:31 ----D---- I:\Program Files\Spybot - Search & Destroy
2009-11-17 23:28:19 ----D---- I:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-17 23:08:16 ----D---- I:\Program Files\Sonique
2009-11-17 21:36:41 ----D---- I:\Documents and Settings\Jeff Smellie\Application Data\Juniper Networks
2009-11-17 21:36:05 ----D---- I:\WINDOWS\WinSxS
2009-11-17 21:32:42 ----A---- I:\WINDOWS\msicpl.ini
2009-11-05 14:20:06 ----D---- I:\Program Files\Lx_cats
2009-11-01 08:53:20 ----A---- I:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; I:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; I:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; I:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 eeCtrl;Symantec Eraser Control driver; \??\I:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; I:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R2 aswFsBlk;aswFsBlk; I:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; I:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R3 Afc;PPdus ASPI Shell; I:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); I:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; I:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 aswRdr;aswRdr; I:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; I:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; I:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ltmodem5;LT Modem Driver; I:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-04 606684]
R3 mouhid;Mouse HID Driver; I:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; I:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; I:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-05-14 2205760]
R3 Point32;Microsoft IntelliPoint Filter Driver; I:\WINDOWS\system32\DRIVERS\point32.sys [2006-06-30 21760]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; I:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; I:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; I:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbstor;USB Mass Storage Driver; I:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; I:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 ALCXSENS;Service for WDM 3D Audio Driver; I:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-11 391424]
S3 CCDECODE;Closed Caption Decoder; I:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 ICDUSB2;Sony IC Recorder (P); I:\WINDOWS\System32\Drivers\ICDUSB2.sys [2002-11-28 39048]
S3 jatmlano;jatmlano; \??\I:\DOCUME~1\JEFFSM~1\LOCALS~1\Temp\jatmlano.sys []
S3 kazoo;Kazoo.sys Kazoo Device driver; I:\WINDOWS\System32\Drivers\Kazoo.sys [2002-05-08 9600]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; I:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; I:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; I:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 QCMerced;Logitech QuickCam Express; I:\WINDOWS\System32\DRIVERS\LVCM.sys [2002-09-20 472396]
S3 SLIP;BDA Slip De-Framer; I:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SPBBCDrv;SPBBCDrv; \??\I:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 streamip;BDA IPSink; I:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbaudio;USB Audio Driver (WDM); I:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; I:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; I:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; I:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 WSTCODEC;World Standard Teletext Codec; I:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; I:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; I:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 aswUpdSv;avast! iAVS4 Control Service; I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; I:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Brother XP spl Service;BrSplService; I:\WINDOWS\system32\brsvc01a.exe [2001-11-22 57344]
R2 iPAHelper.exe;iPAHelper.exe; I:\Program Files\iPod Access for Windows\iPAHelper.exe [2007-04-05 1543614]
R2 NVSvc;NVIDIA Display Driver Service; I:\WINDOWS\System32\nvsvc32.exe [2004-05-14 114755]
R3 avast! Mail Scanner;avast! Mail Scanner; I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; I:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S2 CLTNetCnService;Symantec Lic NetConnect service; I:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 gusvc;Google Updater Service; I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-22 138168]
S3 IDriverT;InstallDriver Table Manager; I:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 iPod Service;iPod Service; I:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 lxci_device;lxci_device; I:\WINDOWS\system32\lxcicoms.exe [2005-10-24 491520]
S3 NBService;NBService; I:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; I:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]

-----------------EOF-----------------

coasterboy
2009-11-23, 16:49
RSIT Info

info.txt logfile of random's system information tool 1.06 2009-11-23 09:44:48

======Uninstall list======

-->I:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->I:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->I:\WINDOWS\System32\msiuins.exe
-->I:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->I:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->I:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->I:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->I:\WINDOWS\UNRecode.exe /UNINSTALL
-->RunDll32 I:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{510582B9-2633-11D4-99DC-0000F49094C7}\Setup.exe" UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 I:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal-->I:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE I:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Flash Player 10 ActiveX-->I:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->I:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft TotalMedia Backup & Record-->RunDll32 I:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{EF6F70D0-C242-4047-946B-98EA8208481A}\Setup.exe" -l0x9
avast! Antivirus-->I:\Program Files\Alwil Software\Avast4\aswRunDll.exe "I:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVS Update Manager 1.0-->"I:\Program Files\AVS4YOU\AVSUpdateManager\unins000.exe"
AVS Video Editor 4 4.2.1.166-->"I:\Program Files\AVS4YOU\AVSVideoEditor\unins000.exe"
AVS Video Recorder 2.4 (Service Version)-->"I:\Program Files\AVS4YOU\AVSVideoRecorder\unins000.exe"
AVS YouTube Uploader version 2.1-->"I:\Program Files\AVS4YOU\AVSYouTubeUploader\unins000.exe"
AVS4YOU Software Navigator 1.3-->"I:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
BitTornado 0.3.7-->I:\Program Files\BitTornado\uninst.exe
Deal or No Deal-->MsiExec.exe /X{CEA0BA90-DED4-169F-BA18-D9F57E43E6AD}
Diner Dash 2 (remove only)-->"I:\Program Files\AOL Games\Diner Dash 2\Uninstall.exe"
ERUNT 1.1j-->"I:\Program Files\ERUNT\unins000.exe"
FLV Player 1.01-->"I:\Program Files\FLVPlayer\uninstall.exe"
Garmin City Navigator North America NT 2010.10 Update-->MsiExec.exe /X{301CC8D1-FE75-41ED-9B11-41F006110950}
Garmin Communicator Plugin-->MsiExec.exe /X{86B879A5-927E-4536-B5FC-17CA96B60078}
Garmin USB Drivers-->MsiExec.exe /X{B1102A25-3AA3-446B-AA0F-A699B07A02FD}
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "i:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2-->"I:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"I:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"I:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"I:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"I:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
ieSpell-->"I:\Program Files\ieSpell\uninst.exe"
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
iPod Access for Windows v4.1.3-->"I:\Program Files\iPod Access for Windows\unins000.exe"
iPod for Windows 2005-09-23-->I:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033
IsoBuster 2.0-->"I:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java 2 Runtime Environment, SE v1.4.2_06-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Lexmark 7300 Series-->I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxciUNST.EXE -NOLICENSE
Luxor 2 (remove only)-->"I:\Program Files\MumboJumbo\Luxor 2\Uninstall.exe"
Luxor-->I:\PROGRA~1\GAMEHO~1\Luxor\UNWISE.EXE /U I:\PROGRA~1\GAMEHO~1\Luxor\INSTALL.LOG
Macromedia Shockwave Player-->I:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE I:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Data Access Components KB870669-->I:\WINDOWS\muninst.exe I:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"I:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"I:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Moyea FLV Downloader version 1.15.0.15-->"I:\Program Files\Moyea\FLV Downloader\unins001.exe"
Moyea FLV Player version 1.5.2.7-->"I:\Program Files\Moyea\FLV Player\unins001.exe"
Mozilla Firefox (1.0.6)-->I:\WINDOWS\UninstallFirefox.exe /ua "1.0.6 (en-US)"
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Nero 7 Ultra Edition-->MsiExec.exe /X{847CAE64-4CD2-4B2D-AF00-978FF5431033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NoLimits Coasters 1.7 (remove only)-->"I:\Program Files\NoLimits Coasters v1.7\uninstall.EXE"
NoLimits Coasters Demo 1.6 (remove only)-->"I:\Program Files\NoLimits Coasters Demo v1.6\uninstall.EXE"
NVIDIA Drivers-->I:\WINDOWS\System32\nvudisp.exe UninstallGUI
PowerDVD-->RunDll32 I:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RCT3 Soaked-->RunDll32 I:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}\Setup.exe" -l0x9
RealPlayer-->I:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 I:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RideMax for Disneyland 5.1-->"I:\Program Files\RideMax for Disneyland\uninstall.exe"
RollerCoaster Tycoon 2-->RunDll32 I:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}\Setup.exe" -l0x9
RollerCoaster TycoonŽ 3-->RunDll32 I:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x9
Security Update for Windows Internet Explorer 7 (KB928090)-->"I:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"I:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"I:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"I:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"I:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"I:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"I:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"I:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"I:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"I:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"I:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"I:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"I:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"I:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"I:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB883939)-->"I:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"I:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"I:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"I:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"I:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"I:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"I:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"I:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"I:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"I:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"I:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"I:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"I:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"I:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"I:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"I:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB903235)-->"I:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"I:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"I:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"I:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"I:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"I:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"I:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"I:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"I:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"I:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"I:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"I:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"I:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"I:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"I:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"I:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"I:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"I:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"I:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"I:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"I:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"I:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"I:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"I:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"I:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"I:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"I:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"I:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"I:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"I:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"I:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"I:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"I:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"I:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"I:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"I:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"I:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"I:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"I:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"I:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"I:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"I:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"I:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"I:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"I:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"I:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"I:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"I:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"I:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"I:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"I:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"I:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"I:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"I:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"I:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"I:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"I:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"I:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"I:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"I:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"I:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"I:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"I:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"I:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"I:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"I:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"I:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"I:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"I:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"I:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"I:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"I:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"I:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"I:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"I:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"I:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"I:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"I:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"I:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"I:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"I:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"I:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"I:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"I:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"I:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"I:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"I:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"I:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"I:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"I:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sonique-->I:\Program Files\Sonique\uninstall.exe
SPBBC 32bit-->MsiExec.exe /I{32DAF7E3-079F-4F42-ACE5-704A6823ABB1}
SpongeBob Diner Dash-->I:\PROGRA~1\SPONGE~1\UNWISE.EXE I:\PROGRA~1\SPONGE~1\INSTALL.LOG
Spybot - Search & Destroy 1.3-->"I:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"I:\Program Files\Spybot - Search & Destroy\unins001.exe"
Thrillville(TM): '07-->I:\Program Files\InstallShield Installation Information\{3BC8D2F1-8CA2-4AF9-99C7-8598AFFDEF8F}\setup.exe -runfromtemp -l0x0409
Update for Windows XP (KB894391)-->"I:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB896727)-->"I:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"I:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"I:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"I:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"I:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"I:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"I:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"I:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"I:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"I:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"I:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"I:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"I:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"I:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"I:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"I:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"I:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"I:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VLC media player 0.9.4-->I:\Program Files\VideoLAN\VLC\uninstall.exe
WinAce Archiver-->"I:\Program Files\WinAce\SXUNINST.EXE" "I:\Program Files\WinAce\SXUNINST.INI"
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)-->rundll32.exe I:\PROGRA~1\DIFX\15B7F172FC21855D\DIFxAppA.dll, DIFxARPUninstallDriverPackage I:\WINDOWS\system32\DRVSTORE\grmnusb_09F3E629557EBE4D2BA1A9469BDAE635AC0807AE\grmnusb.inf
Windows Installer 3.1 (KB893803)-->"I:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"I:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"I:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->I:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"I:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"I:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->"I:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Hotfix - KB834707-->I:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
Windows XP Hotfix - KB867282-->I:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Windows XP Hotfix - KB873333-->I:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->I:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->I:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->I:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->I:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->I:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->I:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->I:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->I:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->I:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890047-->I:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->I:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"I:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890923-->"I:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->I:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893066-->"I:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893086-->"I:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->I:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinRAR archiver-->I:\Program Files\WinRAR\uninstall.exe
WinZip-->"I:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Zuma Deluxe-->"I:\Program Files\MSN Games\Zuma Deluxe\Uninstall.exe" "I:\Program Files\MSN Games\Zuma Deluxe\install.log"

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 091123-0]

======System event log======

Computer Name: DEFAULT-1XMTVVV
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 134740
Source Name: W32Time
Time Written: 20091106045913.000000-240
Event Type: warning
User:

Computer Name: DEFAULT-1XMTVVV
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 134736
Source Name: Tcpip
Time Written: 20091106043756.000000-240
Event Type: warning
User:

Computer Name: DEFAULT-1XMTVVV
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 134732
Source Name: Tcpip
Time Written: 20091106033650.000000-240
Event Type: warning
User:

Computer Name: DEFAULT-1XMTVVV
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 134731
Source Name: Tcpip
Time Written: 20091106030808.000000-240
Event Type: warning
User:

Computer Name: DEFAULT-1XMTVVV
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 134724
Source Name: Tcpip
Time Written: 20091106004003.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: DEFAULT-1XMTVVV
Event Code: 1001
Message: Detection of product '{DB02F716-6275-42E9-B8D2-83BA2BF5100B}', feature 'SFR' failed during request for component '{5617BF49-9195-4C35-B9AD-F8D165DE25BB}'

Record Number: 96138
Source Name: MsiInstaller
Time Written: 20091117213615.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DEFAULT-1XMTVVV
Event Code: 1001
Message: Detection of product '{DB02F716-6275-42E9-B8D2-83BA2BF5100B}', feature 'SFR' failed during request for component '{5617BF49-9195-4C35-B9AD-F8D165DE25BB}'

Record Number: 96137
Source Name: MsiInstaller
Time Written: 20091117213610.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DEFAULT-1XMTVVV
Event Code: 1001
Message: Detection of product '{DB02F716-6275-42E9-B8D2-83BA2BF5100B}', feature 'SFR' failed during request for component '{5617BF49-9195-4C35-B9AD-F8D165DE25BB}'

Record Number: 96136
Source Name: MsiInstaller
Time Written: 20091117213610.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DEFAULT-1XMTVVV
Event Code: 1000
Message: Faulting application vlc.exe, version 0.9.4.0, faulting module avcodec-51.dll, version 0.0.0.0, fault address 0x002f48ea.

Record Number: 95804
Source Name: Application Error
Time Written: 20091111122758.000000-300
Event Type: error
User:

Computer Name: DEFAULT-1XMTVVV
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16705, faulting module unknown, version 0.0.0.0, fault address 0x61e1ab50.

Record Number: 95223
Source Name: Application Error
Time Written: 20091104102517.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;I:\Program Files\Common Files\Ulead Systems\MPEG;I:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;I:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=I:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------

coasterboy
2009-11-23, 17:00
I dowloaded and installed GMER and the following happened:

Upon start up it didn't give me any messages about possible rootkit activity so I began the scan as advised.

Part way into the scan, a windows message came up saying that the program had to close and would I like to report the error. I said no, and GMER closed without completing the scan.

I double clicked in GMER to try again, and the system crashed and went into hard reboot.

I am back up with no major issues, but should I run GMER again after that?

katana
2009-11-23, 23:46
but should I run GMER again after that?

No need, that RSIT log tells me quite a lot


Step 1

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If requested, please reboot
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


----------------------------------------------------------------------------------------
Step 2


Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

For instructions on how to disable your security programs, please see this topic
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs (http://www.bleepingcomputer.com/forums/topic114351.html)

----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

MalwareBytes Log
Combofix Log
How are things running now ?

coasterboy
2009-11-24, 05:13
Update:
I installed and ran Malwarebytes and about halfway into the scan, it stopped scanning, Avast came up and reported a virus was found.

File Name: proquota.exe
Location: I:WINDOWS\System32\Wbem
Virus: Win32:Trojan-gen

Avast successfully moved it to the chest and then Malwarebytes resumed scanning.

The Malwarebytes log is below. It displayed 23 items to delete and I clicked on Remove Selected. While trying to remove those items, the pop up that I get from the malware appeared "The file is infected. Activate your antivirus software immediately". This is the same message that appears whenever I try to open my email or task manager. At the same time a message from Malwarebytes appeared saying that one of the items couldn't be removed and that it was going to reboot in order to remove it.

I'm back up from the reboot and my computer is running fine now. No issues with opening email or task manager, my sound works again and the pop up messages have stopped.

Should I proceed with combofix?

Malwarebytes Log:

Malwarebytes' Anti-Malware 1.41
Database version: 3220
Windows 5.1.2600 Service Pack 2

11/23/2009 9:29:30 PM
mbam-log-2009-11-23 (21-29-30).txt

Scan type: Full Scan (I:\|K:\|L:\|)
Objects scanned: 265147
Time elapsed: 1 hour(s), 20 minute(s), 22 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 13
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
I:\WINDOWS\system32\winupdate86.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdate86.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
I:\WINDOWS\system32\critical_warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\winupdate86.exe (Trojan.FakeAlert) -> Delete on reboot.
I:\WINDOWS\system32\AVR10.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\winhelper86.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

katana
2009-11-24, 10:30
Should I proceed with combofix?

Yes please, there are still a lot of files that need removing.

coasterboy
2009-11-27, 06:57
Combo fix log part 1 below

Please note I will be offline for a few days, but will check here as soon as I'm back.

ComboFix 09-11-26.02 - Jeff Smellie 11/26/2009 23:14.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1535.1030 [GMT -5:00]
Running from: i:\documents and settings\Jeff Smellie\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 091126-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

i:\program files\Common Files\SLMSS
i:\program files\Common Files\SLMSS\acp1.dat
i:\windows\Downloaded Program Files\CONFLICT.1\poPCaploader.dll
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\cup.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\customer_cup.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\heart.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\menu_down.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\menu_up.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\plates.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\ticket.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\accessories\tray.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\music\mainmenumusic.ogg
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_bring_check_1_snd.ogg
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_diner.ogg
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_food_ready_1_snd.ogg
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_gain_heart_1.ogg
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_pencil_write_2.ogg
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_rollover_1.ogg
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\audio\sfx\sfx_seat_people_snd.ogg
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\choosedifficulty.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\credits.jpg
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\flo_lose.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\flo_win.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\help1.jpg
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\help2.jpg
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\highscores.jpg
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\levelintro.jpg
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\levelintro_mask.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\levelover.jpg
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\levelover_mask.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\mainmenu.jpg
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\popup.jpg
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\popup_mask.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\upgradegrid.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\upgradetitle.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\backgrounds\upsell.jpg
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\arrowleft_blue.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\arrowleft_yellow.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\arrowright_blue.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\arrowright_yellow.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\back_blue.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\back_yellow.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\backchalk.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\backchalkup.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\backtomenu_blue.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\backtomenu_yellow.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\cancel.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\cancelup.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\career.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\career_over.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\close.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\closeup.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\continue.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\continueover.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\credits_blue.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\credits_yellow.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\download_blue.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\download_yellow.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\easy.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\easy_over.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\endlessshift.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\endlessshift_over.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\hard.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\hard_over.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\help.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\help_over.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\highscores.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\highscores_over.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\instructions_blue.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\instructions_yellow.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\letsplay.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\letsplayover.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\medium.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\medium_over.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\moreinfo.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\moreinfoup.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\off.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\off_on.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\on.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\on_on.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\pause.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\pauseover.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\quit.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\quitgame.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\quitgameover.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\quitover.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\resumegame.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\resumegameover.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\submit.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\submitup.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\tryagain.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\tryagainover.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\upgrade_over.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\upgrade_up.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\viewglobal.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\viewglobalup.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\viewhighscore.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\viewhighscoreon.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\viewlocal.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\buttons\viewlocalup.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\comics\webcomic.jpg
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\config\career.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\config\customer.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\config\endless.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\config\global.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\config\powerups.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\cook\cook.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\cook\cook.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\cook\stove.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\cursor\arrow.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\cursor\click.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\cursor\click2.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\cursor\grab.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\cursor\open.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\anim.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\blue\anim.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\blue\anim.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\blue\sit_legs.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\green\anim.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\green\anim.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\green\sit_legs.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\purple\anim.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\purple\anim.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\purple\sit_legs.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\red\anim.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\red\anim.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\red\sit_legs.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\yellow\anim.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\yellow\anim.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\old_male\yellow\sit_legs.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\anim.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\blue\anim.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\blue\anim.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\blue\sit_legs.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\green\anim.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\green\anim.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\green\sit_legs.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\purple\anim.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\purple\anim.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\purple\sit_legs.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\red\anim.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\red\anim.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\red\sit_legs.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\yellow\anim.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\yellow\anim.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\customers\young_female\yellow\sit_legs.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\flo\idle.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\flo\idle.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\flo\lower.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\flo\lower.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\flo\upper.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\flo\upper.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\fonts\arial.mvec
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\fonts\komikaaxis.mvec
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\chair.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\chair.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\dirt2top.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\dirt4top.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\dishcart.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\dishcart.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\drinkstation_off.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\drinkstation_on1.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\drinkstation_on2.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\ticketstation.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\furniture\ticketstation.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowdown.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowdownon.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowleft.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowlefton.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowright.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowrighton.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowup.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\arrowupon.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\p1icon.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\textedit.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\hiscore\title.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_1.txt
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_1_a.txt
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_1_b.txt
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_1_c.txt
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_2.txt
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_2_a.txt
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_2_b.txt
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_2_c.txt
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_2_d.txt
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_3.txt
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_3_a.txt
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_3_b.txt
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_3_c.txt
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\endless_1_3_d.txt
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\fifth_level_diner.txt
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\first_level_diner.txt
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\fourth_level_diner.txt
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\layouts\second_level_diner.txt
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\playfirst_logo.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\background.jpg
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\food\food1.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\food\food1.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\food\food2.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\food\food2.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\food\food3.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\food\food3.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\frames\upgrade_0001.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\tables\2top.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\tables\2top.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\tables\4top.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\tables\4top.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\diner\upgrades.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\restaurants\tableshadow.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\choosedifficulty.lua
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\chooseplayer.lua
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\chooserestaurant.lua
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\credits.lua
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\game.lua
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\gothighscore.lua
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\help.lua
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\help2.lua
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\hiscore.lua
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\hiscoreinfo.lua
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\hiscoresubmit.lua
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\levelintro.lua
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\levelover.lua
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\loading.lua
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\mainloop.lua
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\mainmenu.lua
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\ok.lua
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\pause.lua
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\style.lua
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\tutorialintro.lua
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\upgrade.lua
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\upsell.lua
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\webcomic.lua
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\scripts\yesno.lua
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\splash\aol_logo.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\splash\gamelabsplash.jpg
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\splash\playfirst_logo.jpg
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\strings.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\angersmoke.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\angersmoke.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\chairflags.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\chairflags.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\check.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\checkmark.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\clock.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\closed.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\closingtime.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\coinflip.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\coinflip.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\dollar.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\doodles\coffee.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\doodles\tables.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\doodles\wallpaper.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\expert.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\expertscore.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\foodpoof.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\foodpoof.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\fork_timer.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\goalcompleted.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\heartgrow.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\heartgrow.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\jar.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\jar.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\level.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\level_career.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\score.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\sound.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\staroff.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\staron.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\tablenumber.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\tablenumberup.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\traynumber.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\tutorial_character.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\tutorialarrow.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\tutorialbox.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgradeanim.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgradeanim.xml
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\drinks.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\maitred.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\oven.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\select.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\shoes.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\stereo.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\assets\ui\upgrades\table.png
i:\windows\Downloaded Program Files\DinerDash.1.0.0.72\dinerdash.exe
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\dirty_dishes.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\foodtray.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\heart1.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\heart2.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\heart3.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\menu_down.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\menu_up.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\mop_prop.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\ticket.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a1.ogg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a2.ogg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a3.ogg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a4.ogg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\mainmenumusic.ogg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\baby_cry.ogg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\chef_cook1.ogg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\closing_time.ogg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\customer_ditch.ogg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\dialog_down.ogg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\dialog_up.ogg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\drink_table.ogg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\expert.ogg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\highchair_deliver.ogg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\highchair_pickup.ogg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\keystroke2.ogg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\level_lose.ogg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\level_win.ogg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\menu_click.ogg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\menu_rollover.ogg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\mop_pickup.ogg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\mop_spill.ogg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_bring_check_1_snd.ogg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_dropoff_drinks_1.ogg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_food_ready_1_snd.ogg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_gain_heart_1.ogg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_menu_down.ogg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_pencil_write_2.ogg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_seat_people_snd.ogg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\spill.ogg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\table_drink.ogg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\tip_2.ogg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\flo_lose.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\flo_win.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\fullscreendialog.jpg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\high_score_menu_bg.jpg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\levelintro.jpg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\levelintro.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\levelover.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\longdialog.jpg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\longdialog.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\mainmenu.jpg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\mainmenu_logo.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\popup.jpg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\popup.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\textfield.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\upgrade_lines.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowdown_a.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowdown_b.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowdown_c.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowup_a.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowup_b.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowup_c.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_a.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_b.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_rotated_a.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_rotated_b.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\decor_highlight.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\decor_normal.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\decor_selected.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_1.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_2.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_3.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_1.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_2.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_3.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a1.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a2.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a3.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\left_arrow_a.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\left_arrow_b.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\left_arrow_c.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_a.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_b.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_c.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_mask.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_a.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_b.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_c.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_mask.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\map_button_a.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\map_button_b.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\map_button_c.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\right_arrow_a.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\right_arrow_b.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\right_arrow_c.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\upgrade_down.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\upgrade_over.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\upgrade_up.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\welcome_player.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\actionpoints.bin
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\career.bin
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\customer.bin
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\endless.bin
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\global.bin
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\powerups.bin
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cook\stove.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\arrow.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\click.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\click2.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\grab.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\open.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\anim.anm
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\anim.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\blue.pal
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\blue_legs.pal
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\legs.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\red.pal
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\red_legs.pal
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\anim.anm
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\anim.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\blue.pal
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\blue_legs.pal
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\legs.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\red.pal
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\red_legs.pal
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\anim.anm
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\anim.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\baby.anm
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\baby.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\blue.pal
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\blue_baby.pal
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\blue_legs.pal
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\legs.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\red.pal
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\red_baby.pal
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\red_legs.pal
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\anim.anm
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\anim.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\blue.pal
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\blue_legs.pal
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\legs.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\red.pal
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\red_legs.pal
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\idle.anm
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\idle.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\lower.anm
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\lower.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\upper.anm
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\upper.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\fonts\mercurius.mvec
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\bench.anm
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\bench.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\blue_highchairbaby.pal
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\chair.anm
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\chair.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dirt2top.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dirt4top.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dishcart.anm
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dishcart.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\green_highchairbaby.pal
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchair_prop_a.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchair_prop_b.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchairbaby.anm
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchairbaby.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\luxury_bench.anm
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\luxury_bench.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\mop_station_a.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\mop_station_b.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\mop_station_c.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\podium.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\podium_heart.anm
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\podium_heart.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\purple_highchairbaby.pal
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\radio.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\red_highchairbaby.pal
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\spill.anm
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\spill.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\stereo.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\ticketstation.anm
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\ticketstation.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\yellow_highchairbaby.pal
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\family.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help_dividerline.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_colormatch1.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_colormatch2.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_noise.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_score.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_cleardishes.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_givecheck.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_pickupfood.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_servefood.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_takeorder.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\hiscore\local-hs-bb.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\hiscore\p1icon.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_1.bin
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_2.bin
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_3.bin
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_4.bin
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_5.bin
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_6.bin
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1.bin
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_a.bin
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_b.bin
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_c.bin
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\playfirstlogo.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\background.jpg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\blue.pal
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\green.anm
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\green.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\grey.pal
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\red.pal
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\cup1.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\food.anm
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\food.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\frames\2_0.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\frames\2_1.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_a.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_b.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_c.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\people\cook.anm
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\people\cook.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\props\cup_prop1.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\2top.anm
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\2top.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\4top.anm
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\4top.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrades.xml
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\tableshadow.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\careerupgrade.lua
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\choosedifficulty.lua
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\closeconfirm.lua
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\entername.lua
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\game.lua
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\getmoregames.lua
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\help1.lua
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\help2.lua
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\hiscore.lua
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\hiscoreinfo.lua
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\hiscoresubmit.lua
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\levelintro.lua
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\levelover.lua
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\loading.lua
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\mainloop.lua
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\mainmenu.lua
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\ok.lua
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\pause.lua
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\style.lua
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\upgrade.lua
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\upsell.lua
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\yesno.lua
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\splash\aol_logo.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\splash\playfirst_logo.jpg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\strings.xml
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\angersmoke.anm
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\angersmoke.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\bubbles\request_bubble.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\bubbles\request_mop.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\bubbles\request_rejectmeal.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\chairflags.anm
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\chairflags.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\check.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\checkmark.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\closed.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\coinflip.anm
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\coinflip.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\decor_lines.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\dollar.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\expert.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\foodpoof.anm
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\foodpoof.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\heartgrow.anm
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\heartgrow.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\jar.anm
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\jar.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\lives_icon.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\noisering.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_a.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_b.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_c.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_d.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_e.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_f.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tablenumber_a.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tablenumber_b.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\traynumber.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tutorialarrow.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tutorialbox.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_base.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_hand.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_timer_off.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_timer_on.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgradeanim.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_a.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_b.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_c.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_a.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_b.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_c.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_a.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_b.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_c.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_a.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_b.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_c.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_a.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_b.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_c.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_a.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_b.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_c.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_a.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_b.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_c.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_a.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_b.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_c.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_a.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_b.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_c.png
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd1.jpg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd2.jpg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd3.jpg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd4.jpg
i:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\dinerdash2.exe
i:\windows\Downloaded Program Files\popcaploader.dll
i:\windows\system32\11478.exe
i:\windows\system32\11538.exe
i:\windows\system32\11942.exe
i:\windows\system32\12316.exe
i:\windows\system32\12382.exe
i:\windows\system32\12859.exe
i:\windows\system32\14604.exe
i:\windows\system32\14771.exe
i:\windows\system32\15141.exe
i:\windows\system32\153.exe
i:\windows\system32\15724.exe
i:\windows\system32\16827.exe
i:\windows\system32\17035.exe
i:\windows\system32\17421.exe
i:\windows\system32\17673.exe
i:\windows\system32\1842.exe
i:\windows\system32\18467.exe
i:\windows\system32\1869.exe
i:\windows\system32\18716.exe
i:\windows\system32\19169.exe
i:\windows\system32\19718.exe
i:\windows\system32\19895.exe
i:\windows\system32\19912.exe
i:\windows\system32\20037.exe
i:\windows\system32\21726.exe
i:\windows\system32\22190.exe
i:\windows\system32\23281.exe
i:\windows\system32\23811.exe
i:\windows\system32\24464.exe
i:\windows\system32\25547.exe
i:\windows\system32\25667.exe
i:\windows\system32\26299.exe
i:\windows\system32\26500.exe
i:\windows\system32\26962.exe
i:\windows\system32\27529.exe
i:\windows\system32\27644.exe
i:\windows\system32\28145.exe
i:\windows\system32\28253.exe
i:\windows\system32\28703.exe
i:\windows\system32\288.exe
i:\windows\system32\292.exe
i:\windows\system32\29358.exe
i:\windows\system32\2995.exe
i:\windows\system32\30106.exe
i:\windows\system32\30333.exe
i:\windows\system32\3035.exe
i:\windows\system32\31322.exe
i:\windows\system32\32391.exe
i:\windows\system32\32662.exe
i:\windows\system32\32757.exe
i:\windows\system32\3902.exe
i:\windows\system32\4664.exe
i:\windows\system32\4827.exe
i:\windows\system32\491.exe
i:\windows\system32\5436.exe
i:\windows\system32\5447.exe
i:\windows\system32\5705.exe
i:\windows\system32\6334.exe
i:\windows\system32\6868.exe
i:\windows\system32\7711.exe
i:\windows\system32\778.exe
i:\windows\system32\8723.exe
i:\windows\system32\9040.exe
i:\windows\system32\9741.exe
i:\windows\system32\9894.exe
i:\windows\system32\9961.exe

i:\windows\system32\proquota.exe was missing
Restored copy from - i:\windows\ServicePackFiles\i386\proquota.exe

coasterboy
2009-11-27, 06:57
Combofix log part 2


.
((((((((((((((((((((((((( Files Created from 2009-10-27 to 2009-11-27 )))))))))))))))))))))))))))))))
.

2009-11-27 04:25 . 2004-08-04 07:56 50176 -c--a-w- i:\windows\system32\dllcache\proquota.exe
2009-11-27 04:25 . 2004-08-04 07:56 50176 ----a-w- i:\windows\system32\proquota.exe
2009-11-24 08:03 . 2009-11-24 08:03 -------- d-----w- i:\program files\MSXML 4.0
2009-11-24 04:40 . 2009-03-06 14:44 283648 -c----w- i:\windows\system32\dllcache\pdh.dll
2009-11-24 04:40 . 2009-02-09 10:20 399360 -c----w- i:\windows\system32\dllcache\rpcss.dll
2009-11-24 04:40 . 2009-02-09 10:20 473088 -c----w- i:\windows\system32\dllcache\fastprox.dll
2009-11-24 04:40 . 2009-02-09 10:20 453120 -c----w- i:\windows\system32\dllcache\wmiprvsd.dll
2009-11-24 04:40 . 2009-02-06 17:14 110592 -c----w- i:\windows\system32\dllcache\services.exe
2009-11-24 04:40 . 2009-02-06 16:39 227840 -c----w- i:\windows\system32\dllcache\wmiprvse.exe
2009-11-24 04:40 . 2005-07-26 04:39 60416 -c----w- i:\windows\system32\dllcache\colbact.dll
2009-11-24 04:40 . 2009-02-09 10:20 714752 -c----w- i:\windows\system32\dllcache\ntdll.dll
2009-11-24 04:40 . 2009-02-09 10:20 616960 -c----w- i:\windows\system32\dllcache\advapi32.dll
2009-11-24 04:40 . 2009-06-21 22:04 153088 -c----w- i:\windows\system32\dllcache\triedit.dll
2009-11-24 04:37 . 2009-06-05 07:42 655872 -c----w- i:\windows\system32\dllcache\mstscax.dll
2009-11-24 04:36 . 2008-04-21 10:02 215552 -c----w- i:\windows\system32\dllcache\wordpad.exe
2009-11-23 23:35 . 2009-11-23 23:35 -------- d-----w- i:\documents and settings\Jeff Smellie\Application Data\Malwarebytes
2009-11-23 23:35 . 2009-09-10 19:54 38224 ----a-w- i:\windows\system32\drivers\mbamswissarmy.sys
2009-11-23 23:35 . 2009-11-23 23:35 -------- d-----w- i:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-23 23:35 . 2009-09-10 19:53 19160 ----a-w- i:\windows\system32\drivers\mbam.sys
2009-11-23 23:35 . 2009-11-23 23:35 -------- d-----w- i:\program files\Malwarebytes' Anti-Malware
2009-11-23 14:44 . 2009-11-23 14:44 -------- d-----w- I:\rsit
2009-11-19 22:05 . 2009-11-19 22:05 -------- d-----w- i:\program files\Trend Micro
2009-11-19 22:01 . 2009-11-19 22:01 -------- d-----w- i:\program files\ERUNT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-23 03:06 . 2004-08-28 19:06 -------- d-----w- i:\documents and settings\Jeff Smellie\Application Data\Webshots
2009-11-23 03:06 . 2008-04-21 18:05 -------- d-----w- i:\program files\SONY
2009-11-23 03:04 . 2007-12-10 03:58 -------- d-----w- i:\documents and settings\All Users\Application Data\Kodak
2009-11-23 03:00 . 2006-04-21 04:07 -------- d-----w- i:\program files\Mick's Strip Poker
2009-11-23 02:59 . 2004-08-27 22:45 -------- d-----w- i:\program files\Common Files\Symantec Shared
2009-11-23 02:59 . 2004-08-27 22:45 -------- d-----w- i:\documents and settings\All Users\Application Data\Symantec
2009-11-18 04:31 . 2005-05-13 15:13 -------- d-----w- i:\program files\Spybot - Search & Destroy
2009-11-18 04:28 . 2005-05-13 15:13 -------- d-----w- i:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-18 04:08 . 2004-08-17 15:46 -------- d-----w- i:\program files\Sonique
2009-11-18 02:36 . 2008-12-20 01:55 -------- d-----w- i:\documents and settings\Jeff Smellie\Application Data\Juniper Networks
2009-11-05 19:20 . 2007-08-05 08:13 -------- d-----w- i:\program files\Lx_cats
2009-10-22 17:57 . 2009-10-22 17:35 -------- d-----w- i:\program files\NoLimits Coasters v1.7
2009-10-22 17:33 . 2009-10-22 16:07 -------- d-----w- i:\program files\NoLimits Coasters Demo v1.6
2009-10-03 22:27 . 2009-10-03 22:27 -------- d-----w- i:\program files\Microsoft
2009-10-02 17:58 . 2006-02-18 16:20 43520 ----a-w- i:\windows\system32\CmdLineExt03.dll
2009-09-11 14:33 . 2001-08-18 12:00 133632 ----a-w- i:\windows\system32\msv1_0.dll
2009-09-04 20:45 . 2001-08-18 12:00 58880 ----a-w- i:\windows\system32\msasn1.dll
2009-09-03 03:11 . 2004-09-07 20:32 32928 ----a-w- i:\documents and settings\Jeff Smellie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-29 07:36 . 2004-02-06 23:05 832512 ----a-w- i:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-04 07:56 78336 ----a-w- i:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2001-08-18 12:00 17408 ----a-w- i:\windows\system32\corpol.dll
2005-07-16 09:41 . 2005-09-12 22:30 41573 ----a-w- i:\program files\mozilla firefox\components\jar50.dll
2005-07-16 09:41 . 2005-09-12 22:30 48223 ----a-w- i:\program files\mozilla firefox\components\jsd3250.dll
2005-07-16 09:41 . 2005-09-12 22:30 160871 ----a-w- i:\program files\mozilla firefox\components\xpinstal.dll
2006-05-06 16:42 . 2006-08-22 02:46 7260160 ----a-w- i:\program files\mozilla firefox\plugins\libvlc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="i:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"avast!"="i:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"QuickTime Task"="i:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"TkBellExe"="i:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-06 185632]
"Malwarebytes Anti-Malware (reboot)"="i:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"LXCICATS"="i:\windows\system32\spool\DRIVERS\W32X86\3\LXCItime.dll" [2005-09-08 73728]

i:\documents and settings\Jeff Smellie\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - i:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKLM\~\startupfolder\I:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=i:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=i:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\I:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=i:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=i:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\I:^Documents and Settings^All Users^Start Menu^Programs^Startup^TotalMedia Backup Monitor.lnk]
path=i:\documents and settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk
backup=i:\windows\pss\TotalMedia Backup Monitor.lnkCommon Startup

[HKLM\~\startupfolder\I:^Documents and Settings^Jeff Smellie^Start Menu^Programs^Startup^Webshots.lnk]
path=i:\documents and settings\Jeff Smellie\Start Menu\Programs\Startup\Webshots.lnk
backup=i:\windows\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"i:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"i:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"i:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"i:\\WINDOWS\\system32\\sessmgr.exe"=
"i:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"i:\\Program Files\\iTunes\\iTunes.exe"=
"i:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"i:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 aswSP;avast! Self Protection;i:\windows\system32\drivers\aswSP.sys [7/6/2008 4:57 PM 114768]
R2 aswFsBlk;aswFsBlk;i:\windows\system32\drivers\aswFsBlk.sys [7/6/2008 4:57 PM 20560]
S3 ICDUSB2;Sony IC Recorder (P);i:\windows\system32\drivers\IcdUsb2.sys [4/21/2008 1:05 PM 39048]
S3 jatmlano;jatmlano;\??\i:\docume~1\JEFFSM~1\LOCALS~1\Temp\jatmlano.sys --> i:\docume~1\JEFFSM~1\LOCALS~1\Temp\jatmlano.sys [?]
S3 kazoo;Kazoo.sys Kazoo Device driver;i:\windows\system32\drivers\kazoo.sys [12/21/2004 3:45 PM 9600]
S3 lxci_device;lxci_device;i:\windows\system32\lxcicoms.exe -service --> i:\windows\system32\lxcicoms.exe -service [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://search.msn.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
IE: &ieSpell Options - i:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - i:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://i:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://i:\program files\ieSpell\wikipedia.HTM
DPF: Garmin Internet Explorer Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/iwincarambadeluxe/zylomgamesplayer.cab
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.72.cab
FF - ProfilePath - i:\documents and settings\Jeff Smellie\Application Data\Mozilla\Firefox\Profiles\swr3c6gg.default\
FF - prefs.js: browser.search.selectedEngine - Google

---- FIREFOX POLICIES ----
i:\program files\Mozilla Firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
i:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
i:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
i:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
i:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
i:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
i:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
i:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
i:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
i:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
i:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
i:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status", false);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("advanced.always_load_images", true);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds
i:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds
i:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN_show_punycode", true);
i:\program files\Mozilla Firefox\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
i:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
i:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
i:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.version",
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.build_id",
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.severity", 0);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties");
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
i:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-ALUAlert - i:\program files\Symantec\LiveUpdate\ALUNotify.exe
AddRemove-NVIDIA Drivers - i:\windows\System32\nvudisp.exe UninstallGUI
AddRemove-RealJukebox 1.0 - i:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-RealPlayer 6.0 - i:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-WinAce Archiver - i:\program files\WinAce\SXUNINST.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-26 23:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCICATS = rundll32 i:\windows\system32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


**************************************************************************
.
Completion time: 2009-11-26 23:33
ComboFix-quarantined-files.txt 2009-11-27 04:32

Pre-Run: 39,837,859,840 bytes free
Post-Run: 40,732,745,728 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
i:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 4DB43C3CABDB39EEE8C072E55278D4D0

katana
2009-11-27, 22:19
----------------------------------------------------------------------------------------
Step 1

Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:



Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"i:\\Program Files\\BitTornado\\btdownloadgui.exe"=-
Driver::
jatmlano
ADS::
Save this as CFScript.txt and place it on your desktop.


http://i51.photobucket.com/albums/f387/Katana_1970/CFScriptb.gif


Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


----------------------------------------------------------------------------------------
Step 2

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review: Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Combofix Log
Kaspersky Log
How are things running now ?



---------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------
Additional Notes



Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Adobe Reader is a large program and uses unnecessary space.
If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended

There is a newer version of Adobe Acrobat Reader available.

Please go to this link Adobe Acrobat Reader Download Link (http://www.adobe.com/products/acrobat/readstep2.html)
Click Download
On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
Click the Continue button
Click Run, and click Run again
Next click the Install Now button and follow the on screen prompts



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download Java SE Runtime Environment (JRE) (http://java.sun.com/javase/downloads/index.jsp). ( don't install it yet )

Scroll down to where it says "Java SE Runtime Environment (JRE)".
Click the "Download" button to the right.
Platform = Windows Language = Multi Language
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Now download JavaRa (http://sourceforge.net/project/downloading.php?groupname=javara&filename=JavaRa.zip&use_mirror=osdn) and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

Double-click on JavaRa.exe to start the program.
From the drop-down menu, choose English and click on Select.
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location.

Now install the Java SE Runtime Environment (JRE) package you downloaded
(it comes with a toolbar pre-selected, so make sure you uncheck the box)

You can delete JavaRa (zip and exe)

tashi
2009-12-03, 20:16
coasterboy this thread has been closed due to inactivity.

As it has been four days or more since your last post, it will not be re-opened.

If you still require help, please start a new topic and include a new HijackThis log with a link to your previous thread.

Please do not add any logs that might have been requested previously, you would be starting fresh.

Applies only to the original poster, anyone else with similar problems please start your own topic.

Thank you katana.