Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help
Need help cleaning my comp of some nasty spyware! Need help cleaning my comp of some nasty spyware!
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help.

Reply
 
Thread Tools
Old 04-07-2007, 02:04 PM   #1 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 3
OS: XP


Need help cleaning my comp of some nasty spyware!
Here's my log file, any help would be greatly appreciated!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:59:07, on 07/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ipwindows\ipwins.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\JACKYE~1\LOCALS~1\Temp\b130.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Lavasoft\Ad-Aware Pro\aawservice.exe
C:\Program Files\Lavasoft\Ad-Aware Pro\AAWPro.exe
C:\Documents and Settings\Jackye Chan LTD\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F3 - REG:win.ini: load=C:\WINDOWS\system32\ymrzgl\winlogon.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\ymrzgl\winlogon.exe
O1 - Hosts: 1.1.1.1 securityresponse.symantec.com
O1 - Hosts: 1.1.1.1 symantec.com
O1 - Hosts: 1.1.1.1 www.symantec.com
O1 - Hosts: 1.1.1.1 free.grisoft.com
O1 - Hosts: 1.1.1.1 housecall.trendmicro.com
O1 - Hosts: 1.1.1.1 pandasoftware.com
O1 - Hosts: 1.1.1.1 www.pandasoftware.com
O1 - Hosts: 1.1.1.1 usa.kaspersky.com
O1 - Hosts: 1.1.1.1 ewido.net
O1 - Hosts: 1.1.1.1 www.ewido.net
O1 - Hosts: 1.1.1.1 zonelabs.com
O1 - Hosts: 1.1.1.1 www.zonelabs.com
O1 - Hosts: 1.1.1.1 bitdefender.com
O1 - Hosts: 1.1.1.1 www.bitdefender.com
O1 - Hosts: 1.1.1.1 download.bitdefender.com
O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com
O1 - Hosts: 1.1.1.1 spywareinfo.com
O1 - Hosts: 1.1.1.1 www.spywareinfo.com
O1 - Hosts: 1.1.1.1 merijn.org
O1 - Hosts: 1.1.1.1 www.merijn.org
O1 - Hosts: 1.1.1.1 sysinternals.com
O1 - Hosts: 1.1.1.1 www.sysinternals.com
O1 - Hosts: 1.1.1.1 onguardonline.gov
O1 - Hosts: 1.1.1.1 www.onguardonline.gov
O1 - Hosts: 1.1.1.1 avast.com
O1 - Hosts: 1.1.1.1 www.avast.com
O1 - Hosts: 1.1.1.1 safety.live.com
O1 - Hosts: 1.1.1.1 www.paretologic.com
O1 - Hosts: 1.1.1.1 paretologic.com
O1 - Hosts: 1.1.1.1 virusscan.jotti.org
O1 - Hosts: 1.1.1.1 services.google.com
O1 - Hosts: 1.1.1.1 www.webroot.com
O1 - Hosts: 1.1.1.1 webroot.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [UtiliSync] C:\Program Files\Otium UtiliSync\UtiliSyncServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCRescue] C:\PROGRA~1\PCRESC~1.0\PCRescue.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [Windows TM] Winsass.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ControlDiskTsk] winzrs32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Policies\Explorer\Run: [{2C288173-0710-1033-0916-05070502002c}] "C:\Program Files\Common Files\{2C288173-0710-1033-0916-05070502002c}\Update.exe" te-110-12-0000282
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{2C288173-0710-1033-0916-05070502002c}] "C:\Program Files\Common Files\{2C288173-0710-1033-0916-05070502002c}\Update.exe" te-110-12-0000282 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{2C288173-0710-1033-0916-05070502002c}] "C:\Program Files\Common Files\{2C288173-0710-1033-0916-05070502002c}\Update.exe" te-110-12-0000282 (User 'Default user')
O4 - Startup: winlogon.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://webgames.d.tmsrv.com/c=f5ccd9...2.1.0.0.48.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1139488270500
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C862AD5F-0A5E-4BAF-9B7D-AEBB57ABF17B}: NameServer = 212.139.132.41 212.139.132.42
O18 - Protocol: bw+0 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E9DB9746-79FC-4CC5-8BC0-1533818E19AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware Pro\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINDOWS\MSmedia.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 24727 bytes
MrJolly is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 04-09-2007, 09:03 AM   #2 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 24,625
OS: 2000 Pro; XP Pro; XP Home


Re: Need help cleaning my comp of some nasty spyware!
Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum in your next reply.

---------------------------------------------------------------------------------------------

next:
  1. Download ComboFix from one of these locations:
  2. Double click on ComboFix.exe & follow the prompts.
  3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

---------------------------------------------------------------------------------------------


Then, can you please follow the instructions in this sticky topic, and then post the requested logs?

http://www.techsupportforum.com/secu...ion2-beta.html
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006
Our help is voluntary, but this site needs donations to operate.
Please consider Donating to the Forum.

Please do not ask for help via Private Message. Ask in the forums, so all may gain from the experience.
Last edited by tetonbob : 04-09-2007 at 09:05 AM.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 04-09-2007, 10:46 AM   #3 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 3
OS: XP


Re: Need help cleaning my comp of some nasty spyware!
Thanks for the fast reply.

Here are the logs you asked for:


SDFix: Version 1.77

Run by Jackye Chan LTD - 09/04/2007 - 18:28:38.57

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix\SDFix

Safe Mode:
Checking Services:

Name:
Client IP-IPX
MicroSoft Media Tools

ImagePath:
"C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000282
"C:\WINDOWS\MSmedia.exe"

Client IP-IPX - Deleted
MicroSoft Media Tools - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\SYSTEM32\ERASEM~1.EXE - Deleted
C:\WINDOWS\SYSTEM32\PAYTIME.EXE - Deleted
C:\WINDOWS\SYSTEM32\SHELL386.EXE - Deleted
C:\WINDOWS\system32\eraseme_50063.exe - Deleted
C:\Documents and Settings\Jackye Chan LTD\Start Menu\Programs\Startup\winlogon.lnk - Deleted
C:\WINDOWS\system32\i - Deleted
C:\WINDOWS\system32\netstat.com - Deleted
C:\WINDOWS\system32\taskkill.com - Deleted
C:\WINDOWS\system32\TFTP4416 - Deleted
C:\WINDOWS\system32\unsvchosts.exe - Deleted



ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\The Battle for Middle-earth (tm) II\\game.dat"="C:\\Program Files\\The Battle for Middle-earth (tm) II\\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"C:\\Program Files\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"="C:\\Program Files\\The Lord of the Rings, The Rise of the Witch-king\\game.dat:*:Enabled:The Lord of the Rings, The Rise of the Witch-king"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\Documents and Settings\Jackye Chan LTD\Local Settings\Application Data\Microsoft\Messenger\pickledonion5@hotmail.com\Sharing Folders\harrisonbreeze@talktalk.net\Thumbs.db
C:\WINDOWS\ialig.dll
C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe
C:\WINDOWS\system32\Tools\All.exe
C:\WINDOWS\system32\Tools\Change.exe
C:\WINDOWS\system32\Tools\CheckPath.exe
C:\WINDOWS\system32\Tools\Counter.exe
C:\WINDOWS\system32\Tools\DelFolders.exe
C:\WINDOWS\system32\Tools\DirectSetup.exe
C:\WINDOWS\system32\Tools\RegClean.exe
C:\WINDOWS\system32\Tools\Regexe.exe
C:\WINDOWS\system32\Tools\Restart.exe
C:\WINDOWS\system32\Tools\RunRegexe.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\Jackye Chan LTD\Application Data\Microsoft\Word\~WRL0044.tmp
C:\Documents and Settings\Jackye Chan LTD\Application Data\Microsoft\Word\~WRL0843.tmp
C:\Documents and Settings\Jackye Chan LTD\Application Data\Microsoft\Word\~WRL2114.tmp
C:\Documents and Settings\Jackye Chan LTD\Application Data\Microsoft\Word\~WRL3009.tmp
C:\Documents and Settings\Jackye Chan LTD\Application Data\Microsoft\Word\~WRL3388.tmp
C:\Documents and Settings\Jackye Chan LTD\Local Settings\Temp\~10.tmp
C:\Documents and Settings\Jackye Chan LTD\Local Settings\Temp\~1D.tmp
C:\Documents and Settings\Jackye Chan LTD\Local Settings\Temp\~41.tmp
C:\Documents and Settings\Jackye Chan LTD\Local Settings\Temp\~48.tmp
C:\Documents and Settings\Jackye Chan LTD\Local Settings\Temp\~6.tmp
C:\Documents and Settings\Jackye Chan LTD\Local Settings\Temp\~A.tmp
C:\Documents and Settings\Jackye Chan LTD\My Documents\~WRL0642.tmp
C:\Documents and Settings\Jackye Chan LTD\My Documents\~WRL1297.tmp
C:\Documents and Settings\Jackye Chan LTD\My Documents\My works\~WRL3732.tmp
C:\Documents and Settings\Max\My Documents\school\music\~WRL1786.tmp
C:\Documents and Settings\Max\My Documents\school\music\~WRL2015.tmp
C:\Documents and Settings\Max\My Documents\school\music\~WRL3028.tmp
C:\WINDOWS\system32\config\default.tmp.LOG
C:\WINDOWS\system32\config\software.tmp.LOG
C:\WINDOWS\system32\config\system.tmp.LOG

Finished




and






a"Jackye Chan LTD" - 07-04-09 18:41:11 Service Pack 2
ComboFix 07-04-05 - Running from: "C:\Documents and Settings\Jackye Chan LTD\Desktop"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\tool1.exe
C:\WINDOWS\tool2.exe
C:\WINDOWS\tool3.exe
C:\WINDOWS\tool4.exe
C:\WINDOWS\tool5.exe
C:\WINDOWS\system32\ymrzgl\winlogon.ini
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\dinerdash2.exe
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\playfirstlogo.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\strings.xml
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\accessories\dirty_dishes.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\accessories\foodtray.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\accessories\heart1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\accessories\heart2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\accessories\heart3.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\accessories\menu_down.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\accessories\menu_up.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\accessories\mop_prop.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\accessories\ticket.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a2.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a3.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a4.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\baby_cry.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\chef_cook1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\closing_time.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\customer_ditch.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\dialog_down.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\dialog_up.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\drink_table.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\expert.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\highchair_deliver.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\highchair_pickup.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\keystroke2.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\level_lose.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\level_win.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\menu_click.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\menu_rollover.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\mop_pickup.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\mop_spill.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_bring_check_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_dropoff_drinks_1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_food_ready_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_gain_heart_1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_menu_down.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_pencil_write_2.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_seat_people_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\spill.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\table_drink.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\tip_2.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\backgrounds\flo_lose.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\backgrounds\flo_win.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\backgrounds\fullscreendialog.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\backgrounds\high_score_menu_bg.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\backgrounds\levelintro.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\backgrounds\levelintro.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\backgrounds\levelover.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\backgrounds\longdialog.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\backgrounds\longdialog.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\backgrounds\mainmenu_logo.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\backgrounds\popup.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\backgrounds\popup.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\backgrounds\textfield.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\backgrounds\upgrade_lines.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\arrowdown_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\arrowdown_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\arrowdown_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\arrowup_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\arrowup_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\arrowup_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\checkbox_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\checkbox_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\checkbox_rotated_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\checkbox_rotated_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\decor_highlight.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\decor_normal.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\decor_selected.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a3.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_3.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_3.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\left_arrow_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\left_arrow_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\left_arrow_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_mask.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_mask.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\map_button_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\map_button_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\map_button_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\right_arrow_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\right_arrow_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\right_arrow_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\upgrade_down.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\upgrade_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\upgrade_up.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\welcome_player.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\config\actionpoints.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\config\career.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\config\customer.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\config\endless.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\config\global.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\config\powerups.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cook\stove.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cursor\arrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cursor\click.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cursor\click2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cursor\grab.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cursor\open.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\dad_male\anim.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\dad_male\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\dad_male\blue.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\dad_male\blue_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\dad_male\legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\dad_male\red.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\dad_male\red_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\kid_male\anim.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\kid_male\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\kid_male\blue.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\kid_male\blue_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\kid_male\legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\kid_male\red.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\kid_male\red_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\mom_female\anim.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\mom_female\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\mom_female\baby.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\mom_female\baby.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\mom_female\blue.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\mom_female\blue_baby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\mom_female\blue_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\mom_female\legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\mom_female\red.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\mom_female\red_baby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\mom_female\red_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\young_female\anim.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\young_female\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\young_female\blue.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\young_female\blue_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\young_female\legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\young_female\red.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\young_female\red_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\flo\idle.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\flo\idle.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\flo\lower.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\flo\lower.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\flo\upper.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\flo\upper.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fonts\mercurius.mvec
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\bench.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\bench.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\blue_highchairbaby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\chair.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\chair.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\dirt2top.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\dirt4top.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\dishcart.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\dishcart.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\green_highchairbaby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\highchairbaby.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\highchairbaby.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\highchair_prop_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\highchair_prop_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\luxury_bench.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\luxury_bench.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\mop_station_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\mop_station_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\mop_station_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\podium.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\podium_heart.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\podium_heart.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\purple_highchairbaby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\radio.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\red_highchairbaby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\spill.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\spill.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\stereo.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\ticketstation.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\ticketstation.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\yellow_highchairbaby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\help\family.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\help\help1_colormatch1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\help\help1_colormatch2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\help\help1_noise.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\help\help1_score.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\help\help2_cleardishes.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\help\help2_givecheck.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\help\help2_pickupfood.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\help\help2_servefood.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\help\help2_takeorder.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\help\help_dividerline.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\hiscore\local-hs-bb.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\hiscore\p1icon.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\layouts\career_1_1.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\layouts\career_1_2.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\layouts\career_1_3.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\layouts\career_1_4.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\layouts\career_1_5.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\layouts\career_1_6.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\layouts\endless_1_1.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_a.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_b.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_c.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\tableshadow.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\background.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrades.xml
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\blue.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\green.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\green.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\grey.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\red.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\cup1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\food.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\food.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\frames\2_0.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\frames\2_1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\people\cook.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\people\cook.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\props\cup_prop1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\2top.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\2top.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\4top.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\4top.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\careerupgrade.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\choosedifficulty.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\closeconfirm.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\entername.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\game.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\getmoregames.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\help1.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\help2.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\hiscore.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\hiscoreinfo.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\hiscoresubmit.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\levelintro.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\levelover.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\loading.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\mainloop.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\mainmenu.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\ok.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\pause.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\style.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\upgrade.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\upsell.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\yesno.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\splash\aol_logo.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\splash\playfirst_logo.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\angersmoke.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\angersmoke.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\chairflags.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\chairflags.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\check.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\checkmark.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\closed.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\coinflip.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\coinflip.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\decor_lines.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\dollar.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\expert.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\foodpoof.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\foodpoof.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\heartgrow.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\heartgrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\jar.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\jar.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\lives_icon.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\noisering.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\tablenumber_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\tablenumber_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\traynumber.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\tutorialarrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\tutorialbox.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\ui_base.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\ui_hand.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\ui_timer_off.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\ui_timer_on.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgradeanim.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\bubbles\request_bubble.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\bubbles\request_mop.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\bubbles\request_rejectmeal.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_d.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_e.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_f.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\upsell\dd1.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\upsell\dd2.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\upsell\dd3.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\upsell\dd4.jpg
C:\Program Files\Common Files\{3C288~1\Bar888.dll
C:\Program Files\Common Files\{3C288~1\UnInstall.exe
C:\WINDOWS\hosts
C:\Program Files\inetget2
C:\Program Files\ipwindows
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48
C:\Program Files\Common Files\{2C288~1
C:\Program Files\Common Files\{3C288~1


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_MCHINJDRV
-------\LEGACY_NETWORK_MONITOR


((((((((((((((((((((((((((((((( Files Created from 2007-03-09 to 2007-04-09 ))))))))))))))))))))))))))))))))))


2007-04-08 21:29 <DIR> d-------- C:\Program Files\WinMX
2007-04-07 21:56 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-07 21:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-04-06 17:50 129,082 --a------ C:\WINDOWS\tci.exe
2007-04-05 22:26 <DIR> d--hs---- C:\WINDOWS\SmFja3llIENoYW4
2007-04-05 21:48 <DIR> d--hs---- C:\WINDOWS\system32\ymrzgl
2007-04-04 16:18 <DIR> d-------- C:\Program Files\LimeWire
2007-04-04 14:51 5,632 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-04-03 19:29 <DIR> d-------- C:\DOCUME~1\JACKYE~1\APPLIC~1\FrostWire
2007-04-03 00:19 <DIR> d-------- C:\.jagex_cache_32
2007-04-02 19:43 <DIR> d-------- C:\DOCUME~1\JACKYE~1\APPLIC~1\Media Player Classic
2007-04-02 19:42 <DIR> d-------- C:\Program Files\LD-Anime
2007-03-27 22:41 <DIR> d-------- C:\Program Files\Sibelius Software
2007-03-26 21:50 94,208 --------- C:\WINDOWS\system32\LTIMG80N.DLL
2007-03-26 21:50 89,360 --------- C:\WINDOWS\system32\VB5DB.DLL
2007-03-26 21:50 87,328 --------- C:\WINDOWS\system32\TWAIN.DLL
2007-03-26 21:50 77,312 --------- C:\WINDOWS\system32\TWAIN_32.DLL
2007-03-26 21:50 721,168 --------- C:\WINDOWS\system32\VB40032.DLL
2007-03-26 21:50 72,704 --------- C:\WINDOWS\system32\ODBCTL32.DLL
2007-03-26 21:50 69,632 --------- C:\WINDOWS\system32\TWUNK_32.EXE
2007-03-26 21:50 640,512 --------- C:\WINDOWS\system32\OC30.DLL
2007-03-26 21:50 64,512 --------- C:\WINDOWS\system32\LTFIL80N.DLL
2007-03-26 21:50 64,512 --------- C:\WINDOWS\system32\LFFAX80N.DLL
2007-03-26 21:50 52,224 --------- C:\WINDOWS\system32\LFFPX80N.DLL
2007-03-26 21:50 48,560 --------- C:\WINDOWS\system32\TWUNK_16.EXE
2007-03-26 21:50 423,936 --------- C:\WINDOWS\system32\LTKRN80N.DLL
2007-03-26 21:50 407,312 --------- C:\WINDOWS\system32\MSREPL35.DLL
2007-03-26 21:50 4,608 --------- C:\WINDOWS\system32\W95INF32.DLL
2007-03-26 21:50 398,416 --------- C:\WINDOWS\system32\VBRUN300.DLL
2007-03-26 21:50 393,728 --------- C:\WINDOWS\system32\MSVCRTD.DLL
2007-03-26 21:50 39,424 --------- C:\WINDOWS\system32\LFGIF80N.DLL
2007-03-26 21:50 338,944 --------- C:\WINDOWS\system32\LFFPX7.DLL
2007-03-26 21:50 33,280 --------- C:\WINDOWS\system32\LFBMP80N.DLL
2007-03-26 21:50 312,832 --------- C:\WINDOWS\system32\MSRDO32.DLL
2007-03-26 21:50 30,720 --------- C:\WINDOWS\system32\LFPCX80N.DLL
2007-03-26 21:50 271,360 --------- C:\WINDOWS\system32\POCE2.DLL
2007-03-26 21:50 27,648 --------- C:\WINDOWS\system32\LFTGA80N.DLL
2007-03-26 21:50 26,624 --------- C:\WINDOWS\system32\LFPCD80N.DLL
2007-03-26 21:50 253,952 --------- C:\WINDOWS\system32\GRDKRN32.DLL
2007-03-26 21:50 252,176 --------- C:\WINDOWS\system32\MSRD2X35.DLL
2007-03-26 21:50 248,320 --------- C:\WINDOWS\system32\POCE.DLL
2007-03-26 21:50 24,848 --------- C:\WINDOWS\system32\MSJTER35.DLL
2007-03-26 21:50 237,568 --------- C:\WINDOWS\system32\IePicImp.dll
2007-03-26 21:50 232,960 --------- C:\WINDOWS\system32\LFCMP80N.DLL
2007-03-26 21:50 2,304 --------- C:\WINDOWS\system32\W95INF16.DLL
2007-03-26 21:50 166,160 --------- C:\WINDOWS\system32\MSLTUS35.DLL
2007-03-26 21:50 165,648 --------- C:\WINDOWS\system32\MSTEXT35.DLL
2007-03-26 21:50 14,848 --------- C:\WINDOWS\system32\GSTPLT32.DLL
2007-03-26 21:50 134,144 --------- C:\WINDOWS\system32\LFPNG80N.DLL
2007-03-26 21:50 133,904 --------- C:\WINDOWS\system32\MFCANS32.DLL
2007-03-26 21:50 123,664 --------- C:\WINDOWS\system32\MSJINT35.DLL
2007-03-26 21:50 118,784 --------- C:\WINDOWS\system32\LFKODAK.DLL
2007-03-26 21:50 114,176 --------- C:\WINDOWS\system32\LFTIF80N.DLL
2007-03-26 21:50 106,496 --------- C:\WINDOWS\system32\LGICC.DLL
2007-03-26 21:50 1,472,000 --------- C:\WINDOWS\system32\Rgt004.dll
2007-03-26 21:50 1,131,520 --------- C:\WINDOWS\system32\rgt006.dll
2007-03-26 21:50 1,045,776 --------- C:\WINDOWS\system32\MSJET35.DLL
2007-03-26 21:50 <DIR> d-------- C:\WINDOWS\system32\Color
2007-03-26 21:50 <DIR> d-------- C:\Program Files\greenstreet
2007-03-25 18:10 <DIR> d-------- C:\Program Files\ReaConverter 4.0 Pro
2007-03-22 20:09 <DIR> d-------- C:\Program Files\AC3Filter
2007-03-22 20:08 14,730,232 --a------ C:\Program Files\DivXInstaller.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-09 18:38 -------- d-------- C:\Program Files\steam
2007-04-09 18:24 -------- d-------- C:\DOCUME~1\JACKYE~1\APPLIC~1\utorrent
2007-04-05 21:49 359808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2007-03-25 18:21 -------- d-------- C:\Program Files\irfanview
2007-03-25 16:23 -------- d-------- C:\Program Files\msn messenger
2007-03-24 12:19 -------- d-------- C:\Program Files\partygaming
2007-03-08 16:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 16:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 16:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 14:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-08 00:25 -------- d-------- C:\Program Files\world of warcraft
2007-03-04 13:33 -------- d-------- C:\Program Files\java
2007-02-10 00:39 -------- d-------- C:\DOCUME~1\JACKYE~1\APPLIC~1\my the lord of the rings, the rise of the witch-king files
2007-02-09 04:00 -------- d-------- C:\Program Files\the lord of the rings, the rise of the witch-king
2007-02-09 01:37 -------- d-------- C:\Program Files\the battle for middle-earth (tm) ii
2007-02-09 01:13 -------- d--h----- C:\Program Files\installshield installation information
2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-11 13:13 0 --a------ C:\WINDOWS\powerreg.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Windows Registry Repair Pro"="C:\\Program Files\\3B Software\\Windows Registry Repair Pro\\RegistryRepairPro.exe 4"
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"
"ControlDiskTsk"="winzrs32.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"
"Steam"="\"C:\\Program Files\\Steam\\Steam.exe\" -silent"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"UtiliSync"="C:\\Program Files\\Otium UtiliSync\\UtiliSyncServ.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"LVCOMSX"="C:\\WINDOWS\\System32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PCRescue"="C:\\PROGRA~1\\PCRESC~1.0\\PCRescue.exe"
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windows TM"="Winsass.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
"backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SNDSrvc"=dword:00000003
"SBService"=dword:00000002
"NVSvc"=dword:00000002
"NISUM"=dword:00000002
"navapsvc"=dword:00000002
"ccPxySvc"=dword:00000002
"ccPwdSvc"=dword:00000003
"ccEvtMgr"=dword:00000002


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=dword:00000000
"NoThemesTab"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-09 18:43:26
C:\ComboFix-quarantined-files.txt ... 07-04-09 18:43
MrJolly is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 04-09-2007, 12:01 PM   #4 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 24,625
OS: 2000 Pro; XP Pro; XP Home


Re: Need help cleaning my comp of some nasty spyware!
Hi MrJolly -

Next, I would require a set of logs from Deckard's System Scanner, as outlined in the thread I linked you to.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006
Our help is voluntary, but this site needs donations to operate.
Please consider Donating to the Forum.

Please do not ask for help via Private Message. Ask in the forums, so all may gain from the experience.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 04-09-2007, 05:11 PM   #5 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 3
OS: XP


Re: Need help cleaning my comp of some nasty spyware!
Here's the System scanner you requested!

Deckard's System Scanner v20070328.36
Run by Jackye Chan LTD on 2007-04-10 at 01:03:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-04-10 00:03:25 UTC - RP1 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Jackye Chan LTD.exe) -------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 01:08:16, on 10/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.ex